Krebs on Security

JANUARY 19, 2021

A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the COVID-19 pandemic. Ardit Ferizi , a 25-year-old citizen of Kosovo, was slated to be sent home earlier this month after a federal judge signed an order commuting his sentence to time

Identity Theft 332

Identity Theft Government Social Engineering Accountability 332

Schneier on Security

JANUARY 19, 2021

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points. SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code.

Malware 315

Malware Software Hacking 315

Tech Republic Security

JANUARY 22, 2021

Cybersecurity bad actors are taking advantage of the COVID-19 pandemic and attacking businesses. Follow these best practices for protecting your organization before a security attack.

Cybersecurity 216

Cybersecurity 216

Troy Hunt

JANUARY 22, 2021

I'm back into a normal home routine and it's business as usual again. You know, stuff like data breaches, new tech toys and having your genitalia locked in an vulnerable IoT device and held for ransom. Just normal stuff like that ?? References Turing Tumble is a really neat game for kids (it's a "marble powered computer") I bought a LaMetric display (I'll probably plug that into an API to track HIBP subscriber signups) Imagine an IoT chastity belt. with a security vulnerability. that locks your

IoT 185

IoT Data breaches Password Management Passwords 185

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

JANUARY 18, 2021

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers. A farewell message posted by Joker’s Stash admin on Jan. 15, 2021.

Marketing 265

Marketing Cybercrime Accountability Cryptocurrency 265

Schneier on Security

JANUARY 21, 2021

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the Active Directory Federation Services (AD FS) token-signing certificate and use it to forge tokens for arbitrary users (sometimes described as Golden SAML ).

Authentication 312

Authentication Passwords Accountability Hacking 312

Jane Frankland

JANUARY 22, 2021

Most people know that technology creates more jobs than any other industry and that digital is the golden thread that runs across all industries. So, why are women still missing from it? This is a question I’ve sought to answer for years. Most people know I’m driven to build a safer, happier and more prosperous world, and that one of the ways I do this is by creating awareness around how to get more women into male dominated industries, like tech and cybersecurity.

Technology 130

Technology Big data Cybersecurity Software 130

eSecurity Planet

JANUARY 22, 2021

A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. And that boom in devices shows no signs of stopping. In 2019, there were an estimated 9.9 billion Internet of Things (IoT) devices. By 2025, we expect 21.5 billion. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point.

IoT 145

IoT Cybersecurity Manufacturing Government 145

Schneier on Security

JANUARY 20, 2021

Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malwa

Malware 273

Malware Hacking 273

Tech Republic Security

JANUARY 22, 2021

Veteran Michael Kassner says former military personnel might know more about cybersecurity than employers think. Read about some of the skills veterans could bring to a cybersecurity job.

Cybersecurity 209

Cybersecurity 209

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JANUARY 19, 2021

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds attack after the SUNSPOT backdoor, the Sunburst / Solorigate backdoor and the Teardrop tool. .

Malware 145

Malware Engineering Encryption Hacking 145

CSO Magazine

JANUARY 19, 2021

Security vendors can now leverage new telemetry and machine learning processing capabilities built into Intel's 11th Gen mobile processors to better detect and block sophisticated ransomware programs that attempt to evade traditional detection techniques. The features are built into Intel Core CPUs designed for businesses that include the vPro feature set. [ Keep up on the latest thought leadership, insights, how-to, and analysis on IT security through CSO Online’s newsletters. ].

Threat Detection 142

Threat Detection CSO Ransomware Mobile 142

We Live Security

JANUARY 22, 2021

Here’s how to spot scams where criminals use deceptive text messages to hook and reel in their marks. The post Why do we fall for SMS phishing scams so easily? appeared first on WeLiveSecurity.

Scams 140

Scams Phishing 140

Tech Republic Security

JANUARY 20, 2021

2020 was a security struggle in the world of web applications, and it isn't going to get any better in 2021, research from cybersecurity provider Radware said.

Cybersecurity 217

Cybersecurity 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JANUARY 22, 2021

Threat actors are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. Attackers are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. The Microsoft Remote Desktop Protocol (RDP) is a built-in service in Microsoft Windows operating systems that provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers.

DDOS 145

DDOS VPN Authentication Hacking 145

CSO Magazine

JANUARY 21, 2021

CISSP definition: What is CISSP? . Certified Information Systems Security Professional, or CISSP, is a certification for advanced IT professionals who want to demonstrate that they can design, implement, and manage a cybersecurity program at the enterprise level. It's offered by the International Information System Security Certification Consortium, or (ISC) 2 , a nonprofit organization that focuses on certification and training for cybersecurity professionals.

Cybersecurity 138

Cybersecurity 138

We Live Security

JANUARY 21, 2021

Another in our occasional series demystifying Latin American banking trojans. The post Vadokrist: A wolf in sheep’s clothing appeared first on WeLiveSecurity.

Banking 145

Banking Malware 145

Tech Republic Security

JANUARY 21, 2021

If you've ever been tempted to change your Google account password, but weren't sure how, don't let that confusion stop you. Jack Wallen walks you through the process.

Passwords 200

Passwords Accountability 200

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JANUARY 16, 2021

The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver. The curious aspect of this vulnerability is related to its discovery, in fact, it was found by too children that were playing on their dad’s computer.

Hacking 145

Hacking Software Information Security Malware 145

Anton on Security

JANUARY 22, 2021

From Google Cloud Blog: “New whitepaper: Designing and deploying a data security strategy with Google Cloud” Here is another very fun resource we created (jointly with Andrew Lance from Sidechain ), a paper on designing and running data security strategy on Google Cloud. Read our launch blog here ?—?a long excerpt is quoted below. Read Sidechain blog here ?

Cloud Migration 113

Cloud Migration Encryption 113

CSO Magazine

JANUARY 22, 2021

Somewhere around 2015, the security industry adopted a new mantra, “cybersecurity is a boardroom issue.” This statement was supported by lots of independent research, business press articles, webinars, local events, and even sessions at RSA and Black Hat crowing about the burgeoning relationship between CISOs, business executives, and corporate boards.

CISO 135

CISO Cybersecurity 135

Tech Republic Security

JANUARY 19, 2021

Now being trialed in Georgia smart city Peachtree Corners, the new tech can pick up on people standing too close together and detect whether someone is wearing a mask.

Software 195

Software 195

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JANUARY 19, 2021

Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities. Security researchers from Check Point have uncovered a series of attacks associated with the FreakOut botnet that is targeting multiple unpatched flaws in applications running on top of Linux systems. The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands.

DDOS 144

DDOS DNS Malware Internet 144

WIRED Threat Level

JANUARY 20, 2021

Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.

Software 145

Software 145

TrustArc

JANUARY 21, 2021

As the year 2020 came to a close, so did season 1 of the hit new podcast, Serious Privacy. Hosts Paul Breitbarth and K Royal managed to record an impressive 2,037 minutes of content with the 47 episodes they published last year, which resulted in over 25,000 downloads. They covered everything from breaking news in […]. The post Serious Privacy Podcast – Top 10 Episodes from Season 1 appeared first on TrustArc Privacy Blog.

133

133

Tech Republic Security

JANUARY 19, 2021

Using VoIP calls, the attackers trick people into logging into phishing sites as a way to steal their usernames and passwords.

Phishing 218

Phishing Passwords 218

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

JANUARY 22, 2021

KindleDrip : Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims’ devices. Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. The researchers noticed that the “Send to Kindle” feature allows Kindle users to send e-books to their devices as email attachments, a behavior that could be potentially explo

Hacking 144

Hacking Authentication Firmware Phishing 144

CSO Magazine

JANUARY 21, 2021

Lately, dark web actors have one more worry: getting caught by law enforcement. Tracking dark web illegal activities has been a cat-and-mouse game for authorities, but in the end, they often catch their adversaries and seize the dodgy money. On the night of the 2020 presidential election, for example, US government officials managed to empty out a $1 billion Bitcoin wallet recovering funds linked to Silk Road, seven years after the market’s closure.

Government 133

Government Hacking 133

Graham Cluley

JANUARY 21, 2021

In the coming weeks Google will be rolling out a new feature to users of its Chrome browser which will make it easier to check for weak passwords and warn if stored passwords have been compromised in a past data breach. Read more in my article on the Tripwire State of Security blog.

Passwords 130

Passwords Data breaches Password Management 130

Tech Republic Security

JANUARY 21, 2021

Jack Wallen walks you through some of the steps you can take to check for and mitigate distributed denial of service attacks on a Linux server.

DDOS 199

DDOS 199

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity