Sat.May 16, 2020 - Fri.May 22, 2020

article thumbnail

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around the United States on Thursday says the ring has been filing unemployment claims in different states using Social Security numbers

Insurance 363
article thumbnail

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

When it was first introduced, device fingerprinting – or online fingerprinting in general – was meant to create a safer, more responsible internet. The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability. Related: Why Satya Nadella calls for regulation of facial recognition systems The concept itself is still very much relevant today.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AI and Cybersecurity

Schneier on Security

Ben Buchanan has written " A National Security Research Agenda for Cybersecurity and Artificial Intelligence." It's really good -- well worth reading.

article thumbnail

Dark Web sees rise in postings selling access to corporate networks

Tech Republic Security

These postings provide cybercriminals with the information needed to hack into networks where they can infect critical machines with malware, according to Positive Technologies.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches.

Passwords 354
article thumbnail

Weekly Update 192

Troy Hunt

Hey, check out that haircut! And shirt! It's almost like I'm a professional again ?? Come Monday, schools here return as usual so I figured it was time for both my son and I to head to the barber. Other events of the day had me sprucing up to a level I don't think I've seen since Feb and I've gotta say, it's actually kind of nice. If only I had somewhere I could actually go out to.

VPN 183

More Trending

article thumbnail

Nearly 70% of major companies will increase cybersecurity spending post-coronavirus

Tech Republic Security

With more people working from home, cybercrimes skyrocketed, forcing companies to rethink tech budgets, LearnBonds found.

article thumbnail

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals.

Malware 322
article thumbnail

The Hypocrisy of Mike Pompeo

WIRED Threat Level

In the few short years since his time in Congress, the secretary of state has conveniently reversed himself on multiple fronts.

145
145
article thumbnail

Ann Mitchell, Bletchley Park Cryptanalyst, Dies

Schneier on Security

Obituary.

210
210
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How the dark web is handling the coronavirus pandemic

Tech Republic Security

Many on the dark web are expressing the same thoughts and fears about COVID-19 as everyone else, while others are looking for ways to profit from it, says Trustwave.

218
218
article thumbnail

Tens of thousands Israeli websites defaced

Security Affairs

Thousands of Israeli websites have been defaced earlier today, hackers published an anti-Israeli message on their homepage and attempted to implant malicious code. A massive hacking campaign defaced thousands of Israeli websites, attackers published an anti-Israeli message on their homepage and attempted to inject a malware seeking permission to access visitors’ webcams.

Hacking 145
article thumbnail

The Nigerian Fraudsters Ripping Off the Unemployment System

WIRED Threat Level

Security researchers have spotted the “Scattered Canary” group scamming vital benefits programs amid the Covid-19 pandemic.

Scams 145
article thumbnail

Ramsey Malware

Schneier on Security

A new malware, called Ramsey, can jump air gaps : ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a and v2.b). Each version was different and infected victims through different methods, but at its core, the malware's primary role was to scan an infected computer, and gather Word, PDF, and ZIP documents in a hidden storage folder, ready to be exfiltrated at

Malware 198
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Verizon report finds increases in financially-motivated breaches and attacks on web applications

Tech Republic Security

The Verizon Business 2020 Data Breach Investigations Report analyzed more than 32,000 incidents.

article thumbnail

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. Threat actors attempted to exploit a zero-day (CVE-2020-12271) in the Sophos XG firewall to spread ransomware to Windows machines, the good news is that the attack was blocked by a hotfix issued by Sophos. At the end of April, cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Fi

Firewall 145
article thumbnail

Web Giants Scrambled to Head Off a Dangerous DDoS Technique

WIRED Threat Level

Firms like Google and Cloudflare raced to prevent an amplification attack that threatened to take down large portions of the internet with just a few hundred devices.

DDOS 141
article thumbnail

Criminals and the Normalization of Masks

Schneier on Security

I was wondering about this : Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus. "Criminals, they're smart and this is a perfect opportunity for them to conceal themselves and blend right in," said Richard Bell, police chief in the tiny Pennsylvania community of Frackville.

Banking 198
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

How Home Chef's sensitive customer data was compromised by a cyberattack

Tech Republic Security

Stolen in a recent breach, the names, email addresses, encrypted passwords, and other data of Home Chef customers are being sold on the Dark Web.

article thumbnail

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. Introduction. During our Cyber Threat Intelligence monitoring we spotted new malicious activities targeting some Italian companies operating worldwide in the manufacturing sector, some of them also part of the automotive production chain.

article thumbnail

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials

Threatpost

The attack discovered by Cofense can steal sensitive user data stored on the cloud as well as find other victims to target.

Phishing 136
article thumbnail

5 Tips for Fighting Credential Stuffing Attacks

Dark Reading

With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The top free online tech classes to advance your IT skills

Tech Republic Security

Available online classes include ways to upgrade your resume, add to current skills, or land a better job. Here are some of the top places to go to find eLearning courses.

214
214
article thumbnail

Researchers disclose five Microsoft Windows zero-days

Security Affairs

Security experts have disclosed five unpatched vulnerabilities in Microsoft Windows, four of which rated as high-risk severity. Security experts from Trend Micro’s Zero Day Initiative (ZDI) have published information on five unpatched vulnerabilities in Microsoft Windows. Four vulnerabilities are classified as high-risk severity, three of them are zero-day vulnerabilities tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915.

article thumbnail

Analysis of the 2020 Verizon Data Breach Report

Daniel Miessler

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. He looks at the key findings and talks about what they might mean to us going forward. The newsletter serves as the show notes for the podcast. The Dataviz Game on Point. Verizon’s Breach Report is one of the best infosec reports out there, and I’m always excited when I hear it’s been released.

article thumbnail

WolfRAT Android Malware Targets WhatsApp, Facebook Messenger

Threatpost

Researchers link the malware to Wolf Research operators with "high confidence" after it was spotted in campaigns targeting Thai users.

Malware 127
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

86% of data breaches are conducted for financial gain

Tech Republic Security

Increases in hacking, phishing, and cloud-based attacks have been even more prevalent with the influx of remote work, Verizon found.

article thumbnail

Texas Department of Transportation (TxDOT) hit by a ransomware attack

Security Affairs

A new ransomware attack hit the Texas government, the malware this time infected systems at the state’s Department of Transportation (TxDOT). The Texas government suffered two ransomware attacks in a few weeks, the first one took place on May 8, 2020 and infected systems at the Texas court. All @txcourts websites are down. We are aware of this issue and working to remedy it.

article thumbnail

Unsupervised Learning: No. 229

Daniel Miessler

THIS WEEK’S TOPICS: Feds Release Top Vulns, China Brainwave Tracking, Europe CISSP Masters, Army Electronic Warfare, Microsoft Third-largest Patch Tuesday, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

article thumbnail

NSO Group Impersonates Facebook Security Team to Spread Spyware — Report

Threatpost

An investigation traces an NSO Group-controlled IP address to a fake Facebook security portal.

Spyware 126
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!