Krebs on Security

DECEMBER 16, 2019

The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “ Evil Corp ” and stole roughly $100 million from businesses and consumers. As it happens, for several years KrebsOnSecurity closely monitored the day-to-day communications and activities of the accused and his accomplices.

Cybercrime 255

Cybercrime Banking Small Business Accountability 255

Troy Hunt

DECEMBER 16, 2019

Back in July last year, Scott Helme and I shipped a little pet project that tracked the world's largest websites not implementing HTTPS by default. We called it Why No HTTPS? and it gave people a way to see the largest websites not taking transport layer security seriously. We also broke the list down on a country-by-country basis and it quickly became a means of highlighting security gaps and serving as a "list of shame".

Firewall 177

Firewall 177

Adam Levin

DECEMBER 17, 2019

New Orleans has declared a state of emergency following a ransomware attack. The city government has effectively been offline since December 13 when employees were instructed to turn off all computers and disconnect them from WiFi networks following reports of suspicious network activity. . “The city asks residents and vendors for their patience and understanding as our Information Technology team works to restore all operations to normal,” said New Orleans mayor LaToya Cantrell.

Ransomware 168

Ransomware Government Technology Cybersecurity 168

Tech Republic Security

DECEMBER 19, 2019

Add terminal- and web-based Apache access.log view with GoAccess.

166

166

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

DECEMBER 16, 2019

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.

Ransomware 226

Ransomware Data breaches Healthcare Cybercrime 226

Schneier on Security

DECEMBER 19, 2019

DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of shared whiteboards (e.g. meeting notes) and other sensitive files (e.g., OTA -- over-the-air updates) were stored in a publicly accessible AWS S3 bucket that also lacked TLS encryption (CVE-2019-16270, CVE-2019-16274).

IoT 137

IoT Wireless System Administration Encryption 137

Tech Republic Security

DECEMBER 20, 2019

Find out what Jack Wallen predicts for the cloud and cloud-adjacent technology in 2020 and why he encourages you to dream big.

Technology 163

Technology 163

Security Affairs

DECEMBER 19, 2019

The victims of the Maze Ransomware now face another threat because operators behind the malware could become publish their data online. The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online. The Maze ransomware also implements data harvesting capabilities, operators are threatening to release the data for all those victims who refuse to pay the ransom.

Ransomware 113

Ransomware Cybercrime Advertising Malware 113

Schneier on Security

DECEMBER 17, 2019

New details : At the CyberwarCon conference in Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company's threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin. Microsoft has watched the group carry out so-called password-spraying attacks over the past year that try just a few common passwords across user accounts at tens of thousands

Passwords 133

Passwords Manufacturing Accountability Hacking 133

Daniel Miessler

DECEMBER 16, 2019

[advanced_iframe src=”[link] width=”100%”] No related posts.

Information Security 100

Information Security 100

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

DECEMBER 16, 2019

Experts say don't leave your devices open to cyberattacks from hackers anxious to steal your information.

162

162

Security Affairs

DECEMBER 17, 2019

Researchers spotted a new Remote Access Trojan (RAT), dubbed Dacls, that was used by the Lazarus APT group to target both Windows and Linux devices. Experts at Qihoo 360 Netlab revealed that the North-Korea Lazarus APT group used a new Remote Access Trojan (RAT), dubbed Dacls, to target both Windows and Linux devices. The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware 112

Malware Advertising Encryption Hacking 112

Schneier on Security

DECEMBER 16, 2019

Interesting research : SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7 , the decades-old phone system carriers still used for calling and texting, which has long been known to be vulnerable to interception and spoofing attacks. While using end-to-end encrypted internet-based tools like iMessage and WhatsApp obviates many of those of SS7 issues, Nohl says that flawed implementations o

Encryption 132

Encryption Internet Internet 132

WIRED Threat Level

DECEMBER 18, 2019

Gerry Cotten took at least $137 million to the grave when he died without giving anyone the password to his encrypted laptop.

Encryption 98

Encryption Passwords Cryptocurrency 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

DECEMBER 18, 2019

Jack Wallen shares cybersecurity predictions that might make your IT skin crawl. Find out what he thinks could be the silver lining to this security nightmare.

Cybersecurity 156

Cybersecurity 156

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Experts revealed details on the tools and techniques used by the botnet to compromise Linux devices and recruit them in launching distributed denial-of-service (DDoS) attacks.

Malware 103

Malware DDOS Advertising DNS 103

Schneier on Security

DECEMBER 14, 2019

This is a current list of where and when I am scheduled to speak: I'm speaking at SecIT by Heise in Hannover, Germany on March 26, 2020. The list is maintained on this page.

114

114

WIRED Threat Level

DECEMBER 16, 2019

Jared Johns found out too late that swapping messages with the pretty girl from a dating site would mean serious trouble. If only he had known who she really was.

Hacking 98

Hacking 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 15, 2019

Jack Wallen runs through 10 of the most important cybersecurity threats, breaches, tools, and news of the year.

Cybersecurity 157

Cybersecurity 157

Security Affairs

DECEMBER 16, 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019. The company collected 500 million passwords in total and the results were disconcerting.

Passwords 101

Passwords Data breaches Advertising Password Management 101

Thales Cloud Protection & Licensing

DECEMBER 18, 2019

Last month, I presented at the FCW Continuous Diagnostics Mitigation (CDM) Summit. The vision of the CDM program, created in 2012, is that all federal networks should be continuously scanned to identify and respond to threats and breaches. Consistent with the federal government’s deployment of Information Security Continuous Monitoring (ISCM), the CDM program is a dynamic approach to fortifying the cybersecurity of government networks and systems.

Digital transformation 90

Digital transformation CISO Government Cybersecurity 90

WIRED Threat Level

DECEMBER 18, 2019

Thirty years ago, Cliff Stoll published The Cuckoo's Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.

Internet 96

Internet Internet Cybersecurity 96

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

DECEMBER 16, 2019

Jack Wallen gazes into his crystal ball and makes his mobility predictions for 2020.

Mobile 151

Mobile 151

Security Affairs

DECEMBER 19, 2019

Security researcher Bob Diachenko discovered more than 267 million Facebook user IDs, phone numbers and names in an unsecured database. Security expert Bob Diachenko, along with Comparitech, has discovered more than 267 million Facebook user IDs, phone numbers and names in an unsecured database. The huge trove of data is likely the result of an illegal scraping operation or Facebook API abuse by a group of hackers in Vietnam.

Advertising 98

Advertising Phishing Passwords Authentication 98

Thales Cloud Protection & Licensing

DECEMBER 16, 2019

Nearly half (48%) of all corporate data is stored in the cloud according to the 2019 Thales Global Cloud Security Study conducted by the Ponemon Institute. Organizations admitted that on average, only about half (49%) of the data stored in the cloud is secured with encryption and only one-third (32%) believe protecting data in the cloud is their responsibility.

Encryption 86

Encryption Architecture Engineering Government 86

WIRED Threat Level

DECEMBER 15, 2019

Google's Password Checkup feature will be fully integrated into the desktop and mobile versions of Chrome 79.

Passwords 96

Passwords Data breaches Mobile 96

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

DECEMBER 19, 2019

83 users have already been affected by 65 malicious files disguised as copies of Star Wars: The Rise of Skywalker according to Kaspersky.

147

147

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. TP-Link addressed a critical zero-day vulnerability ( CVE-2017-7405 ) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was not previously reported and can affect both home and business environments.” explained

Passwords 98

Passwords Advertising Firmware Authentication 98

Spinone

DECEMBER 17, 2019

Ransomware is a sly, silent, and vicious criminal. It quietly makes its way past your security defenses into the heart of your data and keeps it hostage until you pay a ransom. But how do you get ransomware in the first place? This is what you, a potential ransomware victim, need to know to protect your data and your business in 2020. As cybersecurity experts, we want users to understand how ransomware infects a system and help you to protect your data from it.

Ransomware 83

Ransomware Passwords Encryption Phishing 83

WIRED Threat Level

DECEMBER 17, 2019

By exploiting flaws in popular video conferencing hardware from DTEN, attackers can monitor audio, capture slides—and take full control of devices.

Hacking 93

Hacking 93

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity