Krebs on Security

SEPTEMBER 8, 2020

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web br

Software 271

Software Backups Authentication Internet 271

Troy Hunt

SEPTEMBER 11, 2020

The highlight of my week was absolutely getting the Shelly 1 units behind a couple of my light switches working as I'd always dreamed. It just opens up so many automation possibilities that I'm really excited about what I might do in the future with them now. When I get the place to a standard I'm happy with, I'll definitely do a good walkthrough and show how it all works.

InfoSec 215

InfoSec 215

Schneier on Security

SEPTEMBER 8, 2020

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: We're in the process of moving this blog to Wordpress. Comments will be disabled until the move it complete. The management thanks you for your cooperation and support.

267

267

Tech Republic Security

SEPTEMBER 11, 2020

If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.

Cybersecurity 188

Cybersecurity Hacking 188

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Levin

SEPTEMBER 8, 2020

The city of Hartford, Connecticut’s capital, was hit by a ransomware attack that disrupted many of its critical systems and caused the city’s first day of school to be postponed. “We are often the subject of cyberattacks,” said Hartford mayor Luke Bronin. This was, however, the most extensive and significant attack that the city has been subject to in the last five years.” .

Ransomware 154

Ransomware Cybersecurity Technology Education 154

Adam Shostack

SEPTEMBER 10, 2020

There’s been a lot of talk over the last week about “updating threat models” in light of the Tesla insider story. ( For example.) I’m getting this question a fair bit, and so wanted to talk about insiders in particular, and how to use the news in threat modeling more generally. This also is a great opportunity to think about incentives.

Engineering 130

Engineering Phishing Accountability Malware 130

Tech Republic Security

SEPTEMBER 7, 2020

Almost anything with an internet connection can be hijacked and used in a malicious botnet attack--IoT devices are especially popular targets. Learn how to spot and prevent this malware threat.

IoT 188

IoT Internet Internet Malware 188

Adam Levin

SEPTEMBER 7, 2020

With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. Find out more on the latest episode of Third Certainty with Adam Levin. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.

Cyber Insurance 130

Cyber Insurance Insurance Data breaches Cybersecurity 130

Security Affairs

SEPTEMBER 11, 2020

Boffins devised a new timing attack, dubbed Raccoon that could be exploited by threat actors to decrypt TLS-protected communications. Security researchers from universities in Germany and Israel have disclosed the details of a new timing attack, dubbed Raccoon, that could allow malicious actors to decrypt TLS-protected communications. The timing vulnerability resides in the Transport Layer Security (TLS) protocol and hackers could exploit it to access sensitive data in transit.

Encryption 145

Encryption Advertising Architecture Hacking 145

Schneier on Security

SEPTEMBER 5, 2020

I'm switching my website software from Movable Type to Wordpress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. (This is to prevent any new comments from disappearing in the move.). This is not a site redesign, so you shouldn't notice many differences.

Software 267

Software 267

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

SEPTEMBER 10, 2020

Sophisticated hackers and crooks are developing more tools to target Linux-based systems used by government and big business.

Government 215

Government 215

Adam Shostack

SEPTEMBER 7, 2020

Phil Venables is one of the more reflective and thoughtful CSOs out there, and in this era where everything is a tweet or a linkedin post (sigh) you may have missed that Phil has a blog. This Labor day, why not take the time to catch up on his writing?

100

100

Security Affairs

SEPTEMBER 6, 2020

Visa issued a warning regarding a new credit card JavaScript skimmer, tracked as Baka, that implements new features to evade detection. Visa issued a warning regarding a new e-skimmer known as Baka that removes itself from memory after having exfiltrating payment card details. The e-skimmer was first spotted by experts with Visa’s Payment Fraud Disruption (PFD) initiative in February 2020 while analyzing a command and control (C2) server employed in another campaign and that hosted an Imag

eCommerce 143

eCommerce Malware Encryption Advertising 143

Threatpost

SEPTEMBER 7, 2020

As IT systems, IoT and operational technology converge, attacks on cyber-physical systems in industrial, healthcare and other scenarios will come with dire consequences, Gartner predicts.

Healthcare 123

Healthcare IoT Technology Hacking 123

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 11, 2020

Hacker groups are ramping up activity as the US heads into the peak of election season. The latest attacks at times bear hallmarks similar to those seen in 2016.

178

178

WIRED Threat Level

SEPTEMBER 5, 2020

Plus: Predictive policing taken even farther, Amazon surveillance of private Facebook groups, and more of the week’s top security news.

Surveillance 127

Surveillance DDOS 127

Security Affairs

SEPTEMBER 9, 2020

K-Electric, the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services. K-Electric, the electricity provider for Karachi (Pakistan) is another victim of the Netwalker ransomware gang, the infection disrupted billing and online services. K-Electric (KE) (formerly known as Karachi Electric Supply Company / Karachi Electric Supply Corporation Limited) is a Pakistani investor-owned utility managing all three key stage

Ransomware 145

Ransomware Energy and Utilities VPN Advertising 145

Threatpost

SEPTEMBER 10, 2020

Cyberattacks have caused several school systems to delay students' first day back - and experts warn that new COVID-related delays could be the new "snow days.".

Ransomware 126

Ransomware Phishing Education Government 126

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

SEPTEMBER 10, 2020

Demands are sharply higher, and the complexity and costs of addressing an attack are increasing, according to cyber insurance provider Coalition.

Cyber Insurance 180

Cyber Insurance Insurance Ransomware 180

Dark Reading

SEPTEMBER 8, 2020

In a rare twist, "next-gen" isn't just marketing-speak when it comes to next-gen firewalls, which function differently than traditional gear and may enable you to replace a variety of devices.

Firewall 109

Firewall Marketing 109

Security Affairs

SEPTEMBER 5, 2020

FBI issued a second flash alert about ProLock ransomware stealing data, four months after the first advisory published by the feds on the same threat. The FBI has issued the 20200901-001 Private Industry Notification about ProLock ransomware stealing data on September 1st. The fresh alert is the second one related to this threat, the first one (MI-000125-MW Flash Alert) was published on May 4th, 2020.

Ransomware 145

Ransomware Advertising Malware Backups 145

Threatpost

SEPTEMBER 11, 2020

Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

Phishing 122

Phishing Authentication Hacking 122

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

SEPTEMBER 8, 2020

Small and midsized businesses cited budget constraints as their biggest security obstacle, according to Untangle.

Cybersecurity 187

Cybersecurity 187

Dark Reading

SEPTEMBER 10, 2020

While the amount will vary from organization to organization, here are four ways for everyone to evaluate whether they're allocating the right amount of money and resources.

107

107

Security Affairs

SEPTEMBER 8, 2020

UK research university Newcastle University suffered a DoppelPaymer ransomware attack and took its systems offline in response to the attack. UK research university Newcastle University was infected with the DoppelPaymer ransomware, in response to the incident it was forced to take systems offline on the morning of August 30th. The Newcastle University did not provide info about the family of ransomware behind the attack, but the DoppelPaymer ransomware operators are claiming to be responsible.

Ransomware 145

Ransomware Advertising Data breaches Accountability 145

ImmuniWeb

SEPTEMBER 8, 2020

97% of the leading cybersecurity companies have had their data exposed on the Dark Web in 2020, with over 160,000 high or critical incidents that may jeopardize their clients.

Cybersecurity 111

Cybersecurity 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

SEPTEMBER 9, 2020

TechRepublic writer Erik Eckel gives tips on how to make sure your data is safe if you're working from home.

186

186

WIRED Threat Level

SEPTEMBER 7, 2020

The argument hinges in part on psychiatrists' testimony that Assange is a high suicide risk.

Risk 145

Risk 145

Security Affairs

SEPTEMBER 10, 2020

Slovak cryptocurrency exchange ETERBASE disclosed a security breach, hackers stole cryptocurrency funds worth $5.4 million. Slovak cryptocurrency exchange ETERBASE disclosed a security breach, the hackers stole Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets worth $5.4 million. The company disclosed the hack on Thursday, threat actors have stolen various cryptocurrencies from its hot wallets, it also suspended all the transactions until September 10. “Dear users, as we have informed o

Cryptocurrency 144

Cryptocurrency Data breaches Advertising Hacking 144

Threatpost

SEPTEMBER 10, 2020

The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.

Wireless 106

Wireless Authentication 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity