Schneier on Security

AUGUST 25, 2021

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.

Internet 362

Internet Internet Surveillance VPN 362

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

Cryptocurrency 349

Cryptocurrency Malware Mobile Accountability 349

Troy Hunt

AUGUST 26, 2021

A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style). Lots of little things this week, hoping next week will be the big "hey, Pwned Passwords just passed 1 billion", stay tuned for that one 😊 References You probably should have an OnlyFans account (no, not in the way it sounds like you should.

Password Management 307

Password Management Passwords Accountability 307

Lohrman on Security

AUGUST 22, 2021

The desperate images coming out of Afghanistan following the Taliban’s takeover last weekend underline the importance of technology and the real-life impacts when planning goes well — or not so well.

Technology 266

Technology 266

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

AUGUST 27, 2021

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked.

Mobile 353

Mobile Hacking Data breaches 353

The Last Watchdog

AUGUST 23, 2021

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce. Related: Employees as human sensors. As of 2018, more than 2 million people were working abroad for U.S. companies in China alone.

Internet 223

Internet Internet Government Risk 223

WIRED Threat Level

AUGUST 26, 2021

The undersea cables that connect much of the world would be hit especially hard by a coronal mass ejection.

Internet 145

Internet Internet 145

Schneier on Security

AUGUST 26, 2021

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer.

Software 349

Software 349

Graham Cluley

AUGUST 26, 2021

The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking US companies since November 2020. Read more in my article on the Tripwire State of Security blog.

Ransomware 145

Ransomware Malware 145

Tech Republic Security

AUGUST 26, 2021

Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.

Cybersecurity 217

Cybersecurity Technology 217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

We Live Security

AUGUST 26, 2021

The man was after sexually explicit photos and videos that he would then share online or store in his own collection. The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity.

Accountability 145

Accountability Cybercrime 145

SecureList

AUGUST 24, 2021

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the option of viewing messages that have been deleted by the sender.

Malware 145

Malware Advertising Mobile Accountability 145

McAfee

AUGUST 24, 2021

Overview. As part of our continued goal to provide safer products for enterprises and consumers, we at McAfee Advanced Threat Research (ATR) recently investigated the B. Braun Infusomat Space Large Volume Pump along with the B. Braun SpaceStation , which are designed for use in both adult and pediatric medical facilities. This research was done with support from Culinda – a trusted leader in the medical cyber-security space.

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

Tech Republic Security

AUGUST 23, 2021

It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.

215

215

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Heimadal Security

AUGUST 24, 2021

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments. What motivates the ransomware actors to become even more […].

Ransomware 145

Ransomware Healthcare Encryption Government 145

Security Boulevard

AUGUST 23, 2021

Information manipulation has been around since Chinese general Sun Tzu wrote “The Art of War” in 550 BC. The Russians routinely use disinformation tactics to destabilize democracies. Events like the 2020 U.S. elections or COVID-19 vaccinations highlight how political opponents and rogue nations actively practice disinformation campaigns to undermine confidence in governments and science, sowing.

Cybercrime 145

Cybercrime Government Social Engineering Engineering 145

Bleeping Computer

AUGUST 22, 2021

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. [.].

145

145

Tech Republic Security

AUGUST 27, 2021

According to a ransomware report, the average ransom payment in the first half of 2021 jumped to $570,000. Learn more in TechRepublic's Karen Roby interview with writer Lance Whitney.

Ransomware 199

Ransomware 199

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

AUGUST 27, 2021

It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity.

Data breaches 145

Data breaches Cybersecurity 145

Security Boulevard

AUGUST 23, 2021

Those who manage insider threat programs just got a healthy reminder from researchers at Abnormal Security who detailed how their deployed tools detected a new insider recruitment tactic—this time involving ransomware. Insider recruitment, be it sponsored by a nation-state, competitor or criminal enterprise, is not new. The means by which the adversary approaches the target.

Malware 145

Malware Ransomware Social Engineering Engineering 145

Graham Cluley

AUGUST 21, 2021

T-Mobile has confirmed media reports from earlier this week that it had suffered a serious data breach. And it's not just existing T-Mobile users who should be alarmed, but former and prosepective customers as well.

Data breaches 145

Data breaches Mobile Media 145

Tech Republic Security

AUGUST 24, 2021

Survey by EY finds that board members are interested in spending more money on technology and data analytics for risk management.

Risk 199

Risk Technology 199

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

AUGUST 27, 2021

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S.

Cybersecurity 145

Cybersecurity Government Risk 145

Security Boulevard

AUGUST 26, 2021

Cloud observability and security are quickly becoming mainstays necessary to manage and secure cloud-based applications and infrastructure. At Black Hat 2021, Datadog announced their new Cloud Workload Security offering, providing real-time eBPF-powered threat detection across containers and hosts. Datadog’s Nick Davis, senior product manager for cloud workload security, and Mitch Ashley discuss how the solution.

Threat Detection 145

Threat Detection Cybersecurity 145

Bleeping Computer

AUGUST 23, 2021

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [.].

Phishing 145

Phishing Malware 145

Tech Republic Security

AUGUST 26, 2021

Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.

Mobile 197

Mobile 197

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 21, 2021

A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang named LockFile targets Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. The popular security expert Kevin Beaumont was one of the first researchers to report that the LockFile operators are using the Microsoft Exchange ProxyShell and the Windows PetitPotam vulnerabilities to take over Windows domains.

Ransomware 145

Ransomware Hacking Financial Services Encryption 145

CyberSecurity Insiders

AUGUST 22, 2021

The US Department of Defense Cyber Command has disclosed in a tweet that the US State Department was hit by a cyber attack, just a couple of weeks ago, hinting at a serious data breach. However, for security reasons, the source did not reveal the nature of the attack and its impact on the operations taken up by the state department. Cybersecurity Insiders has learnt that the attack could have taken place in the first week of August and a state funded hacking gang seems to be behind the incident.

Cyber Attacks 144

Cyber Attacks Data breaches Government Cybersecurity 144

Naked Security

AUGUST 23, 2021

That's funny. I could have sworn I didn't run a print job yesterday. but will you look at that?

144

144

Tech Republic Security

AUGUST 25, 2021

Switch to an exciting new tech career as a white-hat hacker. For this training course, you can study on your own time without going into debt.

181

181

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity