Sat.May 16, 2020 - Fri.May 22, 2020

article thumbnail

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around the United States on Thursday says the ring has been filing unemployment claims in different states using Social Security numbers

Insurance 363
article thumbnail

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

When it was first introduced, device fingerprinting – or online fingerprinting in general – was meant to create a safer, more responsible internet. The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability. Related: Why Satya Nadella calls for regulation of facial recognition systems The concept itself is still very much relevant today.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AI and Cybersecurity

Schneier on Security

Ben Buchanan has written " A National Security Research Agenda for Cybersecurity and Artificial Intelligence." It's really good -- well worth reading.

article thumbnail

Dark Web sees rise in postings selling access to corporate networks

Tech Republic Security

These postings provide cybercriminals with the information needed to hack into networks where they can infect critical machines with malware, according to Positive Technologies.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches.

Passwords 351
article thumbnail

Weekly Update 192

Troy Hunt

Hey, check out that haircut! And shirt! It's almost like I'm a professional again ?? Come Monday, schools here return as usual so I figured it was time for both my son and I to head to the barber. Other events of the day had me sprucing up to a level I don't think I've seen since Feb and I've gotta say, it's actually kind of nice. If only I had somewhere I could actually go out to.

VPN 166

More Trending

article thumbnail

How the dark web is handling the coronavirus pandemic

Tech Republic Security

Many on the dark web are expressing the same thoughts and fears about COVID-19 as everyone else, while others are looking for ways to profit from it, says Trustwave.

217
217
article thumbnail

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals.

Malware 320
article thumbnail

Analysis of the 2020 Verizon Data Breach Report

Daniel Miessler

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. He looks at the key findings and talks about what they might mean to us going forward. The newsletter serves as the show notes for the podcast. The Dataviz Game on Point. Verizon’s Breach Report is one of the best infosec reports out there, and I’m always excited when I hear it’s been released.

article thumbnail

Criminals and the Normalization of Masks

Schneier on Security

I was wondering about this : Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus. "Criminals, they're smart and this is a perfect opportunity for them to conceal themselves and blend right in," said Richard Bell, police chief in the tiny Pennsylvania community of Frackville.

Banking 240
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The top free online tech classes to advance your IT skills

Tech Republic Security

Available online classes include ways to upgrade your resume, add to current skills, or land a better job. Here are some of the top places to go to find eLearning courses.

211
211
article thumbnail

How Are Computers Compromised (2020 Edition)

Adam Shostack

Understanding the way intrusions really happen is a long-standing interest of mine. This is quite a different set of questions compared to “how long does it take to detect,” or “how many records are stolen?” How the intrusion happens is about questions like: Is it phishing emails that steal creds? Email attachments with exploits?

InfoSec 124
article thumbnail

Unsupervised Learning: No. 229

Daniel Miessler

THIS WEEK’S TOPICS: Feds Release Top Vulns, China Brainwave Tracking, Europe CISSP Masters, Army Electronic Warfare, Microsoft Third-largest Patch Tuesday, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

article thumbnail

Ramsey Malware

Schneier on Security

A new malware, called Ramsey, can jump air gaps : ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a and v2.b). Each version was different and infected victims through different methods, but at its core, the malware's primary role was to scan an infected computer, and gather Word, PDF, and ZIP documents in a hidden storage folder, ready to be exfiltrated at

Malware 238
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

New phishing campaign impersonates LogMeIn to steal user credentials

Tech Republic Security

LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security.

article thumbnail

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. Introduction. During our Cyber Threat Intelligence monitoring we spotted new malicious activities targeting some Italian companies operating worldwide in the manufacturing sector, some of them also part of the automotive production chain.

article thumbnail

The Hypocrisy of Mike Pompeo

WIRED Threat Level

In the few short years since his time in Congress, the secretary of state has conveniently reversed himself on multiple fronts.

145
145
article thumbnail

5 Tips for Fighting Credential Stuffing Attacks

Dark Reading

With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How Home Chef's sensitive customer data was compromised by a cyberattack

Tech Republic Security

Stolen in a recent breach, the names, email addresses, encrypted passwords, and other data of Home Chef customers are being sold on the Dark Web.

article thumbnail

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. Threat actors attempted to exploit a zero-day (CVE-2020-12271) in the Sophos XG firewall to spread ransomware to Windows machines, the good news is that the attack was blocked by a hotfix issued by Sophos. At the end of April, cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Fi

Firewall 145
article thumbnail

Web Giants Scrambled to Head Off a Dangerous DDoS Technique

WIRED Threat Level

Firms like Google and Cloudflare raced to prevent an amplification attack that threatened to take down large portions of the internet with just a few hundred devices.

DDOS 118
article thumbnail

Security 101: Cross-Site Scripting

Dark Reading

Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?

118
118
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cybersecurity and remote work: How workers are handling the shift

Tech Republic Security

Working remotely presents key security challenges, but employees may actually be following security rules more carefully when working from home, says 1Password.

article thumbnail

Easyjet hacked: 9 million customer’s data exposed along with 2,200+ credit card details

Security Affairs

British airline EasyJet announced it was the victim of a “highly sophisticated” cyber attack that exposed email addresses and travel details of around 9 million of its customers. British airline EasyJet announced that a “highly sophisticated” cyber-attack exposed email addresses and travel details of around 9 million of its customers. “Following discussions with the Information Commissioner’s Office (“ICO”), the Board of easyJet announces that it h

Hacking 137
article thumbnail

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials

Threatpost

The attack discovered by Cofense can steal sensitive user data stored on the cloud as well as find other victims to target.

Phishing 136
article thumbnail

The Nigerian Fraudsters Ripping Off the Unemployment System

WIRED Threat Level

Security researchers have spotted the “Scattered Canary” group scamming vital benefits programs amid the Covid-19 pandemic.

Scams 132
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

How healthcare organizations can combat cyberattacks during the coronavirus

Tech Republic Security

Cyberattacks against hospitals and medical facilities have risen this year, often via ransomware and social engineering exploits, says IntSights.

article thumbnail

Tens of thousands Israeli websites defaced

Security Affairs

Thousands of Israeli websites have been defaced earlier today, hackers published an anti-Israeli message on their homepage and attempted to implant malicious code. A massive hacking campaign defaced thousands of Israeli websites, attackers published an anti-Israeli message on their homepage and attempted to inject a malware seeking permission to access visitors’ webcams.

Hacking 145
article thumbnail

WolfRAT Android Malware Targets WhatsApp, Facebook Messenger

Threatpost

Researchers link the malware to Wolf Research operators with "high confidence" after it was spotted in campaigns targeting Thai users.

Malware 127
article thumbnail

Ann Mitchell, Bletchley Park Cryptanalyst, Dies

Schneier on Security

Obituary.

255
255
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.