Troy Hunt

SEPTEMBER 3, 2020

You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway. Huh? Isn't the whole point of encryption that it protects data when exposed to unintended parties? Ah, yes, but it wasn't encrypted it was hashed and therein lies a key difference: Saying that passwords are “encrypted” over and over again doesn’t make it so.

Passwords 363

Passwords Encryption Data breaches Risk 363

Adam Levin

SEPTEMBER 1, 2020

Databases containing the personal information of millions of U.S. voters have appeared on Russian hacking forums. According to Russian news outlet Kommersant , a hacker called Gorka9 has posted the personal information of several million registered voters in Michigan, Arkansas, Connecticut, Florida, and South Carolina.The data includes names, birthdates, gender, mailing addresses, email addresses and polling station numbers.

Hacking 281

Hacking Cyber Attacks Authentication Government 281

Schneier on Security

SEPTEMBER 2, 2020

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted.

352

352

Tech Republic Security

SEPTEMBER 1, 2020

Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.

Ransomware 216

Ransomware 216

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

SEPTEMBER 4, 2020

I kicked off a little bit earlier on this one in order to wrap up before the Burning Minds keynote, and it's interesting to see just how much difference that little sliver of sunlight makes to the video quality. Check the very start of the video versus the very end; this is the sunset slipping through the crack in the fully drawn blinds, make a massive difference.

Passwords 201

Passwords Encryption Risk 201

Adam Levin

SEPTEMBER 4, 2020

The controversial collection of details on billions of American phone calls by the National Security Agency (NSA) was illegal and possibly unconstitutional, according to a ruling by a federal appeals court. Under the NSA program, information and metadata from calls placed by U.S. citizens were collected in bulk and screened for possible connections to terrorist activity.

Surveillance 260

Surveillance Data collection Government Cybersecurity 260

Tech Republic Security

AUGUST 31, 2020

Commentary: For organizations struggling to secure their IT, a host of new, developer-focused products are hitting the market. Check out this guide of the best developer-centric security products.

Marketing 189

Marketing 189

Daniel Miessler

SEPTEMBER 4, 2020

Shoshana Zuboff came out with a brilliant work called Surveillance Capitalism a while back, which I reviewed here. It talked about not just the threat of the tech itself but how that tech could be used to control the behavior of populations. I highly recommend it. Cory Doctorow, of Down and Out in the Magic Kingdom and Little Brother fame just came out with a rebuttal, essentially saying no—it’s not the tech that’s the problem, but rather that the companies wielding the tech ar

Surveillance 130

Surveillance Technology Government Healthcare 130

Security Affairs

SEPTEMBER 2, 2020

Hackers actively exploiting a critical remote code execution vulnerability in the File Manager plugin, over 300,000 WordPress sites potentially exposed. Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin.

Firewall 144

Firewall Advertising Hacking 144

Schneier on Security

AUGUST 31, 2020

Seny Kamara gave an excellent keynote talk this year at the (online) CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to.

Government 268

Government 268

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

SEPTEMBER 2, 2020

Instead of trying to remember a long and complex password, try switching to passphrases. Learn why they're important and how they work.

Passwords 203

Passwords 203

Threatpost

SEPTEMBER 3, 2020

The NSA argued its mass surveillance program stopped terrorist attacks - but a new U.S. court ruling found that this is not, and may have even been unconstitutional.

Surveillance 136

Surveillance Data privacy Government 136

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The npm security team has removed the JavaScript library “ fallguys ” from the npm portal because it was containing a malicious code used to steal sensitive files from an infected users’ browser and Discord application.

Advertising 143

Advertising Hacking Information Security Malware 143

Schneier on Security

SEPTEMBER 4, 2020

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis.

Hacking 270

Hacking 270

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 4, 2020

This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.

Phishing 191

Phishing Accountability 191

Dark Reading

SEPTEMBER 1, 2020

Mass domain purchasing enables email attackers to slip by traditional defenses. Here's how artificial intelligence can stop them.

Artificial Intelligence 138

Artificial Intelligence 138

Security Affairs

SEPTEMBER 2, 2020

Experts warn of the KryptoCibule Windows malware that has been active since late 2018 and has targeted users in the Czech Republic and Slovakia. Security researchers from ESET have shared technical detailts of a new piece of Windows malware tracked as KryptoCibule. The malware has been active since at least December 2018, it targets cryptocurrency users as a triple threat.

Cryptocurrency 143

Cryptocurrency Antivirus Malware Advertising 143

Schneier on Security

SEPTEMBER 3, 2020

Interesting story of a class break against the entire Tesla fleet.

Hacking 268

Hacking 268

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

SEPTEMBER 4, 2020

If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.

Authentication 186

Authentication 186

WIRED Threat Level

SEPTEMBER 4, 2020

Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case.

Software 124

Software 124

Security Affairs

AUGUST 29, 2020

North Korea-linked APT group BeagleBoyz intensified its operations since February, US CISA, Department of the Treasury, FBI, and USCYBERCOM warn. According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation (FBI), and U.S. Cyber Command (USCYBERCOM) North Korea-linked APT group BeagleBoyz was very active since February 2020 targeting banks across the world.

Banking 143

Banking Malware Advertising Hacking 143

Threatpost

SEPTEMBER 4, 2020

The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.

Mobile 121

Mobile 121

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

SEPTEMBER 4, 2020

Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.

Passwords 189

Passwords 189

Dark Reading

SEPTEMBER 2, 2020

From COVID-19 treatment to academic studies, keeping research secure is more important than ever. The ResearchSOC at Indiana University intends to help.

Cyber Attacks 122

Cyber Attacks 122

Security Affairs

SEPTEMBER 1, 2020

French President Emmanuel Macron announced that France won’t ban the Chinese giant Huawei from its upcoming 5G telecommunication networks. French President Emmanuel Macron announced that his government will not exclude Chinese telecom giant Huawei from the building of the upcoming 5G telecommunication networks. However, Macron said that France will favor European providers of 5G technology due to security concerns.

Telecommunications 142

Telecommunications Advertising Technology Manufacturing 142

WIRED Threat Level

SEPTEMBER 2, 2020

Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims.

Hacking 130

Hacking Ransomware 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

SEPTEMBER 3, 2020

Social distancing and remote working during COVID-19 have increased cybersecurity risks for companies worldwide, increasing the need for project managers to work on more security-related efforts.

Risk 155

Risk Cybersecurity 155

Threatpost

SEPTEMBER 4, 2020

A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.

Phishing 135

Phishing Passwords Hacking 135

Security Affairs

AUGUST 31, 2020

Cisco warns that threat actors are attempting to exploit a high severity DoS flaw in its Cisco IOS XR software that runs on carrier-grade routers. Cisco warned over the weekend that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability ( CVE-2020-3566 ) affecting the Cisco IOS XR Network OS that runs on carrier-grade routers.

Software 144

Software Internet Internet Advertising 144

WIRED Threat Level

AUGUST 31, 2020

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time.

Adware 129

Adware Malware 129

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity