Sat.Nov 07, 2020 - Fri.Nov 13, 2020

article thumbnail

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook.

article thumbnail

2020 Was a Secure Election

Schneier on Security

Over at Lawfare: “ 2020 Is An Election Security Success Story (So Far).” What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a pandemic. Some of the primaries were disasters.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 217

Troy Hunt

This week's update had a load of questions so even whilst the planned content didn't consume a lot of time, audience engagement was great and I appreciate all the input. The big excitement for me was that Ubiquiti doorbell and whilst that might seem like a small thing, I'm absolutely loving it and the ability to answer it from anywhere whilst also integrating it into Home Assistant and triggering events like Sonos text to speech is really cool.

article thumbnail

Breached Mashable User Database Leaked Online

Adam Levin

The personal information of technology and culture website Mashable.com users has been discovered in a leaked database online. Mashable announced the leak late November 8, in an announcement on its website. “[W]e learned that a hacker known for targeting websites and apps had posted a copy of a Mashable database to the internet.The types of data in the database included first and last names, general location (such as city or country), email addresses, gender, date of registration, IP addresses,

Passwords 286
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Body Found in Canada Identified as Neo-Nazi Spam King

Krebs on Security

The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke , a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports. Homicide detectives said they originally thought the man found June 14, 2017 in a torched SUV on a logging road in Squamish, British Columbia was a local rock climber known to others in the area as a politically progressive vegan named

Banking 358
article thumbnail

“Privacy Nutrition Labels” in Apple’s App Store

Schneier on Security

Apple will start requiring standardized privacy labels for apps in its app store, starting in December: Apple allows data disclosure to be optional if all of the following conditions apply: if it’s not used for tracking, advertising or marketing; if it’s not shared with a data broker; if collection is infrequent, unrelated to the app’s primary function, and optional; and if the user chooses to provide the data in conjunction with clear disclosure, the user’s name or accou

More Trending

article thumbnail

4 phishing scams to watch out for during the holidays

Tech Republic Security

Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them.

Scams 218
article thumbnail

Patch Tuesday, November 2020 Edition

Krebs on Security

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.

Software 316
article thumbnail

New Zealand Election Fraud

Schneier on Security

It seems that this election season has not gone without fraud. In New Zealand, a vote for “Bird of the Year” has been marred by fraudulent votes : More than 1,500 fraudulent votes were cast in the early hours of Monday in the country’s annual bird election, briefly pushing the Little-Spotted Kiwi to the top of the leaderboard, organizers and environmental organization Forest & Bird announced Tuesday.

351
351
article thumbnail

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Related: CEOs quit Tweeting to protect their companies A confluence of technical and social developments points to username-and-password logons becoming obsolete over the next few years.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

STEM and cybersecurity training are critical for the future

Tech Republic Security

Training people to fill cybersecurity jobs is important, but teaching everyone safe practices is also essential.

article thumbnail

The Scammer Who Wanted to Save His Country

WIRED Threat Level

Last fall, a hacker gave Glenn Greenwald a trove of damning messages between Brazil’s leaders. Some suspected the Russians. The truth was far less boring.

Hacking 145
article thumbnail

Inrupt’s Solid Announcement

Schneier on Security

Earlier this year, I announced that I had joined Inrupt , the company commercializing Tim Berners-Lee’s Solid specification : The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things — your computer, your phone, your IoT whatever — is written to your pod.

Insurance 338
article thumbnail

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike

Security Affairs

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and businesses in using videoconferencing solutions, and threat actors are attempting to exploit this scenario.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to combat the latest and most aggressive botnets and malware

Tech Republic Security

Launching more sophisticated botnets, malware, and other threats, cybercriminals are getting more ruthless, says Nuspire.

Malware 212
article thumbnail

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Threatpost

A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with identity theft, scams, credit-card fraud and vacation-stealing.

article thumbnail

The Security Failures of Online Exam Proctoring

Schneier on Security

Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but they’re uniformly mediocre : The remote proctoring industry offers a range of services, from basic video links that allow another human to observe students as they take exams to algorithmic tools that use

article thumbnail

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

Security Affairs

The Taiwanese electronics manufacture Compal suffered a ransomware attack over the weekend, media blames the DoppelPaymer ransomware gang. Compal Electronics is a Taiwanese original design manufacturer (ODM), handling the production of notebook computers, monitors, tablets and televisions for a variety of clients around the world, including Apple Inc., Acer, Lenovo, Dell, Toshiba, Hewlett-Packard and Fujitsu.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Top 5 things to do with old gadgets

Tech Republic Security

If you're wondering what to do with devices you don't use anymore, Tom Merritt offers five suggestions for how to deal with them.

213
213
article thumbnail

The NEW CompTIA Security+: Your Questions Answered

CompTIA on Cybersecurity

CompTIA Security+ got a big upgrade to reflect the changes in cybersecurity. If you're pursuing a career in cybersecurity, we have answers to some of the biggest questions about the new CompTIA Security+.

article thumbnail

9 New Tactics to Spread Security Awareness

Dark Reading

Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.

article thumbnail

The alleged decompiled source code of Cobalt Strike toolkit leaked online

Security Affairs

The alleged decompiled source code for the Cobalt Strike post-exploitation toolkit has been leaked online in a GitHub repository. The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Source Bleeping Computer. Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons,” on compromised devices to remotely create shells, ex

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

DDoS attacks: How to combat the latest tactics

Tech Republic Security

With DDoS-as-a-Service, criminals with a little know-how can launch denial of service attacks for just a few dollars, says Digital Shadows.

DDOS 202
article thumbnail

Microsoft Teams Users Under Attack in ‘FakeUpdates’ Malware Campaign

Threatpost

Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.

Malware 132
article thumbnail

The iOS Covid App Ecosystem Has Become a Privacy Minefield

WIRED Threat Level

An analysis of nearly 500 Covid-related apps worldwide shows major differences in how much data they expect you to give up.

130
130
article thumbnail

E-commerce platform X-Cart hit by a ransomware attack

Security Affairs

The e-commerce software platform X-Cart suffered a ransomware attack at the end of October, e-stores hosted by the company went down. At the end of October, the e-commerce software platform X-Cart suffered a ransomware attack, the infection brought down customers’ e-stores hosted by the company on its platform. The software and services company X-Cart was recently acquired by Seller Labs, the premier software and services provider for Amazon sellers and brands.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

6 training trends to watch that "will define the workplace in 2021"

Tech Republic Security

With the shift to remote work amid the coronavirus pandemic, online learning related to mindfulness, cybersecurity, and hybrid tech capabilities surged, Udemy found.

article thumbnail

The Predictions Dilemma

Javvad Malik

The last quarter of the year is also known as predictions season. It’s the time where those who consider themselves to be wise and enlightened rub their chin thoughtfully and spout the wisdom of what the future holds. I should know, in my days as an industry analyst I was often called upon as a digital Nostradamus. But predictions are no easy feat, and there is a dilemma associated with it… which I call the Predictions Dilemma (contact me for all your branding and marketing needs).

Marketing 130
article thumbnail

Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers

Threatpost

Retail bots are helping scalpers scoop up PS5, Xbox Series X inventory and charge massive markups.

Retail 129
article thumbnail

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

Many popular OS and applications have been hacked during this year’s edition of the Tianfu Cup hacking competition. This year’s edition of the Tianfu Cup hacking competition was very prolific, bug bounty hackers have discovered multiple vulnerabilities in multiple software and applications. The Tianfu Cup is the most important hacking contest held in China, the total bonus of the contest this year was up to 1 million US dollars.

Hacking 144
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!