Troy Hunt

APRIL 9, 2020

Hey, did you hear that Facebook are going to start using your personal photos in whatever way they see fit? For real, it's going to start tomorrow unless you act quickly! All you have to do is copy and paste this message onto your own Facebook page and wammo - they're not allowed to touch them! Ready? Here goes: "With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents.

Mobile 364

Mobile Media Scams Technology 364

Krebs on Security

APRIL 10, 2020

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return.

Computers and Electronics 355

Computers and Electronics Banking Accountability Scams 355

Schneier on Security

APRIL 9, 2020

A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as " namespace collision ," a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. Windows computers on an internal corporate network validate other things on that network using a Microsoft innovation called Active Directory , which is th

DNS 279

DNS Wireless Internet Internet 279

The Last Watchdog

APRIL 7, 2020

Application programming interface. API. It’s the glue holding digital transformation together. Related: A primer on ‘credential stuffing’ APIs are the conduits for moving data to-and-fro in our digitally transformed world. APIs are literally everywhere in the digital landscape, and more are being created every minute. APIs connect the coding that enables the creation and implementation of new applications.

Mobile 266

Mobile Digital transformation Scams Accountability 266

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

APRIL 6, 2020

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog.

Advertising 291

Advertising Internet Internet VPN 291

Krebs on Security

APRIL 7, 2020

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe.

DNS 338

DNS Wireless Risk Passwords 338

Daniel Miessler

APRIL 9, 2020

I’ve been processing my thoughts on the Zoom Security stuff for a couple of weeks now, and I think I finally have an opinion. The hate is silly. Like I said, I sense something strange here. I get there are security issues. And some seem pretty bad. But the amount of highly-coordinated PR against the company feels more like an operation than regular criticism… The Spidey Sense is flaring for sure.

Manufacturing 246

Manufacturing Risk Media Marketing 246

Troy Hunt

APRIL 10, 2020

Somehow this week's update ended up being 55 minutes, largely because of playing with a bunch of the new network gear and unboxing a pretty snazzy looking rack from 4Cabling. I get through with that then sit by the pool for the rest of this week's update. (And yes, I shaved!) Incidentally, there's some audio clipping occurring after I sit by the pool.

Passwords 284

Passwords 284

Tech Republic Security

APRIL 7, 2020

Phishing is the leading threat exploiting COVID-19, followed by malicious websites, according to a survey of IT professionals from Check Point.

Phishing 207

Phishing 207

Schneier on Security

APRIL 7, 2020

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Cybersecurity 258

Cybersecurity VPN Scams Phishing 258

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

APRIL 9, 2020

There’s no stopping the Internet of Things now. Related: The promise, pitfalls of IoT Companies have commenced the dispersal of IoT systems far and wide. Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. And fantastic new IoT-enabled services will spew out of the other end.

Internet 195

Internet Internet IoT Technology 195

Adam Levin

APRIL 6, 2020

Marriott International announced a data breach that may have exposed the information of 5.2 million guests. Among the information potentially compromised are names, birthdates, mailing addresses, phone numbers, email addresses, and birthdates. This is the second major data breach that Marriott has experienced in recent years; in 2018, the company announced that the information of 327 million customers of subsidiary Starwoodhad been compromised in a similar incident. .

Data breaches 187

Data breaches Financial Services Passwords Accountability 187

Tech Republic Security

APRIL 8, 2020

Bitdefender warns against this dangerous new IoT "dark_nexus" attack that is innovative and cheap for attackers to acquire.

IoT 205

IoT 205

Schneier on Security

APRIL 10, 2020

Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system.

Cybersecurity 257

Cybersecurity 257

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

APRIL 6, 2020

Cyber criminals who specialize in plundering local governments and school districts are in their heyday. Related : How ransomware became a scourge Ransomware attacks and email fraud have spiked to record levels across the U.S. in each of the past three years, and a disproportionate number of the hardest hit organizations were local public agencies. Lucy Security, a security training company based in Zug, Switzerland that works with many smaller public entities, has been in the thick of this onsl

Scams 147

Scams Social Engineering Ransomware Engineering 147

WIRED Threat Level

APRIL 10, 2020

The tech giants have teamed up to use a Bluetooth-based framework to keep track of the spread of infections without compromising location privacy.

145

145

Tech Republic Security

APRIL 8, 2020

Cybercriminals are already looking for ways to steal government assistance designed to help those struggling because of the COVID-19 pandemic.

Scams 203

Scams Cybersecurity Government 203

Schneier on Security

APRIL 6, 2020

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam -- a fake name Microsoft gave the victim in their case study -- five days after the employee's user credentials were exfiltrated to the attacker's command and control (C&C) server.

Malware 229

Malware Phishing Authentication Internet 229

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

APRIL 10, 2020

Sophos announced the public release of the source code of the sandbox-based isolation program Sandboxie. Sophos is going to release the Windows sandbox-based isolation program Sandboxie in open source. “Sandboxie has long been a favorite sandbox-based isolation tool since its original release over fifteen years ago. Now this technology will live on in the hands of its dedicated users.” Sophos Director of Product Marketing Seth Geftic said. “We are thrilled to give the code to

Advertising 145

Advertising Malware Marketing Technology 145

WIRED Threat Level

APRIL 5, 2020

Trolls. Prying bosses. Zoom's a great video chat platform, but a few simple steps also make it a safe one.

141

141

Tech Republic Security

APRIL 9, 2020

The road to secure containers is long and winding. One stop you should take on that journey is unloading unnecessary kernel modules in your Linux containers.

190

190

Threatpost

APRIL 9, 2020

Emails purporting to be a Cisco "critical security advisory" are actually part of a phishing campaign trying to steal victims' Webex credentials.

Phishing 136

Phishing 136

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

APRIL 10, 2020

VMware has addressed a critical information disclosure vulnerability related to the Directory Service that can be exploited to compromise vCenter Server. VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service ( vmdir ) for authentication.

Hacking 145

Hacking Advertising Authentication Information Security 145

Adam Levin

APRIL 10, 2020

Businesses across the country have had to adjust to their employees working from home. For many it was a last-minute scramble to adjust to what has become “the new normal” in the face of the coronavirus pandemic. As businesses and their employees settle into what could be for many a span of several weeks or months with a mandatory or recommended work from home order, organizations large and small face a potential company-killer: their surface of potentially vulnerable technology gre

Cybersecurity 130

Cybersecurity Data breaches Phishing Technology 130

Tech Republic Security

APRIL 8, 2020

IntSights researchers surveyed the cyberthreat landscape, finding a wide variety of coronavirus-themed phishing lures, malware infections, network intrusions, scams, and disinformation campaigns.

Scams 190

Scams Phishing Malware 190

Daniel Miessler

APRIL 6, 2020

THIS WEEK’S TOPICS: Coronavirus unemployment rate, 2 million guns, UK 5G attacks, German Antibodies, Zoom Drama, New Cloudflare Servers, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

APRIL 10, 2020

Cryptocurrency exchange Bisq stopped trading activities due to a cyberattack , crooks have stolen $250,000 worth of virtual currency from the company. The decentralized exchange (DEX) Bisq rang stopped trading activities late Tuesday night after it uncovered a critical security vulnerability that was exploited by a hacker to steal more than $250,000 worth of cryptocurrency from users. “Bisq developers are currently investigating a critical security vulnerability, and the alert key has been

Cryptocurrency 145

Cryptocurrency Advertising Hacking Information Security 145

Adam Levin

APRIL 8, 2020

In the latest episode of Third Certainty, Adam Levin explains the danger of voice deepfakes. The post Beware Voice Deepfakes: Third Certainty #16 appeared first on Adam Levin.

Technology 130

Technology 130

Tech Republic Security

APRIL 10, 2020

Policies make it easy to set a training plan for end users and improve risk management strategies.

Risk 170

Risk 170

Dark Reading

APRIL 10, 2020

Phishing campaigns and scams are skyrocketing to take advantage of people concerned about COVID-19 impacts. Here are some key examples in action.

Phishing 129

Phishing Scams 129

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity