CSO Magazine

MARCH 18, 2021

Editor's note: This article, originally published in July, 2018, has been updated to more accurately reflect recent trends. Deepfake definition. Deepfakes are fake videos or audio recordings that look and sound just like the real thing. Once the bailiwick of Hollywood special effects studios and intelligence agencies producing propaganda, like the CIA or GCHQ's JTRIG directorate, today anyone can download deepfake software and create convincing fake videos in their spare time.

Risk 145

Risk Software 145

The Hacker News

MARCH 15, 2021

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the best DDoS protection software solutions.

DDOS 145

DDOS Software Marketing 145

TrustArc

MARCH 19, 2021

by Dr. Gary Edwards, Advisor to TrustArc, and Amanda Lee, Product Marketing Manager Respecting privacy is a cornerstone of trust, a central pillar on which brand reputation stands. From TrustArc’s Global Privacy Benchmarks survey in 2020, we learned that the majority of senior executives in large enterprises around the globe give themselves high marks for doing […].

Marketing 104

Marketing 104

Schneier on Security

MARCH 17, 2021

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger.

Cryptocurrency 363

Cryptocurrency Media Government Firewall 363

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

Lohrman on Security

MARCH 14, 2021

Cyber Attacks 363

Cyber Attacks 363

Schneier on Security

MARCH 15, 2021

Interesting research: “ Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System “: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet

Engineering 361

Engineering Internet Internet 361

Krebs on Security

MARCH 17, 2021

If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous. Here’s the story of one such goof committed by Fiserv [ NASDAQ:FISV ], a $15 billion firm that provides online banking software and other technology solutions to thousands of financial institutions.

Banking 338

Banking Accountability Software Mobile 338

Anton on Security

MARCH 19, 2021

For a reason that shall remain nameless, I’ve run this quick poll focused on the use cases for threat intelligence in 2021. The question and the results are below. Antons Threat Intel Poll 2021 Here are some thoughts and learnings based on the poll and the discussion , as well as other things. While running this poll my fear was that the detection use case will win.

Firewall 238

Firewall Architecture Threat Detection Cyber threats 238

The Last Watchdog

MARCH 17, 2021

Basic research, also called pure research, is aimed at advancing scientific theories unfettered by commercial interests. Related: The case for infusing ethics into Artifical Intelligence. Basic research is the foundational theorizing and testing scientists pursue in order to advance their understanding of a phenomenon in the natural world, and, increasingly, in the digital realm.

Digital transformation 222

Digital transformation Encryption Technology Mobile 222

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MARCH 19, 2021

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money — in this case, $16 off an anonymous prepaid credit card — and a few lies, you can forward the text messages from any phone to any other phone.

Authentication 308

Authentication Accountability Advertising Mobile 308

Krebs on Security

MARCH 15, 2021

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

Passwords 328

Passwords Accountability Hacking Data breaches 328

Tech Republic Security

MARCH 17, 2021

A Trend Micro report found that its system dealt with 16.4 million threats that used COVID-19 as a hook.

218

218

Bleeping Computer

MARCH 19, 2021

The REvil ransomware operation claims to have stolen unencrypted data after hacking electronics and computer giant Acer. [.].

Computers and Electronics 145

Computers and Electronics Ransomware Hacking 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

MARCH 18, 2021

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector.

Internet 288

Internet Internet Engineering 288

Zero Day

MARCH 19, 2021

Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.

Antivirus 145

Antivirus 145

Tech Republic Security

MARCH 16, 2021

The security company said the attacks were attributed to RedDelta and Mustang Panda, both of which are allegedly based in China.

Telecommunications 218

Telecommunications 218

Hot for Security

MARCH 19, 2021

The hacker who claimed responsibility for breaching the live video streams of 150,000 CCTV cameras at police departments, hospitals, and well-known businesses has been charged by the US Department of Justice with hacking more than 100 companies. Read more in my article on the Hot for Security blog.

Hacking 145

Hacking Data breaches 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MARCH 16, 2021

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&S’s software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the “reference hashcode” is completely missing, then it’ll say “yes, boss, everything is fine” instead of reporting an error. It’s simultaneously shocking and unsurprising that ES&S’s hashcode checker could contain such a blunder and that it would go unnoticed by

Authentication 271

Authentication Software 271

The Hacker News

MARCH 18, 2021

Privacy-focused search engine DuckDuckGo called out rival Google for "spying" on users after the search giant updated its flagship app to spell out the exact kinds of information it collects for personalization and marketing purposes. "After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app.

Marketing 145

Marketing Engineering 145

Tech Republic Security

MARCH 15, 2021

Subtle cybersecurity concerns are in play when vetting candidates remotely for a position that entails working remotely. Learn what they are and what to do about them.

Cybersecurity 214

Cybersecurity 214

We Live Security

MARCH 18, 2021

The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication. The post Beware Android trojan posing as Clubhouse app appeared first on WeLiveSecurity.

Authentication 145

Authentication Malware Mobile 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

MARCH 14, 2021

This is a current list of where and when I am scheduled to speak: I’m speaking at the Australian Cyber Conference 2021 on March 17 and 18, 2021. I’m keynoting the (all-virtual) RSA Conference 2021 , May 17-20, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. The list is maintained on this page.

253

253

The Hacker News

MARCH 18, 2021

Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career.Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferation of malware becomes increasingly destructive.

Malware 145

Malware Internet Internet 145

Tech Republic Security

MARCH 16, 2021

Isolating your hardware and your applications is a more effective way to prevent malware from infecting your critical endpoints, says HP.

Malware 214

Malware 214

Security Affairs

MARCH 19, 2021

The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. The U.S. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince a Tesla employee to install malware on the company’s computers, has pleaded guilty. “A Russian national pleaded guilty in federal court today for conspiring to travel to the United States to recruit an employee of a Nevada company into a schem

Malware 145

Malware Surveillance Hacking Technology 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

MARCH 19, 2021

If 2020 has taught us anything, it’s that anything can happen. Honestly, how many of us had, “I will do my best to avoid a global pandemic,” as a New Year’s resolution for 2020? That said, the chances that 2021 will be even more unpredictable are slim. So, we might as well indulge in setting. The post 3 Cybersecurity Goals for CISOs appeared first on Security Boulevard.

CISO 145

CISO Cybersecurity Phishing Mobile 145

The Hacker News

MARCH 17, 2021

A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence. Graham Ivan Clark, 18, will also serve an additional three years on probation. The development comes after the U.S.

Scams 145

Scams Hacking Cryptocurrency Accountability 145

Tech Republic Security

MARCH 17, 2021

Cybercriminals know they can make money with ransomware and keep getting bolder with their demands, says Palo Alto Networks' Unit 42.

Ransomware 213

Ransomware 213

Malwarebytes

MARCH 18, 2021

Did you hear about the JPG file that sold for $69 million? I’ll give you some more detail, the JPG file is a piece of digital art made by Mike Winkelmann, the artist known as Beeple. The file was sold on Thursday by Christie’s in an online auction for $69.3 million. This set a record for artwork that exists only digitally. Which for many people raised the question: what’s to stop me from copying it and becoming an owner as well?

Accountability 145

Accountability Technology Internet Internet 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity