Sat.Jul 04, 2020 - Fri.Jul 10, 2020

article thumbnail

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States.

article thumbnail

A Decade of Microsoft Most Valuable Professional

Troy Hunt

Last week, I received my 10th Microsoft Most Valuable Professional award. Being recognised as an MVP was a pivotal moment in my career and to continue receiving the award all these years later is an honour. Particularly given recent events that have made it exceptionally difficult to sustain community contributions , the recognition is particularly significant this year.

Media 291
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Russian Hackers Targeting Remote Workers

Adam Levin

A Russia-based hacking group is exploiting the current Covid-19 pandemic to target and compromise U.S. companies with multiple strains of malware, according to a new report. Cybersecurity firm Symantec released a warning that the Russian hacking group “Evil Corp” has been behind a widespread hacking campaign against over thirty U.S. organizations, including eight Fortune 500 companies.

article thumbnail

Traffic Analysis of Home Security Cameras

Schneier on Security

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread.

229
229
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

US Secret Service warns about increased cyberattacks against MSPs

Tech Republic Security

The US Secret Service has warned organizations about a rise in hacks of MSPs and offers advice on how to beef up security.

Hacking 214
article thumbnail

Weekly Update 199

Troy Hunt

Wow! Loving that 4K camera ?? Or perhaps more specifically, just loving that camera and lens and I reckon it'll still be awesome in 1080p. But this week, I decided to go all out in super hi-def just to see how it looked. The captured video was 13.1GB but rendered down at 2.3GB out of Premiere so it's obviously applied some compression, but still looks amazing IMHO.

More Trending

article thumbnail

Half a Million IoT Passwords Leaked

Schneier on Security

It is amazing that this sort of thing can still happen: the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long way to go to secure the IoT.

IoT 219
article thumbnail

Phishing attack spoofs Twitter to steal account credentials

Tech Republic Security

A new phishing campaign spotted by Abnormal Security attempts to trick people with a phony Twitter security notification.

Phishing 213
article thumbnail

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the UMX U686CL phone was sold with pre-installed malware as part of the government-funded Lifeline Assistance program by Vi

Malware 145
article thumbnail

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

WIRED Threat Level

For companies that haven't patched their BIG-IP products, it may already be too late.

Hacking 142
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

China Closing Its Squid Spawning Grounds

Schneier on Security

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's management of distant-water fishing (DWF), and crucial for protecting the squid fishing industry.

215
215
article thumbnail

How much malware tools sell for on the Dark Web

Tech Republic Security

A low-quality batch of malicious tools can sell for as low as $70, while a premium set can go as high as $6,000, according to the security research site Privacy Affairs.

Malware 208
article thumbnail

Google Tsunami vulnerability scanner is now open-source

Security Affairs

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data.

article thumbnail

Encryption-Busting EARN IT Act Advances in Senate

WIRED Threat Level

Plus: A massive crime bust in Europe, a warning from US Cyber Command, and more of the week's top security news.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

IoT Security Principles

Schneier on Security

The BSA -- also known as the Software Alliance, formerly the Business Software Alliance -- is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things.". They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and international policies.

IoT 214
article thumbnail

How expired domain names can redirect you to malicious websites

Tech Republic Security

Pages for inactive domain names can be exploited by cybercriminals to take you to malicious sites, says Kaspersky.

206
206
article thumbnail

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

Security Affairs

Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability. Unfortunately, threat actors in the wild were already using the bypass technique before its public disclosure.

article thumbnail

As Offices Reopen, Hardware from Home Threatens Security

Dark Reading

Devices out of sight for the past several months could spell trouble when employees bring them back to work.

136
136
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

ThiefQuest Ransomware for the Mac

Schneier on Security

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It's a good reminder to get your software from trustworthy sources, like developers whose code is "signed" by Apple to prove its legitimacy, or from Apple's App Store itself.

article thumbnail

Microsoft warns organizations of consent phishing attacks

Tech Republic Security

In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.

Phishing 201
article thumbnail

CISA warns organizations of cyberattacks from the Tor network

Security Affairs

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about cyberattacks from the Tor network. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) is warning enterprises of cyberattacks launched from the Tor network. Threat actors leverage the Tor network to hide the real source of their attacks and avoid that their C2 infrastructure could be identified and shut down by.

Risk 145
article thumbnail

Report: Most Popular Home Routers Have ‘Critical’ Flaws

Threatpost

Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.

Wireless 134
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

EFF's 30th Anniversary Livestream

Schneier on Security

It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more. Stop by. And thank you for supporting EFF.

208
208
article thumbnail

5 NSA-recommended strategies for improving your VPN security

Tech Republic Security

The US National Security Agency has noticed a surge in cyberattacks targeting VPNs since the COVID-19 pandemic has forced more people to work from home.

VPN 201
article thumbnail

15 billion credentials available in the cybercrime marketplaces

Security Affairs

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows r evealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites.

article thumbnail

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

There is no overestimating the value of your company’s domain name. Whether you work for a big brand or run a mom-and-pop dot-com, the goal is easy navigation to your site. A prospective client or customer types your company name and their browser does the rest. What would happen if you typed in “Amazon,” the corresponding domain popped up, and you clicked, but instead of finding the world’s largest online retailer, you landed on a 1980s WarGames-themed page with a lau

Hacking 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Business Email Compromise (BEC) Criminal Ring

Schneier on Security

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and acquisitions; the group typically requests hundreds of thousands or even millions of dollars as part of its hus

Scams 196
article thumbnail

Joker billing fraud malware eluded Google Play security to infect Android devices

Tech Republic Security

A new variant targeted Android users to subscribe them to premium services without their consent, according to Check Point Research.

Malware 197
article thumbnail

Hackers are scanning the web for vulnerable Citrix systems

Security Affairs

Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch XSS attacks.

article thumbnail

Unsupervised Learning: No. 236

Daniel Miessler

THIS WEEK’S TOPICS: Encrochat breach, F5 Big Problem, DHS Social Election Query, WastedLocker, India Bans Chinese Apps, Florida DNA Privacy, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!