Troy Hunt
JULY 2, 2020
I started writing this blog post alone in a hotel room in Budapest last September. It was at the absolute zenith of stress; a time when I had never been under as much pressure as I was right at that moment. Project Svalbard (the sale of HIBP which ultimately turned out to be a no-sale ) was a huge part of that and it was all happening whilst still being solely responsible for running the project.
Krebs on Security
JUNE 30, 2020
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JULY 2, 2020
For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that's all profitable. Inefficiency, on the other hand, is waste. Extra inventory is inefficient.
Adam Levin
JUNE 30, 2020
We’re not even halfway through 2020, and already it’s been a record-breaking year for ransomware attacks. Barely a week goes by without reports of a new strain or variant of malware wreaking havoc among companies. 1-99-employee companies are a target. No industry, category, size, or group is safe from this cyber scourge. We hear about the big ones.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
JULY 1, 2020
Companies have increased their reliance on cloud-based security platforms to protect sensitive data as a result of the coronavirus pandemic, according to a new survey.
Krebs on Security
JULY 1, 2020
We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and th
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
JULY 3, 2020
Well, no surprises here: this week's update is dominated by Thursday's blog post about sustaining performance under extreme stress. The feedback on that post has been absolutely phenomenal; tweets, comments, DMs, emails, phone calls, all enormously supportive. Many of them also shared people's own personal struggles, ones which I think we all know are out there but it's a very different thing to actually hear it from someone personally.
Tech Republic Security
JUNE 29, 2020
The new Edge browser will soon warn you if one of your passwords shows up in a data breach -- a feature based on an Azure service that enterprises can already use to protect user passwords.
Adam Shostack
JULY 2, 2020
This talk by Alyssa Miller is fascinating and thought provoking. She frames a focus on integrating threat modeling into devops. The question of ‘what are we working on’ is answered with use cases, and threat modeling for that sprint is scoped to the use cases. ‘What can go wrong’ is focused on a business analysis of what can go wrong with private data, critical functions, financial assets, people assets or secrets.
Schneier on Security
JULY 1, 2020
Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the regulations on the domestic company that's selling the stuff to consumers.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Daniel Miessler
JUNE 28, 2020
THIS WEEK’S TOPICS: Chinese diplomats stealing secrets, COVID flying risk, RT interviewing US cops, Army Ignite future predictors, China launches its GPS network, Russians paid bounties to kill US troops, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes.
Tech Republic Security
JUNE 30, 2020
Many companies are hampered by the use of too many security tools and the lack of specific playbooks for common attacks, says IBM Security.
Lenny Zeltser
JULY 1, 2020
Writing about cybersecurity threats, such as phishing campaigns, malware infections, and attack groups, is challenging for many reasons. How should you decide what details to include? How can you persuade the readers that your analysis is sound? How might you address the needs of multiple audiences? I’m happy to share what I’ve learned over the years about writing effective threat reports in the following 36-minute video.
Schneier on Security
JUNE 29, 2020
iOS apps are repeatedly reading clipboard data , which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a banner warning every time an app reads clipboard contents.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
JUNE 28, 2020
Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack. Asian media firm E27 has been hacked by a hacking group identifying themselves as “Korean Hackers” and “Team Johnwick”that asked for a “donation” to provide information on the vulnerabilities they have exploited in the attack.
Tech Republic Security
JULY 2, 2020
A report from Comparitech found that since 2005 K–12 districts and colleges/universities have been attacked more than 1,300 times.
WIRED Threat Level
JULY 3, 2020
Iran, China, Russia—the gang was all here in the first half of this year. Oh, and also an unprecedented pandemic that’s been a boon for hackers.
Schneier on Security
JUNE 30, 2020
Google has removed 25 Android apps from its store because they steal Facebook credentials : Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, fl
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JUNE 27, 2020
The France Télévisions group announced yesterday that it was hit by a cyber attack, targeting one of its broadcasting sites. The France Télévisions group announced Friday that it was the victim of a cyber attack that targeted one of its broadcasting sites. According to the group, the attack did not impact its antennae. “One of its dissemination sites has been infected with a computer virus.” reads a statement issued by the Franch group.
Tech Republic Security
JUNE 29, 2020
Cybersecurity group pivots from speaking engagements and scholarships to analyzing skill gaps and connecting candidates with employers.
Threatpost
JUNE 29, 2020
Comparitech’s Paul Bischoff found that Amazon’s facial recognition platform misidentified an alarming number of people, and was racially biased.
Adam Shostack
JUNE 30, 2020
There’s an interesting and detailed blog post from Antti Vähä-Sipilä and Heli Syväoja at the F-Secure blog, Using SAFe® to align cyber security and executive goals in an agile setting. What I find most useful is the detailed and specific elements of how to bring threat modeling into the Scaled Agile Framework, in particular: Security and privacy work need to be visible on backlogs.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JUNE 30, 2020
A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020. A threat actor is selling databases that contain user records for 14 different organizations he claimed were hacked in 2020, only for four of them ( HomeChef , Minted , Tokopedia , and Zoosk ) were previously reported data breaches.
Tech Republic Security
JULY 2, 2020
Almost three quarters of all requests for analysis to Kaspersky's Threat Intelligence Portal were for trojans, backdoors, and droppers.
Lenny Zeltser
JULY 1, 2020
In June 2020, the Federal Trade Commission (FTC) warned that “imposters are filing claims for unemployment benefits [in the US], using the names and personal information of people who have not filed claims.” How do such scams look from the victim’s perspective, and what can you do if you’re affected? As a victim of this scheme, I’d like to share my experience.
SecureWorld News
JULY 1, 2020
Phishing emails are increasingly attempting to launch ransomware attacks against organizations. This includes a newly discovered family, or strain of ransomware, called Avaddon. Proofpoint research: rise in email based ransomware. Throughout June, security researchers noticed an increase in email-based ransomware attacks. Proofpoint's Security Brief on the uptick notes how broad this shift has been: "Daily volumes ranged from one to as many as 350,000 messages in each campaign, and over one mill
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
JULY 2, 2020
Sodinokibi ransomware (aka REvil) operators are demanding a $14 million ransom from Brazilian-based electrical energy company Light S.A. Sodinokibi ransomware (aka REvil) operators have breached the Brazilian-based electrical energy company Light S.A. and are demanding a $14 million ransom. The company issued comments to a local newspaper confirming the attack , Light S.A. admitted the intrusion to a local newspaper, but it did provide technical details of the security breach either disclose th
Tech Republic Security
JUNE 30, 2020
New resource lists source IPs, connect-back servers, and attack flows for established campaigns and emerging threats.
Dark Reading
JUNE 30, 2020
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.
Threatpost
JULY 2, 2020
New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
351 
Let's personalize your content