Troy Hunt
OCTOBER 2, 2020
Sexuality, relationships and online dating are all rather personal things. They're aspects of our lives that many people choose to keep private or at the very least, share only with people of our choosing. Grindr is "The World's Largest Social Networking App for Gay, Bi, Trans, and Queer People" which for many people, makes it particularly sensitive.
Krebs on Security
OCTOBER 1, 2020
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock. In its advisory (PDF), the Treasury’s Office of Foreign Assets Control (OFAC) said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial in
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 29, 2020
As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly.
Daniel Miessler
SEPTEMBER 27, 2020
Threat modeling is a superpower. When done correctly it gives you the ability to adjust your defensive behaviors based on what you’re facing in real-world scenarios. And not just for applications, or networks, or a business—but for life. The Difference Between Threats and Risks. This type of threat modeling is a life skill, not just a technical skill.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Troy Hunt
OCTOBER 2, 2020
This week there's a lot of connected things: connected shoes, connected garage camera and connected GoPro. And then there's Scott's Grindr account. Awkward. Actually, since recording this weekly update the details of the issue have now been released so I'll talk about that in more detail next week. This week there's all the above and, on a more personal note, my relationship with Charlotte.
Krebs on Security
SEPTEMBER 29, 2020
Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft ‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen , two companies that together handle 911 calls for a broad swath of the Uni
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Daniel Miessler
SEPTEMBER 29, 2020
Since 2007 the InfoSec industry has been talking about TheBigOne™—the event that would change cyber threats from annoyances to existential concerns. They called it Cyber Pearl Harbor. This doesn’t mean it can’t still happen. The idea was that it’d be some massive blast that would take out the country’s power grid, or disable the entire internet, along with what they used to call e-commerce.
Adam Levin
SEPTEMBER 29, 2020
Ransomware operators have released the personal data of students in the Clark County School District in Nevada after officials refused to pay to have their files decrypted. The information leaked reportedly includes Social Security numbers, names, grades, addresses, and financial information. District officials have been thus far unable to verify the data.
Krebs on Security
OCTOBER 2, 2020
Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. A text snippet from one of the bogus Trickbot configuration updates.
Schneier on Security
SEPTEMBER 30, 2020
Really interesting conversation with someone who negotiates with ransomware gangs: For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy and others) and even if payment is arguably unlawful, seems unlikely to be prosecuted.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
SEPTEMBER 28, 2020
The Joker malware has been a persistent thorn in Google's side as it keeps popping up in shady apps to infect users of the Google Play store.
Troy Hunt
SEPTEMBER 26, 2020
Wow, 4 years already. Regardless of where I've been in the world or the stresses that have been going on in my personal life , every single week without exception there's been a video. This makes 210 of them now, and these days they're live from a much more professional setup in a location that has absolutely no chance of changing for the foreseeable future.
Adam Levin
SEPTEMBER 28, 2020
Tyler Technologies, a software and technology provider for U.S. federal, state, and local government agencies, announced that its internal systems were hacked last week. . The company, which provides election, information management and emergency management systems to over 15,000 government offices across the country, announced the hack after its website was taken offline Wednesday, September 23. .
Schneier on Security
OCTOBER 1, 2020
Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these changes would be too minute to detect merely from a video, but viewing videos that have been enhanced to exaggerate these color shifts will quickly disabuse you of that notion.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
SEPTEMBER 28, 2020
Assessing the security posture of devices is an important part of securing data and communications. Follow these steps to make sure you do it correctly.
Security Affairs
SEPTEMBER 29, 2020
The French maritime transport and logistics giant CMA CGM S.A. revealed it was the victim of a malware attack that affecting some servers on its network. CMA CGM S.A. , a French maritime transport and logistics giant, revealed that a malware attack affected some servers on its network. The company is present in over 160 countries through 755 offices and 750 warehouses with 110,000 employees and 489 vessels.
Adam Levin
OCTOBER 2, 2020
Facebook has announced that it will place greater restrictions on advertisements for social and political issues ahead of the upcoming U.S. presidential election. The company announced the new restrictions on its corporate blog earlier this week, which prohibit the following content: Ads discouraging participation in the voting process. Ads seeking to delegitimize lawful voting practices as fraudulent, illegal, or corrupt.
WIRED Threat Level
OCTOBER 1, 2020
New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
OCTOBER 1, 2020
This October looks quite different from previous years, as IT oversees staff who are no longer centrally located, creating a larger attack surface for bad actors. Awareness is key, experts say.
Security Affairs
SEPTEMBER 29, 2020
While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections. The name AgeLocker comes from the use of the Actually Good Encryption ( AGE ) algorithm to encrypt files, experts warn that encrypted files can’t be recovered without paying t
CompTIA on Cybersecurity
SEPTEMBER 30, 2020
This cybersecurity awareness month, CompTIA wants to thank cybersecurity pros for ensuring information integrity.
Dark Reading
SEPTEMBER 29, 2020
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 1, 2020
In an effort to make IT pros' jobs easier, Jack Wallen offers cybersecurity tips to end users--in particular, what not to do to keep company networks, equipment, and data secure.
Security Affairs
SEPTEMBER 26, 2020
Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them. According to telecoms firm Magyar Telekom, the attack took place on Thursday and was launched from servers in Russia, China and Vietnam.
Threatpost
OCTOBER 1, 2020
What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.
WIRED Threat Level
OCTOBER 2, 2020
There’s a small but real possibility that we won’t know which party controls the Senate until 2021, thanks to a special election and a unique state requirement.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
SEPTEMBER 30, 2020
There are ways to maintain and even enhance your security posture even when your tech budget is under stress, according to Kaspersky.
Security Affairs
SEPTEMBER 29, 2020
US-based Arthur J. Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. US-based Arthur J. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. The company did not provide technical details about the attack, it is not clear how the ransomware operators breached the company and which is the family of malware that infected its systems.
Threatpost
SEPTEMBER 29, 2020
Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.
Dark Reading
OCTOBER 1, 2020
From WarGames, to Aaron Swartz, to bug bounties, to Van Buren, here's what cybersecurity researchers should know about the US's primary anti-hacking law before it gets its day in the Supreme Court.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
363 
Let's personalize your content