Schneier on Security

NOVEMBER 2, 2020

Google’s Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. The exploit doesn’t affect the cryptography, but allows attackers to escalate system privileges: Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

362

362

Krebs on Security

NOVEMBER 4, 2020

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data publi

Ransomware 358

Ransomware Backups Data breaches Encryption 358

Troy Hunt

NOVEMBER 2, 2020

I've had this blog post in draft for quite some time now, adding little bits to it as the opportunity presented itself. In a essence, it boils down to this: people expressing their displeasure when I post about a topic they're not interested in then deciding to have a whinge that my timeline isn't tailored to their expectation of the things they'd like me to talk about.

Data breaches 345

Data breaches InfoSec Media Technology 345

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. (2021-2030) A Surge in Demand for InfoSec people will result in many more professionals being trained and placed within companies, likely using more of a trade/certification model than a 4-year university model. (2026-) Cyberinsurance will ascend as the primary mechanism for making cybersecurity-related product and service decisions within companies. (2030-) Automation & AI will s

InfoSec 255

InfoSec Insurance Artificial Intelligence Cybersecurity 255

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

NOVEMBER 4, 2020

Accuracy isn’t great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants. Specifically, they focused on the movement of their shoulders and arms to extrapolate the actions of their fingers as they typed.

Data collection 359

Data collection Software 359

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K. Milleson , 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A.

Scams 308

Scams Wireless Identity Theft Mobile 308

Adam Shostack

OCTOBER 31, 2020

With three days to the US election, the outrage machines are running on all cylinders. It’ll be easier to stay happy if you remember to notice them. To be clear, I’m not using a metaphor. Websites from news to social media use data to drive stories. Twitter’s top tweets, Facebook’s timeline, your local newspaper, but also Linkedin, Medium, Buzzfeed, – all are focused on keeping you on their site as long as possible to show you as many ads as possible.

Media 264

Media Engineering 264

Schneier on Security

NOVEMBER 5, 2020

California’s Proposition 24, aimed at improving the California Consumer Privacy Act, passed this week. Analyses are very mixed. I was very mixed on the proposition, but on the whole I supported it. The proposition has some serious flaws, and was watered down by industry, but voting for privacy feels like it’s generally a good thing.

320

320

Tech Republic Security

NOVEMBER 2, 2020

The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.

Data breaches 205

Data breaches Ransomware Cybersecurity 205

Adam Levin

NOVEMBER 4, 2020

The infamous Maze ransomware gang has announced they will cease operations, effective immediately. . On November 1, the hacking group behind several high profile ransomware attacks in 2020 issued a rambling press release, riddled with spelling errors, on the dark web announcing, “it is officially closed.”. “All the links to out [sic] project, using of our brand, our work methods should be considered to be a scam,” the announcement stated.

Ransomware 168

Ransomware Scams Hacking Malware 168

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Shostack

NOVEMBER 4, 2020

I posted this image in 2004. It’s even more relevant now. While we have a country that is clearly divided, the dividing lines are not so neat as the maps showing states going one way or the other.

130

130

Schneier on Security

NOVEMBER 6, 2020

Research paper: Rick Wash, “ How Experts Detect Phishing Scam Emails “: Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails received, they are not perfect and phishing remains one of the largest sources of security risk in technology and communication systems.

Phishing 236

Phishing Scams Technology Risk 236

Tech Republic Security

NOVEMBER 2, 2020

Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.

Media 217

Media Ransomware 217

Adam Levin

NOVEMBER 6, 2020

Healthcare facilities are under an increased threat of cyberattack, according to the FBI. In a joint cybersecurity advisory with the Cybersecurity and Infrastructure Agency (CISA) and the Department of Health and Human Services (HHS), the FBI warned of an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”. While there are currently several strains of malware actively targeting healthcare facilities, the advisory primarily focused on TrickBot, a program with a

Healthcare 175

Healthcare Antivirus Backups Cybercrime 175

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Javvad Malik

NOVEMBER 3, 2020

We’re all honest and good people… well, at least most of us are. From a young age, we’re taught to always tell the truth and to never lie. However, our inherent honesty can be our own worst enemy when it comes to cybersecurity. We use our real names on sites, we upload our photos and share our holiday plans. Now, I’m not advocating that we create a fictitious life online and don’t share anything.

Passwords 130

Passwords Password Management Internet Internet 130

Anton on Security

NOVEMBER 3, 2020

My post “Why is Threat Detection Hard?” proved to be one of the most popular in recent history of my new blog. In this post, I wanted to explore a seemingly obvious, while surprisingly fascinating aspect of detection: uncertainty. Uncertainty? Are you sure, Anton? :-) Well, maybe ! Let’s start our journey with exploring the classic fallacy, “if you can detect [the threat], why can’t you prevent it?

Threat Detection 130

Threat Detection Information Security Cybersecurity 130

Tech Republic Security

NOVEMBER 5, 2020

A security awareness program backed by multi-factor authentication can help protect your critical assets, says NordVPN Teams.

Social Engineering 215

Social Engineering Engineering Security Awareness Authentication 215

Security Affairs

NOVEMBER 1, 2020

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. The threat actor is advertising the stolen data since October 28 on a hacker forum. Source Bleeping Computer.

Data breaches 145

Data breaches Accountability Advertising Passwords 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

NOVEMBER 5, 2020

From meditation to the right mindset, seasoned vulnerability researchers give their advice on how to maximize bug bounty profits and avoid burnout.

144

144

Anton on Security

NOVEMBER 6, 2020

Security continues to be a top concern for cloud customers, and therefore continues to be a driver of our business at Google Cloud. However, specific security priorities vary wildly by vertical, by organization size, and by many other factors. In fact, many “CISO priorities lists” are floating out there online and many people claim to know “what CISOs want.

CISO 100

CISO Cloud Migration CSO Information Security 100

Tech Republic Security

NOVEMBER 5, 2020

The California Privacy Rights Act adds "teeth" to the CCPA, but some advocates say it doesn't go far enough.

Data privacy 216

Data privacy 216

Security Affairs

NOVEMBER 1, 2020

Japan’s Nuclear Regulation Authority (NRA) issued a warning of temporary suspension of its email systems, likely caused by a cyber attack. The Japan’s Nuclear Regulation Authority (NRA) temporarily suspended its email systems, the interruption is likely caused by a cyber attack. The agency published a warning on its website, it is asking people to contact it via phone or fax because it is unable to receive emails from the outside world. “From 17:00 on October 27, 2nd year of Reiwa, sending

Cyber Attacks 145

Cyber Attacks Advertising Media Hacking 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

NOVEMBER 4, 2020

A criminal complaint alleges that a West Virginia man disguised the plastic components as wall hangers and sold hundreds of them online.

142

142

Threatpost

NOVEMBER 3, 2020

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.

Telecommunications 133

Telecommunications Malware Hacking 133

Tech Republic Security

NOVEMBER 4, 2020

As Americans anxiously await clarity regarding final voting counts and results of yesterday's election, a new report found 26% of US consumers correlate who will win with how much they'll spend.

162

162

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. Someone has transferred almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet to another wallet.

Cryptocurrency 145

Cryptocurrency Passwords Advertising Hacking 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

NOVEMBER 2, 2020

You can lock down your meetings like never before—even if you have to give up a few features to do so.

Encryption 143

Encryption 143

Threatpost

NOVEMBER 3, 2020

A diverse set of companies, including an adaptive-learning platform in Brazil, an online grocery service in Singapore and a cold-brew coffee-maker company, are caught up in the large data trove.

Cybercrime 111

Cybercrime Data breaches 111

Tech Republic Security

NOVEMBER 5, 2020

In the name of security, make sure the information displayed on your Google account is limited. Jack Wallen shows you how.

Accountability 168

Accountability 168

Security Affairs

NOVEMBER 1, 2020

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019. The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019.

Ransomware 145

Ransomware Cybercrime Advertising Software 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity