Krebs on Security

SEPTEMBER 8, 2020

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web br

Software 286

Software Backups Authentication Internet 286

Troy Hunt

SEPTEMBER 11, 2020

The highlight of my week was absolutely getting the Shelly 1 units behind a couple of my light switches working as I'd always dreamed. It just opens up so many automation possibilities that I'm really excited about what I might do in the future with them now. When I get the place to a standard I'm happy with, I'll definitely do a good walkthrough and show how it all works.

InfoSec 237

InfoSec 237

Tech Republic Security

SEPTEMBER 10, 2020

Sophisticated hackers and crooks are developing more tools to target Linux-based systems used by government and big business.

Government 217

Government 217

Schneier on Security

SEPTEMBER 5, 2020

I'm switching my website software from Movable Type to Wordpress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. (This is to prevent any new comments from disappearing in the move.). This is not a site redesign, so you shouldn't notice many differences.

Software 210

Software 210

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Adam Levin

SEPTEMBER 8, 2020

The city of Hartford, Connecticut’s capital, was hit by a ransomware attack that disrupted many of its critical systems and caused the city’s first day of school to be postponed. “We are often the subject of cyberattacks,” said Hartford mayor Luke Bronin. This was, however, the most extensive and significant attack that the city has been subject to in the last five years.” .

Ransomware 154

Ransomware Cybersecurity Technology Education 154

Security Affairs

SEPTEMBER 11, 2020

Boffins devised a new timing attack, dubbed Raccoon that could be exploited by threat actors to decrypt TLS-protected communications. Security researchers from universities in Germany and Israel have disclosed the details of a new timing attack, dubbed Raccoon, that could allow malicious actors to decrypt TLS-protected communications. The timing vulnerability resides in the Transport Layer Security (TLS) protocol and hackers could exploit it to access sensitive data in transit.

Encryption 145

Encryption Advertising Architecture Hacking 145

Schneier on Security

SEPTEMBER 8, 2020

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: We're in the process of moving this blog to Wordpress. Comments will be disabled until the move it complete. The management thanks you for your cooperation and support.

209

209

WIRED Threat Level

SEPTEMBER 7, 2020

The argument hinges in part on psychiatrists' testimony that Assange is a high suicide risk.

Risk 145

Risk 145

Security Affairs

SEPTEMBER 9, 2020

K-Electric, the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services. K-Electric, the electricity provider for Karachi (Pakistan) is another victim of the Netwalker ransomware gang, the infection disrupted billing and online services. K-Electric (KE) (formerly known as Karachi Electric Supply Company / Karachi Electric Supply Corporation Limited) is a Pakistani investor-owned utility managing all three key stage

Ransomware 145

Ransomware Energy and Utilities VPN Advertising 145

Tech Republic Security

SEPTEMBER 7, 2020

Almost anything with an internet connection can be hijacked and used in a malicious botnet attack--IoT devices are especially popular targets. Learn how to spot and prevent this malware threat.

IoT 200

IoT Internet Internet Malware 200

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

SEPTEMBER 10, 2020

Ross Anderson’s fantastic textbook, Security Engineering , will have a third edition. The book won’t be published until December, but Ross has been making drafts of the chapters available online as he finishes them. Now that the book is completed, I expect the publisher to make him take the drafts off the Internet. I personally find both the electronic and paper versions to be incredibly useful.

Engineering 208

Engineering Internet Internet 208

WIRED Threat Level

SEPTEMBER 5, 2020

Plus: Predictive policing taken even farther, Amazon surveillance of private Facebook groups, and more of the week’s top security news.

Surveillance 144

Surveillance DDOS 144

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment.

Malware 145

Malware Encryption Advertising Passwords 145

Tech Republic Security

SEPTEMBER 11, 2020

If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.

Cybersecurity 198

Cybersecurity Hacking 198

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

SEPTEMBER 7, 2020

With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. Find out more on the latest episode of Third Certainty with Adam Levin. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.

Cyber Insurance 130

Cyber Insurance Insurance Data breaches Cybersecurity 130

WIRED Threat Level

SEPTEMBER 11, 2020

Google Maps is arguably the easiest mapping service to use, but that doesn't mean it's the most secure.

143

143

Security Affairs

SEPTEMBER 8, 2020

UK research university Newcastle University suffered a DoppelPaymer ransomware attack and took its systems offline in response to the attack. UK research university Newcastle University was infected with the DoppelPaymer ransomware, in response to the incident it was forced to take systems offline on the morning of August 30th. The Newcastle University did not provide info about the family of ransomware behind the attack, but the DoppelPaymer ransomware operators are claiming to be responsible.

Ransomware 145

Ransomware Advertising Data breaches Accountability 145

Tech Republic Security

SEPTEMBER 8, 2020

Small and midsized businesses cited budget constraints as their biggest security obstacle, according to Untangle.

Cybersecurity 198

Cybersecurity 198

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Shostack

SEPTEMBER 10, 2020

There’s been a lot of talk over the last week about “updating threat models” in light of the Tesla insider story. ( For example.) I’m getting this question a fair bit, and so wanted to talk about insiders in particular, and how to use the news in threat modeling more generally. This also is a great opportunity to think about incentives.

Engineering 130

Engineering Phishing Accountability Malware 130

WIRED Threat Level

SEPTEMBER 10, 2020

Five out of six brands tested by researchers would have allowed hackers to track kids—and in some cases eavesdrop on them.

Hacking 141

Hacking 141

Security Affairs

SEPTEMBER 5, 2020

FBI issued a second flash alert about ProLock ransomware stealing data, four months after the first advisory published by the feds on the same threat. The FBI has issued the 20200901-001 Private Industry Notification about ProLock ransomware stealing data on September 1st. The fresh alert is the second one related to this threat, the first one (MI-000125-MW Flash Alert) was published on May 4th, 2020.

Ransomware 145

Ransomware Advertising Malware Backups 145

Tech Republic Security

SEPTEMBER 9, 2020

TechRepublic writer Erik Eckel gives tips on how to make sure your data is safe if you're working from home.

197

197

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

SEPTEMBER 10, 2020

A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.

Phishing 126

Phishing 126

WIRED Threat Level

SEPTEMBER 10, 2020

Microsoft says the GRU hacking group has attacked hundreds of organizations over the past year, many of them tied to the upcoming election.

Hacking 133

Hacking 133

Security Affairs

SEPTEMBER 5, 2020

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are displayed on top of legitimate webpages to trick victims into providing their credentials. “Message quarantine phish are back, this time with a

Social Engineering 145

Social Engineering Phishing Engineering Advertising 145

Tech Republic Security

SEPTEMBER 10, 2020

Demands are sharply higher, and the complexity and costs of addressing an attack are increasing, according to cyber insurance provider Coalition.

Cyber Insurance 190

Cyber Insurance Insurance Ransomware 190

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

SEPTEMBER 10, 2020

Cyberattacks have caused several school systems to delay students' first day back - and experts warn that new COVID-related delays could be the new "snow days.".

Ransomware 126

Ransomware Phishing Education Government 126

WIRED Threat Level

SEPTEMBER 7, 2020

The Facebook-owned company has end-to-end encryption by default—but that doesn't mean the service’s settings are as private as they could be.

Encryption 120

Encryption 120

Security Affairs

SEPTEMBER 10, 2020

Slovak cryptocurrency exchange ETERBASE disclosed a security breach, hackers stole cryptocurrency funds worth $5.4 million. Slovak cryptocurrency exchange ETERBASE disclosed a security breach, the hackers stole Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets worth $5.4 million. The company disclosed the hack on Thursday, threat actors have stolen various cryptocurrencies from its hot wallets, it also suspended all the transactions until September 10. “Dear users, as we have informed o

Cryptocurrency 145

Cryptocurrency Data breaches Advertising Hacking 145

Tech Republic Security

SEPTEMBER 11, 2020

Hacker groups are ramping up activity as the US heads into the peak of election season. The latest attacks at times bear hallmarks similar to those seen in 2016.

187

187

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity