Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Scams 363

Scams Banking Accountability Financial Services 363

Troy Hunt

APRIL 30, 2020

I've written a bunch about COVID-19 contact tracing apps recently as they relate to security and privacy, albeit in the form of long tweets. I'm going to avoid delving into the details here because they're covered more comprehensively in the resources I want to consolidate below, firstly the original thread from a fortnight ago as news of an impending app in Australia was breaking: Ok folks, let's talk about the Coronavirus tracking app as news of Australia adopting Singapore's "Trac

Government 328

Government 328

Adam Levin

MAY 1, 2020

Cybercriminals are actively targeting Covid-19 hotspots with malware and phishing campaigns, according to a new report from Bitdefender. The report, “ Coronavirus-themed Threat Reports Haven’t Flattened the Curve ,” shows a direct correlation between confirmed Covid-19 cases and malware attacks exploiting the crisis. These findings confirm a similar report that showed a 30000% increase in Covid-19-themed attacks from January to March.

Scams 296

Scams Malware Phishing Threat Reports 296

Schneier on Security

MAY 1, 2020

I was quoted in BuzzFeed: "My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful?

Media 364

Media Internet Internet Government 364

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

APRIL 30, 2020

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services.

Cybercrime 316

Cybercrime Computers and Electronics Marketing Scams 316

Daniel Miessler

APRIL 29, 2020

If you want to have a productive discussion on a difficult topic, start by discarding the extremes. Very few want pure communism, pure market capitalism, zero taxes, or taxes to be doubled. If you start by accepting the solution will be a hybrid, you can often make progress, and it’s the same with this lockdown conversation. The lockdown sucks. Everyone knows that.

Risk 244

Risk Marketing Software Information Security 244

Schneier on Security

APRIL 30, 2020

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud.

Internet 359

Internet Internet Encryption Accountability 359

The Last Watchdog

APRIL 29, 2020

It can be argued that we live in a cloud-mobile business environment. Related: The ‘shared responsibility’ burden Most organizations are all caught up, to one degree or another, in migrating to hybrid cloud networks. And startups today typically launch with cloud-native IT infrastructure. Mobile comes into play everywhere. Employees, contractors, suppliers and customers consume and contribute from remote locations via their smartphones.

Mobile 193

Mobile CISO Risk Cloud Migration 193

Tech Republic Security

APRIL 29, 2020

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

Phishing 199

Phishing Malware 199

Daniel Miessler

APRIL 28, 2020

THIS WEEK’S TOPICS: Bay Area Lockdown Til May, The Swedish Approach, California Autopsies, Zoom Security Updates, Palantir Contacts, NSA Web Vulns, GreyNoise Services, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

APRIL 28, 2020

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find natural. For example, changing the sentence "The characters, cast in impossibly contrived situations, are totally estranged from reality" to "The characters, cast in impossibly engineered circumstances, are

Engineering 307

Engineering Software 307

The Last Watchdog

APRIL 28, 2020

As coronavirus-themed cyber attacks ramp up, consumers and companies must practice digital distancing to keep themselves protected. Related: Coronavirus scams leverage email As we get deeper into dealing with the coronavirus outbreak, the need for authorities and experts to communicate reliably and effectively with each other, as well as to the general public, is vital.

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174

Tech Republic Security

APRIL 28, 2020

Conscious of the state of employment during the pandemic, as well as after, Fortinet offers an opportunity to build skill sets from home.

Cybersecurity 218

Cybersecurity 218

Adam Levin

APRIL 29, 2020

For the last few years, cybersecurity experts have been sounding the alarm on something called e-skimming. In this kind of attack, hackers intercept payment card data and personal information from e-commerce sites by exploiting the architectural complexity of those e-commerce sites. . While there have been several major breaches that were the result of e-skimming, including Macy’s and British Airways, the bulk of these hacking campaigns have been attributed to an individual or a group of hackers

Banking 130

Banking Accountability Hacking Malware 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

APRIL 29, 2020

This is interesting : Facebook Inc. in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press. Lawyers for the ACLU and the Washington Post on Tuesday asked a San Francisco-based federal court of appeals to unseal the judge's decision, arguing the public has a right to know how the law is being applied, particularly in th

Encryption 306

Encryption Government Surveillance 306

The Last Watchdog

APRIL 30, 2020

DevOps wrought Uber and Netflix. In the very near future DevOps will help make driverless vehicles commonplace. Related: What’s driving ‘memory attacks’ Yet a funny thing has happened as DevOps – the philosophy of designing, prototyping, testing and delivering new software as fast as possible – has taken center stage. Software vulnerabilities have gone through the roof.

Software 133

Software Penetration Testing Financial Services Hacking 133

Tech Republic Security

APRIL 28, 2020

The attack accuses victims of possessing pornography, encrypts all files on the device, and then instructs them to pay a fine to unlock the data, according to Check Point Research.

Encryption 188

Encryption Ransomware 188

Security Affairs

APRIL 26, 2020

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22.

Firewall 145

Firewall Passwords Accountability Advertising 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

APRIL 27, 2020

Instacart is taking legal action against bots that automatically place orders: Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip amount, and whether they prefer the first available delivery slot or are more flexible.

Hacking 289

Hacking Mobile Passwords Technology 289

Threatpost

APRIL 27, 2020

Researchers discovered a.git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules.

Passwords 120

Passwords Data privacy 120

Tech Republic Security

APRIL 27, 2020

If an employee decides to pursue another job during the coronavirus pandemic, organizations must be prepared to keep proprietary data and company technology safe.

Technology 192

Technology 192

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Banco BCR has equity of $806,606,710 and assets of $7,607,483,881, it is one of the most solid banks in Central America.

Ransomware 145

Ransomware Banking Cyber Insurance Advertising 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

APRIL 29, 2020

Although the controversial option of voting by mobile app is one pressing consideration, cybersecurity experts agree that older issues need to be resolved before November 3.

Mobile 110

Mobile Cybersecurity 110

Threatpost

MAY 1, 2020

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.

Phishing 143

Phishing Mobile Hacking 143

Tech Republic Security

APRIL 30, 2020

Attackers used an account checker tool to identify Nintendo accounts with compromised and vulnerable login credentials, says SpyCloud.

Data breaches 199

Data breaches Accountability 199

Security Affairs

APRIL 27, 2020

The Israeli authorities are alerting organizations in the water industry following a series of cyberattacks that hit water facilities in the country. The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks that targeted the water facilities. Israel’s National Cyber Directorate announced to have received reports of cyber attacks aimed at supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stati

Energy and Utilities 145

Energy and Utilities Government Cyber Attacks Architecture 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

APRIL 30, 2020

Frictionless security, improved interfaces, and more usable design may improve the efficacy of security tools and features (and make life easier for users and infosec pros alike). So why has there been so much resistance?

InfoSec 105

InfoSec Cybersecurity 105

Threatpost

APRIL 29, 2020

Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks.

Accountability 128

Accountability Passwords Hacking 128

Tech Republic Security

APRIL 27, 2020

A recent bug discovered can allow your device to be compromised through Apple's default Mail application. Until a patch is released, follow these steps to protect yourself.

171

171

Security Affairs

MAY 1, 2020

COVID-19 disinformation and misinformation campaigns continue to proliferate around the world, with potentially harmful consequences for society. During a COVID-19 crisis, while most of the people have to maintain social distancing and work from home, threat cyber are attempting to conduct disinformation and misinformation campaigns. The main difference between misinformation and disinformation is that the latter is the sharing of specially crafted incorrect information to influence the sentimen

Media 144

Media Advertising Marketing Cybersecurity 144

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity