Krebs on Security
OCTOBER 24, 2019
When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits , its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.
Schneier on Security
OCTOBER 23, 2019
There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN's network or for a variety of other sensitive purposes. The name of the third certificate suggested it could also have been used for many different sensitive purposes, including securing the server that was compromised in the bre
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 23, 2019
TechRepublic's Karen Roby talks with futurist Brian Solis about the trends shaping digital transformation.
Troy Hunt
OCTOBER 25, 2019
Ah, impending summer on the Gold Coast! It's that time of year when you can just start to sense those warm beach days and it's absolutely my favourite time of year here. Which means. it's time to head off to other events again. Fortunately it's all domestic this time as I head south to Sydney and Melbourne and maintaining my "no fly unless I absolutely have to" stance, it's long, open road drives, copious podcasts and lots of thinking time.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
OCTOBER 21, 2019
Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password. Based in the Czech Republic, Avast bills itself as the most popular antivirus vendor on the market, with over 435 million users.
Schneier on Security
OCTOBER 22, 2019
Coming out of the Privacy Commissioners' Conference in Albania , Public Voice is launching a petition for an international moratorium on using facial recognition software for mass surveillance. You can sign on as an individual or an organization. I did. You should as well. No, I don't think that countries will magically adopt this moratorium. But it's important for us all to register our dissent.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Levin
OCTOBER 21, 2019
Maintaining workplace safety can seem like a rare form of torture–videos and quizzes and talks and such. For most of us, it’s a necessary chore. But despite the looks among employees with each new H.R. training session, the work that happens in those conference rooms at least in theory translates to profits. The inoculation process of onboarding a new hire is profoundly important to the proper functioning of any organization.
Krebs on Security
OCTOBER 22, 2019
Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week. The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax.
Schneier on Security
OCTOBER 22, 2019
NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. From the conclusion: The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey respondents finds that present value of benefits from today's perspective is approximately $8.9 billion.
Tech Republic Security
OCTOBER 23, 2019
State-sponsored groups take advantage of the lack of effective mobile malware solutions to target mobile users, according to a new report from BlackBerry.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Adam Levin
OCTOBER 23, 2019
Virtual Private Network provider NordVPN announced that it was the target of a successful hack last year. In a statement released on its blog, NordVPN informed users that one of its servers had been compromised in March 2018. The announcement confirmed rumors about the service that had previously been circulating on Twitter. The company placed the blame on a third-party vendor.
Adam Shostack
OCTOBER 23, 2019
I’ve spoken for over a decade against “think like an attacker” and the trap of starting to threat model with a list of attackers. And for my threat modeling book, I cataloged every serious grouping of attackers that I was able to find. And as I was reading “ 12 Ingenious iOS Screen Time Hacks ,” I realized what they’re all missing: kids.
Schneier on Security
OCTOBER 24, 2019
This is really interesting : "A Data-Driven Reflection on 36 Years of Security and Privacy Research," by Aniqua Baset and Tamara Denning: Abstract : Meta-research research about research allows us, as a community, to examine trends in our research and make informed decisions regarding the course of our future research activities. Additionally, overviews of past research are particularly useful for researchers or conferences new to the field.
Tech Republic Security
OCTOBER 24, 2019
IoT and software defined networking (SDN) are key components to help the enterprise move forward in a digital society.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Adam Levin
OCTOBER 22, 2019
In the seventh episode of Third Certainty, Adam Levin explains the dangers of exposed personally identifiable information and shares some tips about how consumers can protect themselves. The post The DoorDash Data Breach – Third Certainty #7 appeared first on Adam Levin.
Security Affairs
OCTOBER 21, 2019
A joint UK and US investigation has revealed that the Russian cyber espionage group Turla carried out cyber attacks masqueraded as Iranian hackers. According to the Financial Times, a joint UK and US investigation revealed that Russia-linked cyberespionage group Turla conducted several cyber attacks in more than 35 countries masqueraded as Iranian hackers.
Schneier on Security
OCTOBER 21, 2019
Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired's Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China.
Tech Republic Security
OCTOBER 24, 2019
Connected devices are increasingly being targeted by hackers and cybercriminals. Deloitte shares five tips on how companies can better protect their IoT devices.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
OCTOBER 21, 2019
Most hackers know how to cover their tracks. But Russia’s elite groups are working at a whole other level.
Thales Cloud Protection & Licensing
OCTOBER 24, 2019
In the spirit of National Cyber Security Awareness Month (NCSAM), my colleague Ashvin Kamaraju wrote about how organizations can use fundamental controls to secure their information technology. Effective digital security doesn’t end at “Secure IT,” however. It’s equally important that organizations protect their IT assets against things like software vulnerabilities, unsecured Wi-Fi connections and unauthorized data exfiltration.
Security Affairs
OCTOBER 19, 2019
Over 600 million UC Browser and UC Browser Mini Android users have been exposed to man-in-the-middle (MiTM) attacks. More than 600 million users of the popular UC Browser and UC Browser Mini Android apps have been exposed to man-in-the-middle (MiTM) attacks by downloading an Android Package Kit (APK) from a third party server over unprotected channels.
Tech Republic Security
OCTOBER 25, 2019
October is Cybersecurity Awareness Month, and the Identity Theft Resource Center is providing tips to keep consumers and companies safe.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
OCTOBER 24, 2019
Scammers are targeting those hoping for #CashAppFriday "blessings.".
WIRED Threat Level
OCTOBER 20, 2019
Whether it's Facebook, Instagram, Twitter, or Snapchat, lock down who can see what you're up to.
Security Affairs
OCTOBER 19, 2019
A researcher discovered a critical Linux vulnerability, tracked as CVE-2019-17666 , that could be exploited to fully compromise vulnerable machines. Nico Waisman, principal security engineer at Github, discovered a critical Linux flaw, tracked as CVE-2019-17666 , that could be exploited by attackers to fully compromise vulnerable machines. Found this bug on Monday.
Tech Republic Security
OCTOBER 25, 2019
Avivah Litan, vice president and distinguished analyst for Gartner, explains how deepfake videos can be used to distort reality and how people can fight it through AI models and blockchain.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Dark Reading
OCTOBER 24, 2019
Symptoms of job dissatisfaction creep into an industry already plagued with gaps in diversity and work-life balance.
WIRED Threat Level
OCTOBER 19, 2019
A Samsung Galaxy 10 fingerprint goof, a Tor impostor, and more of the week's top security news.
Security Affairs
OCTOBER 23, 2019
A Texas man found guilty of hacking the Los Angeles Superior Court (LASC) computer system and used it to send out phishing emails. A Texas man, Oriyomi Sadiq Aloba (33), was found guilty of hacking the Los Angeles Superior Court (LASC) computer system and abusing it to send out roughly 2 million phishing messages. The phishing campaign aimed at obtaining the victims’ credit card numbers.
Tech Republic Security
OCTOBER 23, 2019
Princeton computer science professor Ed Felten says blockchain will enable smart contracts that provide trust to company systems in the future, but there are some myths and misconceptions.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
185 
Let's personalize your content