Troy Hunt

NOVEMBER 19, 2020

It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data. The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn't really help people make informed decisions about their security posture.

Passwords 363

Passwords Password Management Accountability Risk 363

Krebs on Security

NOVEMBER 17, 2020

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Antivirus 354

Antivirus Advertising Internet Internet 354

Schneier on Security

NOVEMBER 16, 2020

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze : Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesn’t solve any problems civil elections actually have. It’s basically incompatible with “software independence”, considered an essential property.

Computers and Electronics 338

Computers and Electronics Internet Internet Risk 338

Adam Levin

NOVEMBER 17, 2020

The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster. With this in mind, all eyes should be on Black Friday. According to Adobe Analytics’ recent holiday forecast , online sales are projected to surge 33% year over year to a record $189 billion as “Cyber-week turns to Cyber-months” amid the ongoing COVID-19 pandemic.

Scams 243

Scams Retail Banking Passwords 243

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

NOVEMBER 19, 2020

This week, I've finally got a workable mobile setup with sufficient quality audio and video. As I explain in the video, this is ultimately achieved by the Sigma lens feeding into the Sony DSLR then via micro HDMI to the Elgato Cam Link 4K into my laptop via USB which then wifis over to my boat shed access point connected via ethernet over power to the server room and into the network.

Mobile 203

Mobile Technology 203

Krebs on Security

NOVEMBER 20, 2020

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping , a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.

Cryptocurrency 265

Cryptocurrency Mobile Authentication Accountability 265

Adam Levin

NOVEMBER 19, 2020

Capcom Co., Ltd., the Japanese video game company known for Street Fighter and Resident Evil, has confirmed the compromise of personally identifiable information (PII) associated with over 350,000 customers, business partners, and employees of the gaming giant. The data was exfiltrated in a ransomware attack. . In a press release, Capcom announced that it was successfully breached in “a customized ransomware attack following unauthorized access” and that “some personal information maintained by

Ransomware 239

Ransomware Malware Data breaches Technology 239

Tech Republic Security

NOVEMBER 20, 2020

IBM, Honeywell, and Intel are just three companies leading the way in building quantum machines as well as the algorithms and controls to run them. Learn about possible business use cases for quantum.

218

218

The Last Watchdog

NOVEMBER 16, 2020

Most of time we take for granted the degree to which fundamental components of civilization are steeped in mathematics. Everything from science and engineering to poetry and music rely on numeric calculations. Albert Einstein once observed that “pure mathematics is, in its way, the poetry of logical ideas.” Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor.

Software 182

Software Computers and Electronics Encryption Energy and Utilities 182

Schneier on Security

NOVEMBER 14, 2020

This is a current list of where and when I am scheduled to speak: I’m speaking at the (ISC)² Security Congress 2020 , November 16, 2020. I’ll be on a panel at the OECD Global Blockchain Policy Forum 2020 on November 17, 2020. The panel is called “Deep Dive: Digital Security and Distributed Ledger Technology: Myths and Reality.” I’m speaking on “ Securing a World of Physically Capable Computers ” as part of Cary Library’s Science & Economics Series on Novem

Technology 317

Technology 317

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

NOVEMBER 20, 2020

California’s Employment Development Department (EDD) has sent out communications that contain the Social Security numbers of at least 38 million state residents since the beginning of the Covid-19 pandemic, according to a recent audit. . The EDD’s practice of mailing documents that include the full Social Security numbers of their intended recipients greatly elevates the risk of identity theft, according to California State Auditor Elaine Howle, who urged a halt to the practice in 2019.

Identity Theft 131

Identity Theft Scams Risk 131

Tech Republic Security

NOVEMBER 16, 2020

Implementing appropriate data privacy is critical for company operations and success. Learn some of the challenges and solutions recommended to do the job right.

Data privacy 213

Data privacy 213

Javvad Malik

NOVEMBER 19, 2020

For October’s National Cyber Security Awareness month, I put together a few videos and blogs. In my mind it formed a campaign, but for various reasons, the timings were a bit inconsistent and the different resources ended up on different places. So as a recap – I put everything from this year into this one blog post. Hey just because the month is over doesn’t mean we pack up and go home right. 5 Cyber Security Awareness Month Tips for Cybersecurity Professionals.

Security Awareness 130

Security Awareness Media Accountability Cybersecurity 130

Schneier on Security

NOVEMBER 19, 2020

Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide.

Government 283

Government Data collection 283

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Shostack

NOVEMBER 17, 2020

There’s a threat modeling manifesto being released today by a diverse set of experts and advocates for threat modeling. We consciously modeled it after the agile manifesto and it’s focused on values and principles. Also, there’s a podcast that gives you a chance to listen, behind-the-scenes at The Threat Modeling Manifesto – Part 1.

130

130

Tech Republic Security

NOVEMBER 18, 2020

This year was rough for all involved--even Linux and open source didn't come through unscathed. See what Jack Wallen considers to be the biggest issue for Linux in 2020.

199

199

Adam Levin

NOVEMBER 14, 2020

As Covid-19 rise across the country, public health officials are starting to ramp up contact tracing efforts. . Among other issues, tracking the spread of the disease has been stymied by widespread confusion and misinformation about what kind of data is being collected, and by whom. . Misconceptions about Covid-19 tracking have yielded fertile ground for scammers, who have used phone calls, text messages, and even malicious apps to collect sensitive personal information and spread malware. .

Scams 130

Scams Identity Theft Mobile Accountability 130

Security Affairs

NOVEMBER 19, 2020

The CyberNews.com Investigation team carried out an infiltration operation against an IRC botnet and reported it to CERT Vietnam to help take it down. Original post @ [link]. In order to gather valuable information about the IRC botnet’s activity, we joined its Command and Control channel where we met the botmaster who was responsible for running the entire network of compromised systems.

DDOS 145

DDOS IoT Malware Internet 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CompTIA on Cybersecurity

NOVEMBER 18, 2020

Learn about the cybersecurity industry for beginners and how you can further your cybersecurity career with IT certifications like CompTIA Security+.

Cybersecurity 137

Cybersecurity 137

Tech Republic Security

NOVEMBER 19, 2020

Cybercriminals are taking advantage of Google's open and accessible online tools to skirt past the usual security filters, says Armorblox.

Phishing 207

Phishing 207

Anton on Security

NOVEMBER 20, 2020

Sometimes great old blog posts are hard to find (especially on Medium ), so I decided to do a periodic (who am I kidding, occasional?—?not periodic ) list blog with my favorite posts of the past quarter or so. Here is my first. The posts below are ranked by lifetime views and topic. It covers both Anton on Security and my posts from Google Cloud blog.

Threat Detection 100

Threat Detection Encryption Government Cybersecurity 100

Security Affairs

NOVEMBER 20, 2020

Authorities in India believe that a major power outage that occurred in October in Mumbai may have been caused by hackers. On October 13, a major power outage occurred in the metropolitan area of Mumbai causing the partial disruption of the traffic management systems and the paralysis of the rail traffic and also impacted work at the stock exchange.

Cyber Attacks 145

Cyber Attacks Media DDOS Hacking 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

NOVEMBER 19, 2020

Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.

Hacking 131

Hacking IoT Software 131

Tech Republic Security

NOVEMBER 18, 2020

People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.

Passwords 218

Passwords 218

WIRED Threat Level

NOVEMBER 18, 2020

A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored.

132

132

Security Affairs

NOVEMBER 15, 2020

Chilean-based retail giant Cencosud has suffered a ransomware attack that impacted operations at its stores, Egregor ransomware appears to be involved. A ransomware attack, allegedly launched by the Egregor ransomware gang, hit the Chilean-based retail giant Cencosud, the incident impacted operations at its stores. Cencosud the largest retail company in Chile and the third largest listed retail company in Latin America, competing with the Brazilian Companhia Brasileira de Distribuição and the Me

Retail 145

Retail Ransomware Media Malware 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

NOVEMBER 16, 2020

Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.

Education 120

Education Mobile Information Security 120

Tech Republic Security

NOVEMBER 18, 2020

Intel, AMD and Qualcomm will use the Microsoft-designed Pluton security processor from Xbox One and Azure Sphere in future SoCs to deliver better protection than a TPM.

184

184

CompTIA on Cybersecurity

NOVEMBER 18, 2020

CompTIA PenTest+ is now approved by the U.S. Department of Defense (DoD) 8570 for three cybersecurity job categories.

Cybersecurity 140

Cybersecurity 140

Security Affairs

NOVEMBER 18, 2020

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defense evasion and social engineering,” reads a message pub

Phishing 143

Phishing Social Engineering Passwords Security Intelligence 143

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity