Sat.Mar 28, 2020 - Fri.Apr 03, 2020

article thumbnail

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong.

Passwords 363
article thumbnail

Privacy vs. Surveillance in the Age of COVID-19

Schneier on Security

The trade-offs are changing : As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder the virus ­ even as the surveillance efforts threaten to alter the precarious balance between public safety and personal privacy on a global s

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 185

Troy Hunt

I actually lost track of what week it was at the start of this video. Did I do the Aussie workshops last week? Or the week before? I know I was at home so. it's just all becoming a blur. But be that as it may, life marches on and this week like every other one before it was full of interesting cyber-things. I find the situation with Zoom in particular quite fascinating, particularly the willingness - even eagerness - that so many seem to have to throw the very tool that's bringing so many people

article thumbnail

Homographic Hacking: What It Is and How It Works

Adam Levin

If you are moving fast as we tend to do during the workday, the following four web addresses may not look so different from each other: Google.com. Google.?om. Goog?e.c?m. ? oogle.com. Google.c ? m. While some examples are more noticeable than others, in each version of the above URL address one letter or character has been replaced with a letter from non-Latin, or Roman, alphabet.

Hacking 204
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com.

Phishing 296
article thumbnail

Marriott Was Hacked -- Again

Schneier on Security

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points balance, but not passwords) Additional Personal Details (e.g., company, gender, and birthday day and month) Partnerships and

Hacking 247

More Trending

article thumbnail

IBM providing 9 free public cloud business services to customers during coronavirus pandemic

Tech Republic Security

With companies sending employees home to work during the COVID-19 threat, IBM offers a range of tools to support critical IT applications.

article thumbnail

Annual Protest to ‘Fight Krebs’ Raises €150K+

Krebs on Security

In 2018, KrebsOnSecurity unmasked the creators of Coinhive — a now-defunct cryptocurrency mining service that was being massively abused by cybercriminals — as the administrators of a popular German language image-hosting forum. In protest of that story, forum members donated hundreds of thousands of euros to nonprofits that combat cancer (Krebs means “cancer” in German).

article thumbnail

Bug Bounty Programs Are Being Used to Buy Silence

Schneier on Security

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty) as a thank you for doing the right thing.

CSO 243
article thumbnail

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

The Last Watchdog

Deploying the latest, greatest detection technology to deter stealthy network intruders will take companies only so far. Related: What we’ve learned from the massive breach of Capitol At RSA 2020 , I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Fraud prevention startup working on anonymous peer-to-peer verification network

Tech Republic Security

Identiq uses cryptographic algorithms and preserves customer privacy while enabling companies to to identify new customers through a network of trust.

184
184
article thumbnail

Hacking iPhone or MacBook devices by tricking into visiting a site

Security Affairs

Bad news for Apple iPhone or MacBook users, attackers could hack their device’s camera by tricking them into visiting a website. The ethical hacker Ryan Pickren demonstrated that it is possible to hack Apple iPhone or MacBook users by simply tricking them into visiting a website with the Safari browser. Pickren reported seven vulnerabilities to Apple that rewarded him with a $75,000 bounty.

Hacking 145
article thumbnail

Clarifying the Computer Fraud and Abuse Act

Schneier on Security

A federal court has ruled that violating a website's tems of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have terms of service prohibiting users from supplying fake information, and the researchers worried that their research could expose them to criminal liability under the CFAA, which makes it a crime to "acces

Passwords 230
article thumbnail

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

The Last Watchdog

Agile software innovation is the order of the day. Wonderous digital services are the result. Related: Micro-segmentation taken to the personal device level The flip side, of course, is that an already wide-open attack surface – one that has been getting plundered for the past two decades by criminal hacking groups — is getting scaled up, as well.

Firewall 149
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to better secure your Microsoft Remote Desktop Protocol connections

Tech Republic Security

Microsoft's Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections.

178
178
article thumbnail

Your colleague was infected with Coronavirus, this is the latest phishing lure

Security Affairs

Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently to be tested.

Phishing 145
article thumbnail

Dark Web Hosting Provider Hacked

Schneier on Security

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up.

Hacking 223
article thumbnail

The Zoom Privacy Backlash Is Only Getting Started

WIRED Threat Level

A class action lawsuit. Rampant zoombombing. And as of today, two new zero-day vulnerabilities.

144
144
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

7 of the best VPN providers for small businesses

Tech Republic Security

With work shifting away from offices, SMBs need a top-shelf VPN to continue doing business. Here are some of the leading brands.

article thumbnail

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Security Affairs

Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity. The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and normal users.

Malware 145
article thumbnail

COVID-19: Latest Security News & Commentary

Dark Reading

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

140
140
article thumbnail

Power Dynamics in Threat Modeling

Adam Shostack

On Linkedin, Peter Dowdall had a very important response to my post on remote threat modeling. Because comments on Linkedin are a transient resource, I’m going to quote heavily: The team here ran a session with people in the same room using Miro (maybe 1 remote) and we found it stripped the barriers of either “taking the pen” or calling out threats to a board.

130
130
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Phishing emails claim recipient has been infected with coronavirus

Tech Republic Security

A new phishing campaign is using the fear of being infected as a way to spread malware, as spotted by security trainer KnowBe4.

Phishing 174
article thumbnail

Critical buffer overflow in CODESYS allows remote code execution

Security Affairs

Experts discovered an easily exploitable heap-based buffer overflow flaw, tracked as CVE-2020-10245, that exists in the CODESYS web server. A critical heap-based buffer overflow flaw in a web server for the CODESYS automation software for engineering control systems could be exploited by a remote, unauthenticated attacker to crash a server or execute arbitrary code.

article thumbnail

Unsupervised Learning: No. 222

Daniel Miessler

THIS WEEK’S TOPICS: Who’s hiring, freezing, and laying off, models predict 100-200K US deaths, April distancing, Adversarial Capital, Booz Russia, Google State Phishes, Worker Monitoring, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… . The newsletter serves as the show notes for the podcast. —.

Phishing 130
article thumbnail

Two Zoom Zero-Day Flaws Uncovered

Threatpost

The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.

126
126
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How to use an iPhone or Android device as the security key for your Google account

Tech Republic Security

Your smartphone can act as your security key to authenticate your Google credentials on the web. Learn how to set that up on an Android device or an iPhone.

article thumbnail

New COVID19 wiper overwrites MBR making computers unusable

Security Affairs

A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR. SonicWall’s security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). Unfortunately, this is one of the numerous attacks conducted by cyber criminals and nation-state actors in an attempt to take advantage of the COVID19 epidemic.

Malware 144
article thumbnail

A Hacker Found a Way to Take Over Any Apple Webcam

WIRED Threat Level

They've been patched, but the Safari vulnerabilities would have given an alarming amount of access.

120
120
article thumbnail

The SOC Emergency Room Faces Malware Pandemic

Dark Reading

To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.

Malware 119
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!