Krebs on Security

JANUARY 13, 2020

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from dis

Internet 275

Internet Internet Software Media 275

Schneier on Security

JANUARY 14, 2020

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable.

Data collection 354

Data collection Software Marketing Government 354

Adam Levin

JANUARY 15, 2020

An unsecured database discovered online has leaked thousands of baby photos and videos. . Bithouse, Inc. left unprotected and accessible online an Elasticsearch database containing nearly 100GB of information associated with its app Peekabo Moments. The leaked data includes photos, videos, and birthdates of babies, as well as 800,000 email addresses, location data as well as detailed device information. .

Data privacy 225

Data privacy Data breaches 225

Troy Hunt

JANUARY 13, 2020

In a continued bid to make breach data available to the government departments around the world tasked with protecting their citizens, I'm very happy to welcome the first country onto Have I Been Pwned for 2020 - Denmark! The Danish Centre for Cyber Security (CFCS) joins the existing 7 governments who have free and unbridled API access to query and monitor their gov domains.

Government 185

Government 185

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

JANUARY 14, 2020

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7 , a still broadly-used operating system that will no longer be supplied with security updates.

Software 242

Software Backups Malware Banking 242

Schneier on Security

JANUARY 15, 2020

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.

Media 337

Media Government Software Risk 337

Tech Republic Security

JANUARY 17, 2020

CES 2020: A "hacked" robot was on display to demonstrate how SigmaDots serverless architecture is poised to fend off IoT security threats.

IoT 193

IoT Architecture Cybersecurity Hacking 193

Krebs on Security

JANUARY 13, 2020

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen.

Phishing 228

Phishing Scams Mobile Encryption 228

Adam Levin

JANUARY 13, 2020

The City of Las Vegas successfully averted what could have been a disastrous cyberattack earlier this month. City officials detected a cyberattack January 7, and in response immediately took several services offline, including its public-facing website. . “We do not believe any data was lost from our systems and no personal data was taken. We are unclear as to who was responsible for the compromise, but we will continue to look for potential indications,” the city announced on its Twitter feed.

Technology 130

Technology Ransomware Government Malware 130

Adam Shostack

JANUARY 15, 2020

Spudnet is a new game to teach networking and security concepts. The creators were kind enough to send me a pre-production copy, and I can tell you – it looks and feels super solid, and, more importantly, it plays well. The Kickstarter has already met its goals, and while all Kickstarters have risk, the creators clearly have production down.

Risk 147

Risk 147

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JANUARY 16, 2020

Security researcher Saleem Rashid "rickrolled" himself to show that the bug could be exploited in the real world to spoof security certificates on machines without Microsoft's patch.

169

169

Schneier on Security

JANUARY 14, 2020

This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm giving a keynote on "Hacking Society.".

Hacking 154

Hacking Risk 154

CTOVision Cybersecurity

JANUARY 12, 2020

Editor’s note: We are aiming this tutorial at the non-technical person. Please share with anyone in your life who could benefit from this. -bg Cyberspace is a complex domain and our adversaries are always seeking new ways to steal information or spread their malicious code or hold our data for ransom. This is the big reason […].

108

108

Adam Shostack

JANUARY 12, 2020

Andrew McCarthy has an amazing and impressive photographs of the moon on Instagram. To call these photographs is somewhat provocative. In his trilogy, Ansel Adams focuses (sorry! Not sorry) on composition, exposure, and development. By exposure, he specifically meant exposing film to light in controlled ways that caused chemical reactions on the film, and it remains common to hear photographers talk of ‘an exposure’, in much the same way that we dial phones.

130

130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 16, 2020

The most successful email lures don't promise riches, but issue imminent cybersecurity warnings or urgent office messages, a report reveals.

Phishing 178

Phishing Cybersecurity 178

Schneier on Security

JANUARY 16, 2020

Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police.

172

172

WIRED Threat Level

JANUARY 12, 2020

If you have a Facebook account—and even if you don't—the company is going to collect data about you. But you can at least control how it gets used.

Accountability 116

Accountability 116

Thales Cloud Protection & Licensing

JANUARY 14, 2020

Today’s innovations and technologies provide tremendous opportunities for enterprises. Along with innovation and technology proliferation, new challenges that will shape business during 2020. The importance of data and the power of being an insights-driven enterprise are increasing the amount of damage that data breaches can cause. The adoption of emerging technologies like 5G will fuel the proliferation of Internet of Things (IoT) that’s often built with only a few security controls and therefo

Data privacy 89

Data privacy IoT Data breaches Surveillance 89

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 15, 2020

Designed to exploit a vulnerability in Windows 10 and Windows Server 2016 and 2019, the bug could allow an attacker to remotely access and control an infected computer.

144

144

Security Affairs

JANUARY 13, 2020

A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber – e spionage group dubbed APT40. A group of anonymous security researchers that calls itself Intrusion Truth has discovered that a China-linked cyberespionage group, tracked as APT40, uses 13 front companies operating in the island of Hainan to recruit hackers.

Information Security 100

Information Security Advertising Government Technology 100

WIRED Threat Level

JANUARY 14, 2020

The Kremlin likely hacked the oil giant. Its next play: selectively release—and even forge—documents. Did the US learn enough from 2016 to ignore them?

Hacking 108

Hacking 108

Daniel Miessler

JANUARY 13, 2020

[advanced_iframe src=”[link] width=”100%”] No related posts.

Information Security 100

Information Security 100

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JANUARY 17, 2020

By inserting themselves into business emails among employees, cybercriminals can trick victims into wiring money or sharing payment information, says security firm Barracuda Networks.

Phishing 123

Phishing 123

Security Affairs

JANUARY 12, 2020

Last week, Senator Tom Cotton (R-Arkansas) introduced a bill that would ban intelligence sharing with countries that use Huawei 5G networks. Senator Tom Cotton (R-Arkansas) has introduced this week a new bill that would ban the sharing of intelligence with countries that use Huawei equipment on their fifth-generation (5G) networks. Since November 2018, the US Government has invited its allies to exclude Chinese equipment from critical infrastructure and 5G architectures over security concerns.

Telecommunications 98

Telecommunications Advertising Architecture Government 98

WIRED Threat Level

JANUARY 11, 2020

The Android devices are a part of the FCC's Lifeline Assistance Program, which makes free or subsidized phones available to millions of low-income users.

Government 98

Government Malware 98

Spinone

JANUARY 13, 2020

Installing antivirus software (or AV) is often considered an important ransomware protection measure. And it is. It’s better to buy a subscription to antivirus software than to pay, on average, $36,295 to hackers or face significant financial and reputational damages. But what is the catch? Antivirus users often experience ransomware attacks. So why antivirus is not enough to protect against ransomware and what is a more effective ransomware protection solution?

Antivirus 81

Antivirus Ransomware Software Encryption 81

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JANUARY 15, 2020

Many organizations underestimate the value of their data to skilled and organized cybercriminals, said security provider eSentire.

140

140

Security Affairs

JANUARY 12, 2020

Google revealed it successfully removed more than 1,700 apps from the Play Store over the past three years that had been infected with the Joker malware. Google provided technical details of its activity against the Joker malware (aka Bread) operation during the last few years. The Joker malware is a malicious code camouflaged as a system app and allows attackers to perform a broad range of malicious operations, including disable the Google Play Protect service , install malicious apps, generate

Malware 101

Malware Spyware Advertising Mobile 101

WIRED Threat Level

JANUARY 14, 2020

In a shift toward transparency, the National Security Agency announced a bug that could have left over 900 million PCs vulnerable to attack.

Hacking 99

Hacking 99

Dark Reading

JANUARY 13, 2020

The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.

Phishing 93

Phishing Scams 93

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity