Krebs on Security
JULY 24, 2020
Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.
Troy Hunt
JULY 21, 2020
I love beer. This comes as no surprise to regular followers, nor should it come as a surprise that I maintain an Untappd account, logging my beer experiences as I (used to ??) travel around the world partaking in local beverages. When I received an email from someone over that way who happened to be a happy Have I Been Pwned (HIBP) user and wanted some cyber-assistance, I was intrigued.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JULY 21, 2020
This hack targets the firmware on modern power supplies. (Yes, power supplies are also computers.). Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can be sent to the phone without damaging the device -- the more juice the power adapter can send, the faster it can charge the phone.
Adam Levin
JULY 24, 2020
Cyberattacks are constantly getting more sophisticated. Barely a day goes by without news of an elite hacking team creating a more stealth exploit– malware , elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. With so many vectors of attack , it’s easy to overlook the more basic tricks hackers use.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
JULY 23, 2020
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties.
Troy Hunt
JULY 20, 2020
Nearly 7 years ago now, I started a little pet project to index data breaches and make them searchable. I called it "Have I Been Pwned" and I loaded in 154M breached records which to my mind, was rather sizeable. Time went by, the breaches continued and the numbers rose. A few years later in June 2016 on stage at NDC Oslo, I pushed HIBP through 1B records: Whoa, we're there, past a billion!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
JULY 23, 2020
Malicious attacks disguised as Microsoft Office files increased 176%, according to SonicWall's midyear threat report.
Krebs on Security
JULY 22, 2020
The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. These individuals said they were only customers of the person who had access to Twitter’s internal employee tools, and were not responsible for the actual intrusion or bitcoin scams that took place that day.
Troy Hunt
JULY 24, 2020
I love this setup! A huge amount of research went into this but the PC, screens, cameras lights and all the other bits are working really well together. I did my first interview with this setup today and I think I'm actually going to be sticking with the mood lighting for most on-video events now: Fun @InfosecWhiskey interview this morning. I’m running with this lighting setup, just a couple of Hue Go lights and the screens, a beautiful pic from the camera setup.
Schneier on Security
JULY 22, 2020
Fawkes is a system for manipulating digital images so that they aren't recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then use these "cloaked" photos as you normally would, sharing them on social media, sending them to friends, printing them or displaying them on digital devices, the same way you would any other photo.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
JULY 23, 2020
Beware - cybercriminals could be spending days rooting around in employee inboxes for information they can sell to other crooks, or use to mount further attacks.
Adam Levin
JULY 24, 2020
Navigation and wearable device company Garmin experienced a widespread outage after a successful ransomware attack July 23. Recent reports have confirmed that the outage was caused by WastedLocker, a ransomware often used to specifically target and disrupt business operations, and closely associated with Evil Corp, the hacking group behind a $100 million crime spree that began in 2011.
Lenny Zeltser
JULY 22, 2020
10 years after the initial release of REMnux , I’m thrilled to announce that REMnux version 7 is now available. This Linux distribution for malware analysis includes hundreds of new and classic tools for examining executables, documents, scripts, and other forms of malicious code. To start using REMnux v7, you can: Download REMnux as a virtual appliance Set up a dedicated REMnux system from scratch Add REMnux to an existing Ubuntu 18.04 host Run REMnux distro as a Docker container.
Schneier on Security
JULY 23, 2020
I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
JULY 24, 2020
Isolation technology allows companies to keep employee browsers siloed in the cloud.
Security Affairs
JULY 20, 2020
Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend. Telecom Argentina , one of the largest internet service providers in Argentina, was hit by a ransomware attack. Ransomware operators infected roughly 18,000 computers during the weekend and now are asking for a $7.5 million ransom.
WIRED Threat Level
JULY 19, 2020
You deserve privacy. Here's how to check your phone, laptop, and online accounts to make sure no one's looking over your shoulder.
Threatpost
JULY 23, 2020
Garmin's services, websites and customer service have all been down since Wednesday night.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
JULY 22, 2020
TransUnion surveyed consumers in six countries and found that phishing was the preferred method of attack 27% of the time.
Security Affairs
JULY 23, 2020
Smartwatch and wearable device maker Garmin had to shut down some of its connected services and call centers following a ransomware attack. On July 23, smartwatch and wearables maker Garmin has shut down several of its services due to a ransomware attack that targeted its internal network and some production systems. “We are currently experiencing an outage that affects Garmin.com and Garmin Connect,” reads a statement published by the company on its website. “This outage also
WIRED Threat Level
JULY 22, 2020
Twitter's new policy won't make the conspiracy group disappear. But experts say it could dramatically reduce its ability to spread.
Threatpost
JULY 23, 2020
The flaw exists in Cisco's network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 21, 2020
By hosting phishing pages at a legitimate cloud service, cybercriminals try to avoid arousing suspicion, says Check Point Research.
Security Affairs
JULY 19, 2020
ATM maker Diebold Nixdorf is warning banks a new ATM black box attack technique that was recently employed in cyber thefts in Europe. Black box attacks are a type of jackpotting attack aimed at forcing an ATM to dispense the cash by sending a command through a “black box” device. In this attack, a black box device, such as a mobile device or a Raspberry, is physically connected to the ATM and is used by the attackers to send commands to the machine.
Daniel Miessler
JULY 19, 2020
I was thinking about the recent Twitter hack the other day and thought of a simple technique for evaluating possible threat actors of information warfare campaigns. I’m sure this is obvious to true practitioners in this space, and that what I’m describing probably has a formal name and more robust methodology, but I think this is useful just as a quick shortcut for non-experts.
Adam Levin
JULY 23, 2020
The U.S. Justice Department has accused two Chinese hackers of conducting a massive campaign of intellectual property theft, including Covid-19 vaccine research. In the indictment filed in early July and unsealed earlier this week, the Justice Department accused Li Xiaoyu and Dong Jiazhi of stealing terabytes of research and data over the last several years.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
JULY 22, 2020
Unpatched systems and misconfigurations are also major concerns for security professionals, Balbix says.
Security Affairs
JULY 24, 2020
ADIF, a Spanish state-owned railway infrastructure manager under the responsibility of the Ministry of Development, was hit by REVil ransomware operators. Administrador de Infraestructuras Ferroviarias (ADIF) , a Spanish state-owned railway infrastructure manager was hit by REVil ransomware operators. ADIF ( Administrador de Infraestructuras Ferroviarias ) is charged with the management of most of Spain’s railway infrastructure, that is the track, signaling and stations.
Adam Shostack
JULY 24, 2020
There’s a post from Helen L. of the UK’s NCSC, A sociotechnical approach to cyber security. Her post shares the context of socio-technical approaches, discussed the (re-named) RISCS institute, and shares the current problem book. The post and the problem book are both worth a careful read. (I’m honored to be an advisor to the RISCS Institute, and have had some minor input into the problems book.).
Adam Levin
JULY 23, 2020
Cyberattacks are constantly getting more sophisticated. Barely a day goes by without news of an elite hacking team creating a more stealth exploit– malware , elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. With so many vectors of attack , it’s easy to overlook the more basic tricks hackers use.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
364 
Let's personalize your content