Schneier on Security

DECEMBER 10, 2020

The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the patients : Neither the company nor Finnish investigators have released many details about the nature of the breach, but reports say the attackers initially sought a payment of about 450,000 euros to protect about 40,000 patient records.

Data breaches 359

Data breaches Healthcare Cybercrime Cybersecurity 359

Krebs on Security

DECEMBER 10, 2020

Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.

Ransomware 355

Ransomware Financial Services Cyber threats Banking 355

Troy Hunt

DECEMBER 11, 2020

Well this is different; a weekly update bereft of neon studio lighting and instead done from the great outdoors, complete with all sorts of animal noises and a (probably) drunk green tree frog. I picked one of my favourite travelling companions to join me this week, a little guy I last did one of these with in a very different environment back in Oslo earlier this year.

Data breaches 308

Data breaches Passwords Accountability 308

Daniel Miessler

DECEMBER 9, 2020

I am often asked for my thoughts on the Bug Bounty / RECON / Asset Inventory / Attack Surface Management spaces. This is partially because I founded a company, called HELIOS, back in 2016, which I separated from at the end of 2018. And although I am no longer actively involved in the space I still follow it from a distance. Here’s how I understand the space and where it’s going.

Marketing 250

Marketing Internet Internet Information Security 250

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

DECEMBER 8, 2020

This new protocol , called Oblivious DNS-over-HTTPS (ODoH), hides the websites you visit from your ISP. Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.

DNS 342

DNS Encryption Internet Internet 342

Krebs on Security

DECEMBER 8, 2020

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

DNS 312

DNS Backups Malware Software 312

The Last Watchdog

DECEMBER 8, 2020

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. We began the new millennium with on-premises data centers supporting servers and desktops that a technician in sneakers could service. Connectivity was relatively uncomplicated.

Firewall 213

Firewall Digital transformation Internet Internet 213

Schneier on Security

DECEMBER 9, 2020

FireEye was hacked by — they believe — “a nation with top-tier offensive capabilities”: During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers.

Hacking 340

Hacking Government Cyber threats Malware 340

Adam Levin

DECEMBER 9, 2020

FireEye is a global leader in cybersecurity. The company disclosed this week that a data breach had occurred, announcing that “a highly sophisticated threat actor” compromised their systems and stole tools the company used to simulate cyberattacks and data breaches. . Here’s what you need to know: The threat actors responsible have yet to be identified.

Data breaches 190

Data breaches Hacking Government Software 190

Tech Republic Security

DECEMBER 9, 2020

A survey of nearly 1,200 FOSS contributors found security to be low on developers' list of priorities.

218

218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Shostack

DECEMBER 7, 2020

A few weeks back, I mentioned the Distinguished Lecture I gave at Ruhr University Bochum. I’m happy to say that the video is now online, and I also want to share the references.

Cybersecurity 147

Cybersecurity 147

Schneier on Security

DECEMBER 11, 2020

The Aspen Institute’s Aspen Cybersecurity Group — I’m a member — has released its cybersecurity policy agenda for the next four years. The next administration and Congress cannot simultaneously address the wide array of cybersecurity risks confronting modern society. Policymakers in the White House, federal agencies, and Congress should zero in on the most important and solvable problems.

Cybersecurity 332

Cybersecurity Education Risk 332

WIRED Threat Level

DECEMBER 9, 2020

Imperial troops have finally figured out how to do more than charge straight ahead.

145

145

Tech Republic Security

DECEMBER 10, 2020

From Apple to Google to Toyota, companies across the world are pouring resources into developing AI systems with machine learning. This comprehensive guide explains what machine learning really means.

218

218

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

DECEMBER 8, 2020

The OpenSSL Project disclosed a serious security vulnerability in TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The OpenSSL Project warned of a ‘high-severity’ security vulnerability in the TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The flaw is a null pointer dereference, successful exploitation could trigger denial-of-service conditions.

Hacking 145

Hacking Information Security Malware 145

Schneier on Security

DECEMBER 7, 2020

Clever tactic : This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming (also known as Magecart) attacks. The payment skimmer malware pulls its sleight of hand trick with the help of a double payload structure where the source code of the skimmer script that steals customers’ credit cards will be concealed in a social sharing icon loaded as an HTML ‘svg’ element with a ‘path&

Media 299

Media Malware Social Engineering Engineering 299

WIRED Threat Level

DECEMBER 7, 2020

Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.

IoT 144

IoT 144

Tech Republic Security

DECEMBER 10, 2020

These phishing emails promise compensation, test results, and other lures about the coronavirus to trick unsuspecting users, says Armorblox.

Phishing 217

Phishing 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

DECEMBER 9, 2020

Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities. Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code issues. The flaws impact multiple products including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.

Hacking 145

Hacking Information Security Malware 145

Threatpost

DECEMBER 11, 2020

Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.

Accountability 139

Accountability Phishing Malware Hacking 139

WIRED Threat Level

DECEMBER 8, 2020

The platform has gotten better about stamping out extremist content. But researchers say its policies and algorithms are still too opaque.

142

142

Tech Republic Security

DECEMBER 9, 2020

A new global report on phishing attempts shows how the workforce has responded to security threats since COVID-19, and the new vulnerabilities that have resulted from the remote work landscape.

Phishing 214

Phishing 214

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

DECEMBER 10, 2020

Microsoft warns of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings. Microsoft warned of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings and inject ads into search results pages. Users are redirected to fraudulent domains where they are tricked into installing tainted software.

Malware 145

Malware Advertising Media Engineering 145

CompTIA on Cybersecurity

DECEMBER 11, 2020

These career-focused trends will guide you as you add business skills to technical skills in order to build your IT career.

138

138

WIRED Threat Level

DECEMBER 5, 2020

Plus: Better Twitter two-factor, a Spotify hack, and more of the week’s top security news.

Hacking 141

Hacking 141

Tech Republic Security

DECEMBER 8, 2020

Business leaders are spending close to a quarter of their budget on 5G security and will increase that spend in the next 12–18 months, according to a new report.

213

213

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

DECEMBER 6, 2020

While the United Kingdom announced the distribution of the COVID-19 vaccine to the population drug dealers is selling ‘Pfizer COVID Vaccines.’. The UK became the first Western country to authorize a Covid-19 vaccine. The UK government announced the distribution of the Pfizer/BioNTech vaccine that has been granted emergency authorization by British regulators.

Scams 145

Scams Government Advertising Hacking 145

Threatpost

DECEMBER 7, 2020

China joins Google in claiming quantum supremacy with new technology, ratcheting up RSA decryption concerns.

Technology 136

Technology Cybersecurity 136

WIRED Threat Level

DECEMBER 7, 2020

A vulnerability in VMWare has prompted a warning that companies—and government agencies—need to patch as soon as possible.

Government 140

Government 140

Tech Republic Security

DECEMBER 7, 2020

Using SMS as an additional means to authenticate your password is better than nothing, but it's not the most reliable. Tom Merritt lists five reasons why SMS should not be used for MFA.

Authentication 213

Authentication Passwords 213

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity