Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer.

Scams 363

Scams Banking Passwords Authentication 363

Joseph Steinberg

NOVEMBER 17, 2021

Rockville, MD – November 17, 2021 – Sepio Systems , the leader in Zero Trust Hardware Access (ZTHA), announced today that cybersecurity expert Joseph Steinberg has joined its advisory board. Steinberg has led organizations within the cybersecurity industry for nearly 25 years and is a top industry influencer worldwide. He has written books ranging from Cybersecurity for Dummies to the advanced Official (ISC)2® Guide to the CISSP®-ISSMP® CBK®.

Cybersecurity 362

Cybersecurity Artificial Intelligence Government Information Security 362

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 351

Passwords 351

Troy Hunt

NOVEMBER 17, 2021

Like most of my good ideas, this one came completely by accident. The other day I was packaging up some swag to send to the winner of my impromptu best "Anonymous" meme competition and I decided to share the following tweet: Time to ramp up the 3D @haveibeenpwned printing too, been giving away a heap of these! pic.twitter.com/ffZpM5aZtx — Troy Hunt (@troyhunt) November 14, 2021 And I was promptly hit by many, many requests for 3D printed HIBP logos.

67

67

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Internet 363

Internet Internet Hacking Accountability 363

Lohrman on Security

NOVEMBER 14, 2021

The newly approved federal infrastructure deal brings with it a great holiday present for state and local governments: dedicated cyber funding. Here’s the history, and the future, of cyber grants.

Government 321

Government 321

Troy Hunt

NOVEMBER 19, 2021

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it. I've just watched this back and other than mucking around with the gain in the first part of the video, I reckon it's great.

Wireless 296

Wireless Mobile 296

The Last Watchdog

NOVEMBER 15, 2021

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Cyber Risk 268

Cyber Risk Risk Artificial Intelligence Cyber threats 268

Joseph Steinberg

NOVEMBER 15, 2021

Email serves as one of the primary mechanisms of communication within the Western world – yet, decades after it first appeared on the scene, email still remains a source of security headaches. There has likely not been a single hour during the last decade, for example, during which criminals did not carry out successful phishing-based attacks by exploiting the inherent lack of security within standard and ubiquitous email technology.

Phishing 244

Phishing Artificial Intelligence Technology Scams 244

Schneier on Security

NOVEMBER 15, 2021

This is part 3 of Sean Gallagher’s advice for “securing your digital life.

Phishing 307

Phishing Risk Cybersecurity 307

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

NOVEMBER 13, 2021

Where does the time go? The video is an hour and 35 mins today, I suspect in part because I've done it on a Saturday morning with a bit more time to spare and, well, there was just a lot of stuff happening. I did make up for working on a Saturday by then heading straight down to the beach and it was perfect! Everything here is perfect 😎 🌴 🐋 [link] — Troy Hunt (@troyhunt) November 12, 2021 The water looked so perfect that true to my word, we then had to go jet

Password Management 265

Password Management Passwords 265

Tech Republic Security

NOVEMBER 19, 2021

Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing us to predict what threats might lead the future.

218

218

Javvad Malik

NOVEMBER 18, 2021

If you’ve been on LinkedIn recently, you’ve probably seen your feed littered with polling questions. It could be something simple as, “which of these items do you like for breakfast” or something more specific such as, “Zero Trust is good because…” Either way, I have a bit of an issue with how these are framed, run, and subsequently interpreted.

Firewall 182

Firewall Data breaches Marketing Risk 182

Schneier on Security

NOVEMBER 19, 2021

Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a new enhancement: All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided.

302

302

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Daniel Miessler

NOVEMBER 14, 2021

If you’re on InfoSec Twitter You’ve probably seen the recent iteration of the neverending debate around degrees, certs, and InfoSec. Basically, one side argues that you need college to be taken seriously in security, and the other side says nuh-uh! and proceed to give lots of examples of people without a degree. Let me try to express something that applies to much more than this topic: When you have debates with people making good points that are backed by evidence, the answer is likely that the

InfoSec 168

InfoSec Cybersecurity Information Security 168

Tech Republic Security

NOVEMBER 17, 2021

Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.

Passwords 218

Passwords 218

The Hacker News

NOVEMBER 19, 2021

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks.

Passwords 145

Passwords Cybersecurity 145

Schneier on Security

NOVEMBER 14, 2021

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at @Hack on November 29, 2021. The list is maintained on this page.

Hacking 278

Hacking 278

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

NOVEMBER 19, 2021

Some Tesla owners worldwide are unable to unlock or communicate with their cars using the app due to an outage of the company's servers. [.].

Technology 145

Technology 145

Tech Republic Security

NOVEMBER 15, 2021

Most organizations surveyed by Hitachi ID are moving partly to software-as-a-service. Less than half have adopted a Zero Trust strategy.

Cybersecurity 217

Cybersecurity Ransomware Software 217

The Hacker News

NOVEMBER 19, 2021

The U.S.

VPN 145

VPN 145

Schneier on Security

NOVEMBER 16, 2021

The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~. Which was rejected by the site, because it didn’t meet their password security rules. It took me a minute to figure out what was wrong with it.

Passwords 270

Passwords Accountability 270

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

NOVEMBER 19, 2021

A hacking group is targeting a broad range of organizations, taking advantage of vulnerabilities that have been patched but not yet updated.

Hacking 145

Hacking 145

Tech Republic Security

NOVEMBER 18, 2021

Midsize companies often lack the staff, expertise and expensive tools needed to defend themselves against attack, says security provider Coro.

Data breaches 216

Data breaches 216

Security Affairs

NOVEMBER 17, 2021

Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand for exploits is fueling a millionaire market where these malicious codes are incredibly expensive. Researchers from Digital Shadows published an interesting research titled “ Vulnerability Intelligence: Do you know where your flaws are?

Marketing 145

Marketing Hacking Cybercrime Advertising 145

Schneier on Security

NOVEMBER 15, 2021

For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath , both in paperback, for just $6 each plus shipping. I have 500 copies of each book available. When they’re gone, the sale is over and the price will revert to normal. Order here and here. Please be patient on delivery. It’s a lot of work to sign and mail hundreds of books.

236

236

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

NOVEMBER 15, 2021

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets.

Cybersecurity 145

Cybersecurity Engineering Software 145

Tech Republic Security

NOVEMBER 16, 2021

Security researchers analyzed 700 incidents to understand the economics of these threats as well as what bargaining tactics work.

Ransomware 216

Ransomware 216

Security Affairs

NOVEMBER 16, 2021

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization.

Authentication 145

Authentication Architecture Hacking Accountability 145

We Live Security

NOVEMBER 19, 2021

Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks. The post CYBERWARCON – Foreign influence operations grow up appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity