Krebs on Security
MARCH 25, 2020
Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.
Troy Hunt
MARCH 22, 2020
Strange times, these. But equally, a time to focus on new things and indeed a time to pursue experiences we might not have done otherwise. As Ari now spends his days learning from home, I wanted to really start focusing more on his coding not just for his own benefit, but for all the other kids out there who are in the same home-bound predicament he now finds himself in.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Daniel Miessler
MARCH 22, 2020
I’ve thought for a long time that public video feed monitoring would become ubiquitous. My basis for this was looking at humans ultimately desire, not at the tech itself. When I hear crazy long-term predictions I always think two things: either the prediction is going to be obvious, or it’s going to be wrong. I think my approach is different in a subtle and powerful way.
Adam Levin
MARCH 23, 2020
Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts. You can also create an extra firewall by configuring your router to block unwanted incoming internet traffic. Secure Your Webcam: If you’re using an external webcam for videoconferences, disconnect it when you’re not using it.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
MARCH 26, 2020
Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade.
Troy Hunt
MARCH 27, 2020
This has been an absolutely flat-out week between running almost 3 hours of our free Cyber-Broken talk with Scott Helme, doing an hour of code with Ari each day (and helping get up to speed with remote schooling) then running our Hack Yourself First workshop on Aussie time zones the last couple of days. But, especially given the current circumstances, I'm pretty happy with the result ??
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
MARCH 23, 2020
Covid-19 is increasing the number of employees working from home, and more businesses are relying on video conferences as a means of keeping in regular communication. . Follow these tips to make sure your webcam isn’t compromising your privacy and your data: Unplug/disable your camera when it’s not in use: If you’re using an external camera, don’t just turn it off when you’re not in a conference–unplug it completely.
Tech Republic Security
MARCH 26, 2020
Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.
Troy Hunt
MARCH 24, 2020
Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the expansion of this initiative to include the USA government by way of their US Cybersecurity and Infrastructure Security Agency (CISA).
Schneier on Security
MARCH 24, 2020
Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on the voter's computer without the voter's knowledge, local elections officials cannot verify that the voter's ballot reflects the voter's in
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Adam Levin
MARCH 23, 2020
As more employees are working remotely in the wake of the Covid-19 pandemic, businesses are being targeted by an increasing number of phishing campaigns. . Follow these five tips to keep your email and your business cybersecure: Don’t send sensitive information via email: Email is convenient and universal, but it’s not an especially secure way to send information.
Tech Republic Security
MARCH 23, 2020
The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4.
Adam Shostack
MARCH 26, 2020
Threat modeling figures heavily in the FDA’s thinking. It’s been part of the first cybersecurity pre-market guidance, it was a big part of the workshop on ‘ content of premarket submissions ,’ etc. There have been lots of questions about how to make that happen. I’ve been working with the FDA and the MDIC, and we have been planning for free boot camps for threat modeling.
Schneier on Security
MARCH 23, 2020
I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves : Voice assistants -- the demo targeted Siri, Google Assistant, and Bixby -- are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'. Ultimately, commands are just sound waves, which other researchers have already shown can be emulated using ultrasonic waves which humans can't hear, providing an attacker has a line of si
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Daniel Miessler
MARCH 23, 2020
THIS WEEK’S TOPICS: Health-justified Video Surveillance, FDA Emergency Approval of a C19 Test, Israel Mobile Monitoring, Amazon Essentials, Pandemic Drone Monitoring, Retasking Factories, Rich People Ventilators, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —.
Tech Republic Security
MARCH 26, 2020
New data from Barracuda shows cybercriminals are taking advantage of people's concerns during the COVID-19 pandemic.
The Last Watchdog
MARCH 24, 2020
Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day. I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.
Schneier on Security
MARCH 27, 2020
This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion somewhere in Siberia in the 1980s. Lots of information about the origins of US export controls laws and sabotage operations.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
MARCH 27, 2020
Operators behind the Ryuk Ransomware continue to target hospitals even as these organizations are involved in the fight against the Coronavirus pandemic. The threat actors behind the infamous Ryuk Ransomware continue to target hospitals, even as they are involved in containing the Coronavirus outbreak. The decision of the operators is not aligned with principal ransomware gangs that have announced they will no longer target health and medical organizations during the Coronavirus (COVID-19) pande
Tech Republic Security
MARCH 26, 2020
The coronavirus is putting a strain on healthcare facilities and increasing cybersecurity risks. Here are steps hospital IT admins can take to prevent ransomware and safeguard patient data.
The Last Watchdog
MARCH 23, 2020
Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day. I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.
Schneier on Security
MARCH 26, 2020
Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof's "market for lemons") or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome the market for lemons. Our preliminary analysis suggests the majority of cyber warranties cover the cost of repairing the device alone.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Adam Shostack
MARCH 23, 2020
I know many readers are here for the threat modeling, and I could claim that this is the “what are we going to do about it” post, which it is, but I don’t want to have to blog all threat modeling all the time. So this is the “Seattle is a month into COVID-19” post. There are a huge number of tips on how to stay safe, how to work from home, etc.
Tech Republic Security
MARCH 25, 2020
Businesses see advantages in migrating to cloud-based security tools but are worried about such issues as data privacy and unauthorized access, says Exabeam.
Security Affairs
MARCH 27, 2020
Google announced to have warned users of almost 40,000 alerts of state-sponsored phishing or malware attacks during 2019. Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019. The number of alerts decreased by 25% when compared to 2018, possible reasons for this drop could be the increased efficiency of defense measures implemented by Google, but we cann
WIRED Threat Level
MARCH 27, 2020
Kitboga has built a following by trolling telemarketers. Covid-19 opportunists have given him a whole new crop of targets.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Threatpost
MARCH 26, 2020
Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.
Tech Republic Security
MARCH 26, 2020
The attackers are changing DNS settings on Linksys routers to redirect users to a malicious website promising an informative COVID-19 app, says security provider BitDefender.
Security Affairs
MARCH 23, 2020
MalwareHunterTeam experts have identified a new Coronavirus phishing campaign that aims at delivering the Netwalker Ransomware. The number of coronavirus -themed cyberattacks continues to increase, MalwareHunterTeam researchers uncovered a new campaign that is delivering the Netwalker Ransomware, aka Mailto. The researchers have analyzed an attachment, named “ CORONAVIRUS_COVID-19.vbs ,” used in a new Coronavirus phishing campaign that was designed to deliver the Netwalker Ransomwar
ForAllSecure
MARCH 24, 2020
Introduction. For ForAllSecure, I’ve been focusing on finding bugs in OpenWRT using their Mayhem software. My research on OpenWRT has been a combination of writing custom harnesses, running binaries of the box without recompilation, and manual inspection of code.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
301 
Let's personalize your content