Troy Hunt

SEPTEMBER 3, 2020

You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway. Huh? Isn't the whole point of encryption that it protects data when exposed to unintended parties? Ah, yes, but it wasn't encrypted it was hashed and therein lies a key difference: Saying that passwords are “encrypted” over and over again doesn’t make it so.

Passwords 363

Passwords Encryption Data breaches Risk 363

Adam Levin

SEPTEMBER 1, 2020

Databases containing the personal information of millions of U.S. voters have appeared on Russian hacking forums. According to Russian news outlet Kommersant , a hacker called Gorka9 has posted the personal information of several million registered voters in Michigan, Arkansas, Connecticut, Florida, and South Carolina.The data includes names, birthdates, gender, mailing addresses, email addresses and polling station numbers.

Hacking 281

Hacking Cyber Attacks Authentication Government 281

Schneier on Security

SEPTEMBER 2, 2020

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted.

274

274

Tech Republic Security

SEPTEMBER 1, 2020

Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.

Ransomware 218

Ransomware 218

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

SEPTEMBER 4, 2020

I kicked off a little bit earlier on this one in order to wrap up before the Burning Minds keynote, and it's interesting to see just how much difference that little sliver of sunlight makes to the video quality. Check the very start of the video versus the very end; this is the sunset slipping through the crack in the fully drawn blinds, make a massive difference.

Passwords 222

Passwords Encryption Risk 222

Adam Levin

SEPTEMBER 4, 2020

The controversial collection of details on billions of American phone calls by the National Security Agency (NSA) was illegal and possibly unconstitutional, according to a ruling by a federal appeals court. Under the NSA program, information and metadata from calls placed by U.S. citizens were collected in bulk and screened for possible connections to terrorist activity.

Surveillance 260

Surveillance Data collection Government Cybersecurity 260

Tech Republic Security

SEPTEMBER 2, 2020

Instead of trying to remember a long and complex password, try switching to passphrases. Learn why they're important and how they work.

Passwords 211

Passwords 211

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. Hackers are scanning the Internet for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions vulnerable to a remote code execution (RCE) vulnerability addressed by the vendor 3 years ago.

Firmware 145

Firmware Advertising Malware Internet 145

WIRED Threat Level

SEPTEMBER 2, 2020

Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims.

Hacking 144

Hacking Ransomware 144

Schneier on Security

SEPTEMBER 3, 2020

Interesting story of a class break against the entire Tesla fleet.

Hacking 216

Hacking 216

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

SEPTEMBER 2, 2020

A new study found that email phishing attacks have become more successful during the COVID-19 pandemic.

Phishing 206

Phishing 206

Security Affairs

SEPTEMBER 2, 2020

Hackers actively exploiting a critical remote code execution vulnerability in the File Manager plugin, over 300,000 WordPress sites potentially exposed. Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin.

Firewall 145

Firewall Advertising Hacking 145

WIRED Threat Level

AUGUST 31, 2020

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time.

Adware 145

Adware Malware 145

Schneier on Security

SEPTEMBER 4, 2020

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis.

Hacking 214

Hacking 214

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

SEPTEMBER 4, 2020

This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.

Phishing 202

Phishing Accountability 202

Security Affairs

AUGUST 31, 2020

Cisco warns that threat actors are attempting to exploit a high severity DoS flaw in its Cisco IOS XR software that runs on carrier-grade routers. Cisco warned over the weekend that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability ( CVE-2020-3566 ) affecting the Cisco IOS XR Network OS that runs on carrier-grade routers.

Software 145

Software Internet Internet Advertising 145

WIRED Threat Level

SEPTEMBER 4, 2020

Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case.

Software 144

Software 144

Schneier on Security

AUGUST 31, 2020

Seny Kamara gave an excellent keynote talk this year at the (online) CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to.

Government 211

Government 211

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 3, 2020

The platform allows researchers to analyze cyberattacks without sensitive information being released.

Cybersecurity 201

Cybersecurity 201

Security Affairs

SEPTEMBER 4, 2020

The U.S. Department of Defense has disclosed the details about four critical and high severity vulnerabilities in its infrastructure. The U.S. Department of Defense has disclosed details of four vulnerabilities in its infrastructure, two high severity rating issues and other two critical flaws. The vulnerabilities could be exploited by threat actors to hijack a subdomain, execute arbitrary code remotely, or view files on the vulnerable system.

Advertising 144

Advertising Phishing Hacking Technology 144

Dark Reading

SEPTEMBER 1, 2020

Mass domain purchasing enables email attackers to slip by traditional defenses. Here's how artificial intelligence can stop them.

Artificial Intelligence 138

Artificial Intelligence 138

Threatpost

SEPTEMBER 3, 2020

The NSA argued its mass surveillance program stopped terrorist attacks - but a new U.S. court ruling found that this is not, and may have even been unconstitutional.

Surveillance 136

Surveillance Data privacy Government 136

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

SEPTEMBER 4, 2020

Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.

Passwords 200

Passwords 200

Security Affairs

AUGUST 29, 2020

North Korea-linked APT group BeagleBoyz intensified its operations since February, US CISA, Department of the Treasury, FBI, and USCYBERCOM warn. According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation (FBI), and U.S. Cyber Command (USCYBERCOM) North Korea-linked APT group BeagleBoyz was very active since February 2020 targeting banks across the world.

Banking 145

Banking Malware Advertising Hacking 145

Dark Reading

SEPTEMBER 2, 2020

One person's exit can set off a chain of costly events.

134

134

Threatpost

SEPTEMBER 4, 2020

A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.

Phishing 135

Phishing Passwords Hacking 135

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

AUGUST 31, 2020

Commentary: For organizations struggling to secure their IT, a host of new, developer-focused products are hitting the market. Check out this guide of the best developer-centric security products.

Marketing 199

Marketing 199

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The npm security team has removed the JavaScript library “ fallguys ” from the npm portal because it was containing a malicious code used to steal sensitive files from an infected users’ browser and Discord application.

Advertising 145

Advertising Hacking Information Security Malware 145

WIRED Threat Level

AUGUST 30, 2020

Your laptop is a treasure trove of personal and sensitive information—make sure it's as secure as it can be.

133

133

Daniel Miessler

SEPTEMBER 4, 2020

Shoshana Zuboff came out with a brilliant work called Surveillance Capitalism a while back, which I reviewed here. It talked about not just the threat of the tech itself but how that tech could be used to control the behavior of populations. I highly recommend it. Cory Doctorow, of Down and Out in the Magic Kingdom and Little Brother fame just came out with a rebuttal, essentially saying no—it’s not the tech that’s the problem, but rather that the companies wielding the tech ar

Surveillance 130

Surveillance Technology Government Healthcare 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity