Krebs on Security
JANUARY 11, 2021
Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.
Schneier on Security
JANUARY 14, 2021
Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location. […].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JANUARY 15, 2021
A little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people and even entire platforms from the internet. These are significant events in history, regardless of your political persuasion, and they're likely to have a very long-lasting impact on the way we communicate online. It also raises some fascinating engineering challenges; could Parler have survived by building out their own physical infrastructure?
Joseph Steinberg
JANUARY 12, 2021
In the context of cybersecurity, threat intelligence refers to information about hostile actors and/or the threats that they pose; cyber-defenders who arm themselves with such information can often dramatically improve their chances of preventing a breach. Of course, the concept of knowing your enemy is not knew – Sun Tzu speaks about its importance in The Art of War , written almost 2,500 years ago.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
JANUARY 12, 2021
New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software p
Schneier on Security
JANUARY 11, 2021
If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes: User phone numbers.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
JANUARY 13, 2021
Today’s children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come. Related: Web apps are being used to radicalize youth. The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime.
Krebs on Security
JANUARY 13, 2021
Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.
Schneier on Security
JANUARY 15, 2021
We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” (PGPP) protects both user identity and user location using the existing cellular networks. It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers.
Tech Republic Security
JANUARY 11, 2021
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Adam Levin
JANUARY 13, 2021
The data breach of the Reserve Bank of New Zealand has been attributed to the compromise of a third party file sharing service. “A third party file sharing service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information, was illegally accessed,” the bank announced in a January 11 press release.
Adam Shostack
JANUARY 15, 2021
Rupin Gupta runs Digital Guru books. He’s one of the nicest people you’ll ever meet, a real joy to work with, and he works hard to put books on shelves so that you can discover them. With the conference business changing, Digital Guru needs some help. Borrowing some words from my editor Jim Minatel: “If you’ve ever bought a book at a technical conference bookstore – RSA, dozens of Microsoft events, and so on – chances are you’ve bought it from the Digita
Schneier on Security
JANUARY 13, 2021
Smart commentary : …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had the ones that look like bike racks that can hook together to try to keep the crowds away from sensitive areas and, later, push back people intent on accessing the grounds.
Tech Republic Security
JANUARY 15, 2021
Review your recent Gmail access, browser sign-in history, and Google account activity to make sure no one other than you has used your account.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CSO Magazine
JANUARY 15, 2021
Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. This comes after an active 2018. Uber’s poor handling of its 2016 breach cost it close to $150 million.
Adam Shostack
JANUARY 10, 2021
There’s a humble bundle out that includes my Threat Modeling: Designing for Security, The Shellcoders Handbook, Practical Reverse Engineering, The Art of Intrusion, Social Engineering, Crypto Engineering, a nearly complete set of Bruce Schneier, and more! And your donations benefit EFF! The deal is good through Monday morning at 11 Pacific. [link].
Schneier on Security
JANUARY 12, 2021
This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip , which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware and software that take measurements as the key is being used to authenticate on an existing account.
Tech Republic Security
JANUARY 13, 2021
Risk management is more than recovery from a cyberattack. Learn how risk management can help your company discover gaps in security, as well as how to handle the fallout from a cybersecurity event.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JANUARY 10, 2021
Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.
Quick Heal Antivirus
JANUARY 15, 2021
On January 8th, 2021, internet users woke up to an update to popular messaging service WhatsApp’s privacy policy. The post What does WhatsApp’s new privacy policy mean for you? appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Schneier on Security
JANUARY 14, 2021
This is a current list of where and when I am scheduled to speak: I’m speaking (online) as part of Western Washington University’s Internet Studies Lecture Series on January 20, 2021. I’m speaking at ITY Denmark on February 2, 2021. Details to come. I’m being interviewed by Keith Cronin as part of The Center for Innovation, Security, and New Technology’s CSINT Conversations series, February 10, 2021 from 11:00 AM – 11:30 AM CST.
Tech Republic Security
JANUARY 12, 2021
Whether you're trying to break into the role or you're already a cloud engineer, these programming languages are a must for maintaining an edge over the competition.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JANUARY 9, 2021
Dassault Falcon Jet has disclosed a data breach that exposed personal information belonging to current and former employees. In December Dassault, Dassault Falcon Jet (DFJ) was the victim of a cyber attack that may have exposed personal information belonging to current and former employees. The data security incident also exposed information belonging to employees’ spouses and dependents, states the notice of data breach sent by the US subsidiary of French aerospace company Dassault Aviati
Threatpost
JANUARY 13, 2021
Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.
Schneier on Security
JANUARY 15, 2021
For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. Note that I have had occasional problems with international shipping. The book just disappears somewhere in the process. At this price, international orders are at the buyer’s risk. Also, the USPS keeps reminding us that shipping — both US and international — may be delayed during the pandemic.
Tech Republic Security
JANUARY 14, 2021
Such attacks often occur when employees work remotely and use a mixture of personal and business devices to access cloud services.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
JANUARY 9, 2021
CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity and Infrastructure Security Agency (CISA) revealed that threat actors behind the SolarWinds supply chain attack also employed common hacker techniques to compromise the networks of the targeted organizations, including password guessing and password spraying. “Frequently, CISA has observed the APT actor gaining Initial Access [ TA0001 ] to victims’ ent
Jane Frankland
JANUARY 13, 2021
It’s been a challenging year with the global Covid-19 pandemic bringing both good and bad outcomes in business. Along with working from home, redundancies, furloughed workers, reduced hours, uncertainties around future employment, technology replacing jobs and business closures, we’ve seen much needed resets and innovations. And, as each new government rule has been put in place to keep us safe, physically isolated from one another and in lockdown, it’s moved more of us online – shopping, workin
CompTIA on Cybersecurity
JANUARY 12, 2021
Shoering Up Security, CompTIA’s cyber-focused YouTube series, sheds light on the latest cyber threats and trends, including how we could all do more of to protect customers. Read show host MJ Shoer’s highlights and takeaways from each episode.
Tech Republic Security
JANUARY 15, 2021
Virtual workforces face escalated threats due to their remote access from various networks. Learn how security information and event management tools can help in the battle.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
352 
Let's personalize your content