Sat.Mar 21, 2020 - Fri.Mar 27, 2020

article thumbnail

US Government Sites Give Bad Security Advice

Krebs on Security

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.

article thumbnail

Coding With Ari, for Kids at Home

Troy Hunt

Strange times, these. But equally, a time to focus on new things and indeed a time to pursue experiences we might not have done otherwise. As Ari now spends his days learning from home, I wanted to really start focusing more on his coding not just for his own benefit, but for all the other kids out there who are in the same home-bound predicament he now finds himself in.

297
297
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Facial Recognition for People Wearing Masks

Schneier on Security

The Chinese facial recognition company Hanwang claims it can recognize people wearing masks : The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails. [.].

Software 253
article thumbnail

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

I’ve thought for a long time that public video feed monitoring would become ubiquitous. My basis for this was looking at humans ultimately desire, not at the tech itself. When I hear crazy long-term predictions I always think two things: either the prediction is going to be obvious, or it’s going to be wrong. I think my approach is different in a subtle and powerful way.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Russians Shut Down Huge Card Fraud Ring

Krebs on Security

Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade.

article thumbnail

Weekly Update 184

Troy Hunt

This has been an absolutely flat-out week between running almost 3 hours of our free Cyber-Broken talk with Scott Helme, doing an hour of code with Ari each day (and helping get up to speed with remote schooling) then running our Hack Yourself First workshop on Aussie time zones the last couple of days. But, especially given the current circumstances, I'm pretty happy with the result ??

More Trending

article thumbnail

Protect Your Home Office and Network With These 5 Tips

Adam Levin

Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts. You can also create an extra firewall by configuring your router to block unwanted incoming internet traffic. Secure Your Webcam: If you’re using an external webcam for videoconferences, disconnect it when you’re not using it.

article thumbnail

667% spike in email phishing attacks due to coronavirus fears

Tech Republic Security

New data from Barracuda shows cybercriminals are taking advantage of people's concerns during the COVID-19 pandemic.

Phishing 218
article thumbnail

Welcoming the USA Government to Have I Been Pwned

Troy Hunt

Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the expansion of this initiative to include the USA government by way of their US Cybersecurity and Infrastructure Security Agency (CISA).

article thumbnail

Hacking Voice Assistants with Ultrasonic Waves

Schneier on Security

I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves : Voice assistants -- the demo targeted Siri, Google Assistant, and Bixby -- are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'. Ultimately, commands are just sound waves, which other researchers have already shown can be emulated using ultrasonic waves which humans can't hear, providing an attacker has a line of si

Hacking 248
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Five Ways to Secure Your Home Office Webcam

Adam Levin

Covid-19 is increasing the number of employees working from home, and more businesses are relying on video conferences as a means of keeping in regular communication. . Follow these tips to make sure your webcam isn’t compromising your privacy and your data: Unplug/disable your camera when it’s not in use: If you’re using an external camera, don’t just turn it off when you’re not in a conference–unplug it completely.

Firmware 219
article thumbnail

Cybercriminals now recycling standard phishing emails with coronavirus themes

Tech Republic Security

The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4.

Phishing 217
article thumbnail

A Twitch Streamer Is Exposing Coronavirus Scams Live

WIRED Threat Level

Kitboga has built a following by trolling telemarketers. Covid-19 opportunists have given him a whole new crop of targets.

Scams 145
article thumbnail

Story of Gus Weiss

Schneier on Security

This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion somewhere in Siberia in the 1980s. Lots of information about the origins of US export controls laws and sabotage operations.

222
222
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Working Remotely? Follow These Five Tips to Avoid a Phishing Scam

Adam Levin

As more employees are working remotely in the wake of the Covid-19 pandemic, businesses are being targeted by an increasing number of phishing campaigns. . Follow these five tips to keep your email and your business cybersecure: Don’t send sensitive information via email: Email is convenient and universal, but it’s not an especially secure way to send information.

Scams 147
article thumbnail

How hackers are using COVID-19 fears to push new scams and malware

Tech Republic Security

Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.

Scams 216
article thumbnail

Ryuk Ransomware operators continue to target hospitals during COVID19 outbreak

Security Affairs

Operators behind the Ryuk Ransomware continue to target hospitals even as these organizations are involved in the fight against the Coronavirus pandemic. The threat actors behind the infamous Ryuk Ransomware continue to target hospitals, even as they are involved in containing the Coronavirus outbreak. The decision of the operators is not aligned with principal ransomware gangs that have announced they will no longer target health and medical organizations during the Coronavirus (COVID-19) pande

article thumbnail

On Cyber Warranties

Schneier on Security

Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof's "market for lemons") or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome the market for lemons. Our preliminary analysis suggests the majority of cyber warranties cover the cost of repairing the device alone.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

NEW TECH: QuoLab advances ‘Security Operations Platform’ — SOP — technology

The Last Watchdog

Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day. I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.

article thumbnail

How hospitals can be proactive to prevent ransomware attacks

Tech Republic Security

The coronavirus is putting a strain on healthcare facilities and increasing cybersecurity risks. Here are steps hospital IT admins can take to prevent ransomware and safeguard patient data.

article thumbnail

Google issued 40,000 alerts of State-Sponsored attacks in 2019

Security Affairs

Google announced to have warned users of almost 40,000 alerts of state-sponsored phishing or malware attacks during 2019. Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019. The number of alerts decreased by 25% when compared to 2018, possible reasons for this drop could be the increased efficiency of defense measures implemented by Google, but we cann

Phishing 145
article thumbnail

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

CTOVision Cybersecurity

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […].

VPN 26
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Friday Star Wars

Adam Shostack

130
130
article thumbnail

Organizations are moving their security to the cloud, but concerns remain

Tech Republic Security

Businesses see advantages in migrating to cloud-based security tools but are worried about such issues as data privacy and unauthorized access, says Exabeam.

article thumbnail

Coronavirus-themed campaign delivers a new variant of Netwalker Ransomware

Security Affairs

MalwareHunterTeam experts have identified a new Coronavirus phishing campaign that aims at delivering the Netwalker Ransomware. The number of coronavirus -themed cyberattacks continues to increase, MalwareHunterTeam researchers uncovered a new campaign that is delivering the Netwalker Ransomware, aka Mailto. The researchers have analyzed an attachment, named “ CORONAVIRUS_COVID-19.vbs ,” used in a new Coronavirus phishing campaign that was designed to deliver the Netwalker Ransomwar

article thumbnail

Unsupervised Learning: No. 221

Daniel Miessler

THIS WEEK’S TOPICS: Health-justified Video Surveillance, FDA Emergency Approval of a C19 Test, Israel Mobile Monitoring, Amazon Essentials, Pandemic Drone Monitoring, Retasking Factories, Rich People Ventilators, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Medical Device Threat Modeling

Adam Shostack

Threat modeling figures heavily in the FDA’s thinking. It’s been part of the first cybersecurity pre-market guidance, it was a big part of the workshop on ‘ content of premarket submissions ,’ etc. There have been lots of questions about how to make that happen. I’ve been working with the FDA and the MDIC, and we have been planning for free boot camps for threat modeling.

article thumbnail

Hackers hijacking home routers to direct people to malicious coronavirus app

Tech Republic Security

The attackers are changing DNS settings on Linksys routers to redirect users to a malicious website promising an informative COVID-19 app, says security provider BitDefender.

DNS 163
article thumbnail

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

The FBI shuts down Deer.io, a Russian-based online platform that has been hosting hundreds of online shops where illegal products and services were being sold, The Department of Justice announced on Tuesday, that the Federal Bureau of Investigation has recently taken down the Russian-based online platform DEER.IO that is hosting various cybercrime products and services were being sold. “A Russian-based cyber platform known as DEER.IO was shut down by the FBI today, and its suspected admini

article thumbnail

As Zoom Booms Incidents of ‘ZoomBombing’ Become a Growing Nuisance

Threatpost

Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.

Media 124
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!