Sat.Jul 25, 2020 - Fri.Jul 31, 2020

article thumbnail

Is Your Chip Card Secure? Much Depends on Where You Bank

Krebs on Security

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.

Banking 361
article thumbnail

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

It took a global pandemic and the death of George Floyd to put deep-seated social inequities, especially systemic racism, front and center for intense public debate. Related: Will ‘blockchain’ lead to more equitable wealth distribution? We may or may not be on the cusp of a redressing social injustice by reordering our legacy political and economic systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Survey of Supply Chain Attacks

Schneier on Security

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary : Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.States have targeted software supply chains with great effect as the majority of cases surveyed here did, or could have, resulted in remote cod

Software 307
article thumbnail

Facebook data privacy scandal: A cheat sheet

Tech Republic Security

Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Business ID Theft Soars Amid COVID Closures

Krebs on Security

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.

article thumbnail

Burners, Dots, and Pluses: Protecting Your Email in the Post-Privacy Age

Adam Levin

If you find your personal email account bombarded with unwanted marketing emails, there’s a good chance your account was compromised in a breach. That said, email these days is a minefield we all need to learn how to traverse safely. . Your email address could present the greatest liability when it comes to cybersecurity and privacy. A recent report found that email was the delivery method for 94% of malware attacks in 2019; a more recent study in 2020 indicated that email-based phishing may be

More Trending

article thumbnail

87% of Americans view data privacy as a human right, but most still use risky security practices

Tech Republic Security

While 56% of Americans want more control over personal data, more than 40% said they reuse passwords, use public Wi-Fi, or save a credit card to an online store, KPMG found.

article thumbnail

Here’s Why Credit Card Fraud is Still a Thing

Krebs on Security

Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here’s a look at the havoc that lag has wrought, as seen through the purchasing patterns at one of the underground’s biggest stolen card shops that was hacked last year.

article thumbnail

Weekly Update 202

Troy Hunt

Unfortunately, our run of good luck here down in Aus has taken a bit of a turn COVID wise. Not so much in my home state, but the southern states have been copping it so this week, I pulled the pin on snowboarding. For folks overseas, that might sound like it would have been a risky proposition anyway, but only two and a half weeks ago the entire state of New South Wales had 5 active cases out of 8.1M people.

162
162
article thumbnail

Images in Eye Reflections

Schneier on Security

In Japan, a cyberstalker located his victim by enhancing the reflections in her eye , and using that information to establish a location. Reminds me of the image enhancement scene in Blade Runner. That was science fiction, but now image resolution is so good that we have to worry about it.

273
273
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to protect your website's database from hackers

Tech Republic Security

A recent investigation by NordPass and a white hat hacker discovered more than 9,000 unsecured databases online with more than 10 billion individual entries.

204
204
article thumbnail

Source Code from Microsoft, Adobe, Nintendo, and Others Leaked Online

Adam Levin

A collection of source code from companies including General Electric, Disney, Microsoft, Motorola, Qualcomm, Adobe, Nintendo and Microsoft has been aggregated and posted online. . The repository was released onto Gitlab by software developer and IT consultant Tillie Kottmann and was collected from publicly available leaked data that had been stored on misconfigured online servers.

Banking 136
article thumbnail

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. Cybersecurity researchers at Intezer spotted a new completely undetectable Linux malware , dubbed Doki , that exploits undocumented evasion techniques while targeting publicly accessible Docker servers.

article thumbnail

Fake Stories in Real News Sites

Schneier on Security

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story : The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they've posted fake content on everything from social media to pro-Russian news websites.

Media 270
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Security analysts: Industry has not solved the talent gap or provided clear career paths

Tech Republic Security

New survey finds that cybersecurity professionals want more training to keep up with the threat landscape and learn new software platforms.

Software 218
article thumbnail

Hackers Broke Into Real News Sites to Plant Fake Stories

WIRED Threat Level

A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO.

Media 145
article thumbnail

ShinyHunters leaked over 386 million user records from 18 companies

Security Affairs

ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online. The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum. A couple of days ago, the popular digital banking app Dave.com disclosed a security breach after ShinyHunters leaked 7,516,625 user records on a crime forum.

Passwords 145
article thumbnail

Twitter Hacker Arrested

Schneier on Security

A 17-year-old Florida boy was arrested and charged with last week's Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments.

Hacking 183
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The future of encryption: Getting ready for the quantum computer attack

Tech Republic Security

PQShield, a spin-out from the UK's Oxford University, is developing advanced cryptographic solutions for hardware, software and communications to protect businesses' data from the quantum threat.

article thumbnail

Maximizing The Value of Virtual Security Conferences

Adam Shostack

Nathan Hamiel has a really good post on Maximizing The Value of Virtual Security Conferences. To his key point of ‘know what you want to get out of it’ and ‘know what it would take to make it happen,’ I want to add two ideas: First, take notes with a pen and paper. This is a key lesson for me as I deliver training through computers.

InfoSec 100
article thumbnail

U.S. experts claim China-linked hackers have infiltrated Vatican networks

Security Affairs

U.S. cybersecurity firm revealed that China-linked hackers have infiltrated Vatican computer networks ahead of talks. China-linked hackers have infiltrated the Vatican computer networks, reads a report published by the U.S. cybersecurity firm Recorded Future that focuses on the analysis of nation-state actors. According to the experts, the cyber espionage campaign began in May ahead the talk between the Vatican and the Chinese government.

article thumbnail

How to end your cybersecurity failures

Jane Frankland

When my eldest son was at middle school, he used to plead with me every single year to change schools. It always happened at the end of the summer holidays, and every time he’d sit half way up the stairs in our house, wailing. Once he calmed down, he’d talk about fresh starts and new beginnings. For some reason, he felt like he’d messed up and wanted a chance to reinvent himself.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

That job offer in your inbox might be part of a North Korean cyberattack

Tech Republic Security

Professionals in the aerospace and defense industries should watch out; a wave of fake job offers containing malicious documents have been spotted in the wild by McAfee researchers.

187
187
article thumbnail

Billions of Devices Impacted by Secure Boot Bypass

Threatpost

The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks.

IoT 133
article thumbnail

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Disclaimer : due to a complaint from the citizens of my native city in Italy… I had to rename #PiadinaBoard into #BurtleinaBoard. Few months ago I have presented #FocacciaBoard : a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e.

IoT 145
article thumbnail

How the Alleged Twitter Hackers Got Caught

WIRED Threat Level

Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks.

Hacking 138
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

DevSecOps tutorial: What is it, and how can it improve application security?

Tech Republic Security

Dr. David Brumley, a professor at Carnegie Mellon University and CEO of ForAllSecure, explains what DevSecOps is and how companies can use it to improve security.

193
193
article thumbnail

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

Threatpost

Attackers are exploiting a high-severity vulnerability in Cisco's network security software products, which is used by Fortune 500 companies.

article thumbnail

Expert discloses details of 3 Tor zero-day flaws … new ones to come

Security Affairs

A security researcher published the details about two Tor zero-day vulnerabilities and plans to release three more flaws. The security researcher Dr. Neal Krawetz has published technical details about two Tor zero-day vulnerabilities over the past week and promises to release three more. Oppressive regimes could exploit these Tor zero-day flaws to prevent users from accessing the popular anonymizing network.

article thumbnail

Children Stream on Twitch—Where Potential Predators Find Them

WIRED Threat Level

A WIRED investigation found dozens of channels belong to children apparently under 13, and anonymous chat participants sending inappropriate messages their way.

112
112
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.