Sat.Nov 14, 2020 - Fri.Nov 20, 2020

article thumbnail

Inside the Cit0Day Breach Collection

Troy Hunt

It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data. The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn't really help people make informed decisions about their security posture.

Passwords 363
article thumbnail

Be Very Sparing in Allowing Site Notifications

Krebs on Security

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Antivirus 359
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

On Blockchain Voting

Schneier on Security

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze : Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesn’t solve any problems civil elections actually have. It’s basically incompatible with “software independence”, considered an essential property.

article thumbnail

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster. With this in mind, all eyes should be on Black Friday. According to Adobe Analytics’ recent holiday forecast , online sales are projected to surge 33% year over year to a record $189 billion as “Cyber-week turns to Cyber-months” amid the ongoing COVID-19 pandemic.

Scams 243
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Quantum computing: A cheat sheet

Tech Republic Security

IBM, Honeywell, and Intel are just three companies leading the way in building quantum machines as well as the algorithms and controls to run them. Learn about possible business use cases for quantum.

218
218
article thumbnail

Convicted SIM Swapper Gets 3 Years in Jail

Krebs on Security

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping , a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.

More Trending

article thumbnail

Japanese Gaming Company Capcom Confirms Ransomware Attack, Compromised User Data

Adam Levin

Capcom Co., Ltd., the Japanese video game company known for Street Fighter and Resident Evil, has confirmed the compromise of personally identifiable information (PII) associated with over 350,000 customers, business partners, and employees of the gaming giant. The data was exfiltrated in a ransomware attack. . In a press release, Capcom announced that it was successfully breached in “a customized ransomware attack following unauthorized access” and that “some personal information maintained by

article thumbnail

"123456" tops list of most common passwords for 2020

Tech Republic Security

People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.

Passwords 218
article thumbnail

Weekly Update 218

Troy Hunt

This week, I've finally got a workable mobile setup with sufficient quality audio and video. As I explain in the video, this is ultimately achieved by the Sigma lens feeding into the Sony DSLR then via micro HDMI to the Elgato Cam Link 4K into my laptop via USB which then wifis over to my boat shed access point connected via ethernet over power to the server room and into the network.

Mobile 215
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the (ISC)² Security Congress 2020 , November 16, 2020. I’ll be on a panel at the OECD Global Blockchain Policy Forum 2020 on November 17, 2020. The panel is called “Deep Dive: Digital Security and Distributed Ledger Technology: Myths and Reality.” I’m speaking on “ Securing a World of Physically Capable Computers ” as part of Cary Library’s Science & Economics Series on Novem

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

STEPS FORWARD: Math geniuses strive to make a pivotal advance — by obfuscating software code

The Last Watchdog

Most of time we take for granted the degree to which fundamental components of civilization are steeped in mathematics. Everything from science and engineering to poetry and music rely on numeric calculations. Albert Einstein once observed that “pure mathematics is, in its way, the poetry of logical ideas.” Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor.

Software 182
article thumbnail

How phishing attacks are exploiting Google's own tools and services

Tech Republic Security

Cybercriminals are taking advantage of Google's open and accessible online tools to skirt past the usual security filters, says Armorblox.

Phishing 214
article thumbnail

October Mumbai power outage may have been caused by a cyber attack

Security Affairs

Authorities in India believe that a major power outage that occurred in October in Mumbai may have been caused by hackers. On October 13, a major power outage occurred in the metropolitan area of Mumbai causing the partial disruption of the traffic management systems and the paralysis of the rail traffic and also impacted work at the stock exchange.

article thumbnail

The US Military Buys Commercial Location Data

Schneier on Security

Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women

WIRED Threat Level

A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored.

145
145
article thumbnail

4 ways to keep your company's and customers' data private and build trust

Tech Republic Security

Implementing appropriate data privacy is critical for company operations and success. Learn some of the challenges and solutions recommended to do the job right.

article thumbnail

We infiltrated an IRC botnet. Here’s what we found

Security Affairs

The CyberNews.com Investigation team carried out an infiltration operation against an IRC botnet and reported it to CERT Vietnam to help take it down. Original post @ [link]. In order to gather valuable information about the IRC botnet’s activity, we joined its Command and Control channel where we met the botmaster who was responsible for running the entire network of compromised systems.

DDOS 145
article thumbnail

CompTIA PenTest+ Is Now DoD Approved: Why It Matters

CompTIA on Cybersecurity

CompTIA PenTest+ is now approved by the U.S. Department of Defense (DoD) 8570 for three cybersecurity job categories.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

A Ransomware Gang Bought Facebook Ads to Troll Its Victim

WIRED Threat Level

Covid-19 research hacking, the Pentagon's Photoshop antics, and more of the week's top security news.

article thumbnail

Remote working: This new Microsoft VPN aims to make your mobile devices more secure

Tech Republic Security

Microsoft has delivered a managed VPN for mobile devices -- using a Linux container.

VPN 212
article thumbnail

Chilean-based retail giant Cencosud hit by Egregor Ransomware

Security Affairs

Chilean-based retail giant Cencosud has suffered a ransomware attack that impacted operations at its stores, Egregor ransomware appears to be involved. A ransomware attack, allegedly launched by the Egregor ransomware gang, hit the Chilean-based retail giant Cencosud, the incident impacted operations at its stores. Cencosud the largest retail company in Chile and the third largest listed retail company in Latin America, competing with the Brazilian Companhia Brasileira de Distribuição and the Me

Retail 145
article thumbnail

Cybersecurity Training for Beginners: How to Train for CompTIA Security+

CompTIA on Cybersecurity

Learn about the cybersecurity industry for beginners and how you can further your cybersecurity career with IT certifications like CompTIA Security+.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The OS Big Sur Launch Might Have Slowed Down Macs Everywhere

WIRED Threat Level

The issues affected users that didn't upgrade their software, and other Apple services, too.

Software 139
article thumbnail

Meet the hackers who earn millions for saving the web. How bug bounties are changing everything about security

Tech Republic Security

These hackers are finding security bugs--and getting paid for it. That's changing the dynamics of cybersecurity.

article thumbnail

REvil ransomware demands 500K ransom to Managed.com hosting provider

Security Affairs

Managed web hosting provider Managed.com was hit with REvil ransomware that forced it to take down their servers and web hosting systems. Managed web hosting provider Managed.com was hit by a REvil ransomware attack over the weekend that took their servers and web hosting systems offline. At the time of writing this post, Managed.com hosting systems continue to be unavailable.

article thumbnail

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

Threatpost

With more online shoppers this year due to COVID-19, cybercriminals are pulling the trigger on new scams ahead of Black Friday and Cyber Monday.

Scams 132
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

A Facebook Messenger Flaw Could Have Let Hackers Listen In

WIRED Threat Level

The vulnerability was found through the company's bug bounty program, now in its tenth year.

137
137
article thumbnail

Microsoft gives Linux a security boost with these new attack detection tools

Tech Republic Security

Linux endpoint detection and response will help Microsoft Defender customers secure Linux servers and networks against security nasties.

210
210
article thumbnail

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Security Affairs

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defense evasion and social engineering,” reads a message pub

Phishing 144
article thumbnail

Facebook Messenger Bug Allows Spying on Android Users

Threatpost

The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them.

Mobile 132
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!