Krebs on Security

JANUARY 19, 2021

A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the COVID-19 pandemic. Ardit Ferizi , a 25-year-old citizen of Kosovo, was slated to be sent home earlier this month after a federal judge signed an order commuting his sentence to time

Identity Theft 343

Identity Theft Government Social Engineering Accountability 343

Schneier on Security

JANUARY 19, 2021

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points. SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code.

Malware 323

Malware Software Hacking 323

Tech Republic Security

JANUARY 22, 2021

A punitive approach toward employees reporting data breaches intensifies problems.

Data breaches 218

Data breaches Cybersecurity 218

Troy Hunt

JANUARY 22, 2021

I'm back into a normal home routine and it's business as usual again. You know, stuff like data breaches, new tech toys and having your genitalia locked in an vulnerable IoT device and held for ransom. Just normal stuff like that ?? References Turing Tumble is a really neat game for kids (it's a "marble powered computer") I bought a LaMetric display (I'll probably plug that into an API to track HIBP subscriber signups) Imagine an IoT chastity belt. with a security vulnerability. that locks your

IoT 206

IoT Data breaches Password Management Passwords 206

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

JANUARY 18, 2021

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers. A farewell message posted by Joker’s Stash admin on Jan. 15, 2021.

Marketing 277

Marketing Cybercrime Accountability Cryptocurrency 277

Schneier on Security

JANUARY 21, 2021

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the Active Directory Federation Services (AD FS) token-signing certificate and use it to forge tokens for arbitrary users (sometimes described as Golden SAML ).

Authentication 321

Authentication Passwords Accountability Hacking 321

We Live Security

JANUARY 21, 2021

Another in our occasional series demystifying Latin American banking trojans. The post Vadokrist: A wolf in sheep’s clothing appeared first on WeLiveSecurity.

Banking 145

Banking Malware 145

Security Affairs

JANUARY 22, 2021

Threat actors are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. Attackers are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. The Microsoft Remote Desktop Protocol (RDP) is a built-in service in Microsoft Windows operating systems that provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers.

DDOS 145

DDOS VPN Authentication Hacking 145

Schneier on Security

JANUARY 20, 2021

Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malwa

Malware 278

Malware Hacking 278

Tech Republic Security

JANUARY 19, 2021

Using VoIP calls, the attackers trick people into logging into phishing sites as a way to steal their usernames and passwords.

Phishing 218

Phishing Passwords 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

JANUARY 20, 2021

The far-right platform still hasn't found a US-based home. Where it lands could have serious consequences for its users' privacy.

145

145

Security Affairs

JANUARY 21, 2021

Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries. . Check Point Research along with experts from cybersecurity firm Otorio shared details on their investigation into a large-scale phishing campaign that targeted thousands of global organizations. The campaign has been active since August, the attackers used emails that masqueraded as Xerox scan notifications that were urging recipients into opening a malici

Phishing 145

Phishing Passwords Manufacturing Healthcare 145

eSecurity Planet

JANUARY 22, 2021

A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. And that boom in devices shows no signs of stopping. In 2019, there were an estimated 9.9 billion Internet of Things (IoT) devices. By 2025, we expect 21.5 billion. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point.

IoT 145

IoT Cybersecurity Manufacturing Government 145

Tech Republic Security

JANUARY 20, 2021

2020 was a security struggle in the world of web applications, and it isn't going to get any better in 2021, research from cybersecurity provider Radware said.

Cybersecurity 218

Cybersecurity 218

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

JANUARY 20, 2021

Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.

Software 145

Software 145

Security Affairs

JANUARY 19, 2021

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds attack after the SUNSPOT backdoor, the Sunburst / Solorigate backdoor and the Teardrop tool. .

Malware 145

Malware Engineering Encryption Hacking 145

CompTIA on Cybersecurity

JANUARY 22, 2021

2021 will be a challenging but exciting year for IT pros. Here are the top skills in demand they will need in order to gain ground in their career.

144

144

Tech Republic Security

JANUARY 22, 2021

Cybersecurity bad actors are taking advantage of the COVID-19 pandemic and attacking businesses. Follow these best practices for protecting your organization before a security attack.

Cybersecurity 218

Cybersecurity 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JANUARY 16, 2021

Plus: A dark web takedown, a bitcoin scam, and more of the week's top security news.

Scams 144

Scams 144

Security Affairs

JANUARY 16, 2021

The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver. The curious aspect of this vulnerability is related to its discovery, in fact, it was found by too children that were playing on their dad’s computer.

Hacking 145

Hacking Software Information Security Malware 145

Dark Reading

JANUARY 19, 2021

Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor.

Phishing 144

Phishing 144

Tech Republic Security

JANUARY 22, 2021

Veteran Michael Kassner says former military personnel might know more about cybersecurity than employers think. Read about some of the skills veterans could bring to a cybersecurity job.

Cybersecurity 215

Cybersecurity 215

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JANUARY 18, 2021

Over the course of his presidency, he managed to be consistently wrong, outrageous, and dangerous in equal measure. We look back at his most notorious remarks.

142

142

Security Affairs

JANUARY 22, 2021

KindleDrip : Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims’ devices. Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. The researchers noticed that the “Send to Kindle” feature allows Kindle users to send e-books to their devices as email attachments, a behavior that could be potentially explo

Hacking 145

Hacking Authentication Firmware Phishing 145

CSO Magazine

JANUARY 19, 2021

Security vendors can now leverage new telemetry and machine learning processing capabilities built into Intel's 11th Gen mobile processors to better detect and block sophisticated ransomware programs that attempt to evade traditional detection techniques. The features are built into Intel Core CPUs designed for businesses that include the vPro feature set. [ Keep up on the latest thought leadership, insights, how-to, and analysis on IT security through CSO Online’s newsletters. ].

Threat Detection 142

Threat Detection CSO Ransomware Mobile 142

Tech Republic Security

JANUARY 21, 2021

The number of breaches may have fallen, but the number of exposed records hit a high not seen since 2005, says Risk Based Security.

Data breaches 208

Data breaches Risk 208

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

We Live Security

JANUARY 22, 2021

Here’s how to spot scams where criminals use deceptive text messages to hook and reel in their marks. The post Why do we fall for SMS phishing scams so easily? appeared first on WeLiveSecurity.

Scams 142

Scams Phishing 142

Security Affairs

JANUARY 19, 2021

Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities. Security researchers from Check Point have uncovered a series of attacks associated with the FreakOut botnet that is targeting multiple unpatched flaws in applications running on top of Linux systems. The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands.

DDOS 145

DDOS DNS Malware Internet 145

Threatpost

JANUARY 20, 2021

Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.

Software 139

Software 139

Tech Republic Security

JANUARY 22, 2021

Changing threats, volume of threats, and ransomware plague organizations. Having some autonomous AI tools to help pros do their jobs can help.

Cybersecurity 207

Cybersecurity Ransomware 207

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity