Lohrman on Security

JANUARY 31, 2021

362

362

Schneier on Security

FEBRUARY 4, 2021

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks : Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S.

Hacking 359

Hacking Software Banking Risk 359

Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “ SMS Bandits ,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

Phishing 348

Phishing Telecommunications Advertising Mobile 348

Troy Hunt

FEBRUARY 4, 2021

For about the last decade, a huge proportion of my interactions with people has been remote and across different cultures and time zones. Initially this was in my previous life at Pfizer due to the regional nature of my role and over the last six years, it's been as an independent either talking to people remotely or travelling to different places. Since I began dropping content into this post, pretty much everyone now finds themselves in the same position - conducting most of their meetings onl

Firewall 294

Firewall 294

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

FEBRUARY 3, 2021

It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. Related: The quickening of cyber warfare. The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.

Phishing 252

Phishing Hacking Accountability Social Engineering 252

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.

Computers and Electronics 358

Computers and Electronics Malware Software Government 358

Troy Hunt

FEBRUARY 4, 2021

This week's update comes to you amongst the noisy backdrop of the garden being literally chopped up by high pressure hose (which I think my beautiful Rhode Broadcaster mic successfully excluded). As I say in the intro, it appears the horticulture industry is a little like the software one where you get cowboys who in this case, put in plants that were way too big and whose roots now threaten to break through the tiles and the house itself, Little Shop of Horrors style.

IoT 293

IoT Data breaches Software Cybersecurity 293

Joseph Steinberg

FEBRUARY 3, 2021

Cybersecurity For Dummies , the best-selling cybersecurity guide written by Joseph Steinberg for general audiences, is now available in French. Like its English, German, and Dutch counterparts, the French edition, entitled La Cybersécurité pour les Nuls , helps people stay cyber-secure regardless of their technical skillsets. Readers of the book learn what threats exist, as well as how to identify, protect against, detect, and respond to such threats.

Artificial Intelligence 246

Artificial Intelligence Cybersecurity Retail Data breaches 246

Schneier on Security

FEBRUARY 1, 2021

Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked (enough to change the outcome). Then this would have been detected in the audit, and (in principle) Georgia would have been able to recover by doing a full recount.

Hacking 339

Hacking Software 339

Krebs on Security

FEBRUARY 2, 2021

ValidCC , a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure.

Cybercrime 239

Cybercrime Media Accountability Hacking 239

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

FEBRUARY 1, 2021

Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.

Engineering 217

Engineering 217

Joseph Steinberg

FEBRUARY 2, 2021

While we have become somewhat accustomed to the data collection practices of online retailers seeking to analyze our purchase histories in order to better target their marketing efforts, many people may not realize that even some well-known retailers also use data provided by people whose purchases the retailer itself cancelled. To understand the significance of the issue, please consider a recent experience of mine: The week of Black Friday weekend, I ordered a new refrigerator from an online r

Retail 219

Retail Data collection Artificial Intelligence Marketing 219

The Last Watchdog

FEBRUARY 1, 2021

The cybersecurity operational risks businesses face today are daunting, to say the least. Related: Embedding security into DevOps. Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of.

Risk 154

Risk Social Engineering Software Password Management 154

Malwarebytes

FEBRUARY 5, 2021

Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner.

Adware 145

Adware Mobile Malware 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

FEBRUARY 1, 2021

Security experts suggest using IOBs to move from reacting to a cyberattack to preventing the incident.

Cybersecurity 213

Cybersecurity 213

Zero Day

FEBRUARY 5, 2021

A security researcher has found a malicious Chrome extension in the wild abusing the Chrome Sync process.

145

145

Hot for Security

FEBRUARY 5, 2021

A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data. Read more in my article on the Hot for Security blog.

Spyware 145

Spyware Malware 145

Malwarebytes

FEBRUARY 5, 2021

Emulators have played a part in many tech-savvy users’ lives. They introduce a level of flexibility that not only allows another system to run on top of a user’s operating system—a Windows OS running on a MacBook laptop, for example—but also allows video gamers to play games designed to work on a different platform than the one they own. Recently, ESET revealed a campaign that targeted users of NoxPlayer, a popular Android emulator for PCs and Macs.

Malware 145

Malware Phishing Software Risk 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 5, 2021

Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.

Media 198

Media DDOS 198

Zero Day

FEBRUARY 5, 2021

SitePoint admits data breach after one million user creds were sold on a hacking forum last December.

Data breaches 145

Data breaches Hacking 145

The Hacker News

FEBRUARY 4, 2021

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

Engineering 145

Engineering 145

WIRED Threat Level

FEBRUARY 4, 2021

WIRED has found dozens of far-right and white supremacist figures monetizing their livestreams through “donation management services” Streamlabs and StreamElements.

145

145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

FEBRUARY 1, 2021

Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.

Penetration Testing 193

Penetration Testing Network Security 193

Zero Day

FEBRUARY 4, 2021

Google Chrome 88.0.4324.150 released with a fix. Users advised to update.

145

145

Security Boulevard

FEBRUARY 4, 2021

The past year has put digital identity challenges, security and passwords under scrutiny. This report explains why passwordless is the future. Passwords are deeply ingrainetd in all aspects of our digital reality. A year ago, NordPass estimated that the average person had 70 to 80 passwords. And yet, password compromises and shared secrets remain the.

Cybersecurity 145

Cybersecurity Passwords CISO Mobile 145

Graham Cluley

FEBRUARY 4, 2021

French cybersecurity firm Stormshield has revealed that it has suffered a security breach, and hackers have accessed sensitive information.

Cybersecurity 145

Cybersecurity Hacking Data breaches 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

FEBRUARY 4, 2021

A lack of security training for educators and budget limitations are two reasons schools are susceptible to cyberattack, says IBM Security.

Education 191

Education Ransomware 191

Zero Day

FEBRUARY 4, 2021

Sum is up from the $6.5 million the company paid security researchers a year before, in 2019.

145

145

WIRED Threat Level

FEBRUARY 4, 2021

Security cameras. License plate readers. Smartphone trackers. Drones. We’re being watched 24/7. What happens when all those data streams fuse into one?

145

145

The Hacker News

FEBRUARY 4, 2021

Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis.

Scams 145

Scams Cyber threats Phishing Malware 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity