Troy Hunt

APRIL 9, 2020

Hey, did you hear that Facebook are going to start using your personal photos in whatever way they see fit? For real, it's going to start tomorrow unless you act quickly! All you have to do is copy and paste this message onto your own Facebook page and wammo - they're not allowed to touch them! Ready? Here goes: "With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents.

Mobile 364

Mobile Media Scams Technology 364

Krebs on Security

APRIL 10, 2020

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return.

Computers and Electronics 351

Computers and Electronics Banking Accountability Scams 351

The Last Watchdog

APRIL 7, 2020

Application programming interface. API. It’s the glue holding digital transformation together. Related: A primer on ‘credential stuffing’ APIs are the conduits for moving data to-and-fro in our digitally transformed world. APIs are literally everywhere in the digital landscape, and more are being created every minute. APIs connect the coding that enables the creation and implementation of new applications.

Mobile 266

Mobile Digital transformation Scams Accountability 266

Schneier on Security

APRIL 9, 2020

A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as " namespace collision ," a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. Windows computers on an internal corporate network validate other things on that network using a Microsoft innovation called Active Directory , which is th

DNS 362

DNS Wireless Internet Internet 362

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

APRIL 6, 2020

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog.

Advertising 290

Advertising Internet Internet VPN 290

Krebs on Security

APRIL 7, 2020

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe.

DNS 336

DNS Wireless Risk Passwords 336

Schneier on Security

APRIL 8, 2020

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz): RSA-250 sieving: 2450 physical core-years. RSA-250 matrix: 250 physical core-years. The computation involved tens of thousands of machines worldwide, and was completed in a few months.

Software 361

Software Encryption 361

Troy Hunt

APRIL 10, 2020

Somehow this week's update ended up being 55 minutes, largely because of playing with a bunch of the new network gear and unboxing a pretty snazzy looking rack from 4Cabling. I get through with that then sit by the pool for the rest of this week's update. (And yes, I shaved!) Incidentally, there's some audio clipping occurring after I sit by the pool.

Passwords 263

Passwords 263

Adam Levin

APRIL 6, 2020

Marriott International announced a data breach that may have exposed the information of 5.2 million guests. Among the information potentially compromised are names, birthdates, mailing addresses, phone numbers, email addresses, and birthdates. This is the second major data breach that Marriott has experienced in recent years; in 2018, the company announced that the information of 327 million customers of subsidiary Starwoodhad been compromised in a similar incident. .

Data breaches 187

Data breaches Financial Services Passwords Insurance 187

The Last Watchdog

APRIL 9, 2020

There’s no stopping the Internet of Things now. Related: The promise, pitfalls of IoT Companies have commenced the dispersal of IoT systems far and wide. Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. And fantastic new IoT-enabled services will spew out of the other end.

Internet 195

Internet Internet IoT Technology 195

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

APRIL 7, 2020

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Cybersecurity 328

Cybersecurity VPN Scams Phishing 328

Tech Republic Security

APRIL 7, 2020

Phishing is the leading threat exploiting COVID-19, followed by malicious websites, according to a survey of IT professionals from Check Point.

Phishing 197

Phishing 197

Adam Levin

APRIL 10, 2020

Businesses across the country have had to adjust to their employees working from home. For many it was a last-minute scramble to adjust to what has become “the new normal” in the face of the coronavirus pandemic. As businesses and their employees settle into what could be for many a span of several weeks or months with a mandatory or recommended work from home order, organizations large and small face a potential company-killer: their surface of potentially vulnerable technology gre

Cybersecurity 130

Cybersecurity Data breaches Phishing Technology 130

The Last Watchdog

APRIL 6, 2020

Cyber criminals who specialize in plundering local governments and school districts are in their heyday. Related : How ransomware became a scourge Ransomware attacks and email fraud have spiked to record levels across the U.S. in each of the past three years, and a disproportionate number of the hardest hit organizations were local public agencies. Lucy Security, a security training company based in Zug, Switzerland that works with many smaller public entities, has been in the thick of this onsl

Scams 147

Scams Social Engineering Ransomware Engineering 147

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

APRIL 10, 2020

Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system.

Cybersecurity 326

Cybersecurity 326

Tech Republic Security

APRIL 8, 2020

IntSights researchers surveyed the cyberthreat landscape, finding a wide variety of coronavirus-themed phishing lures, malware infections, network intrusions, scams, and disinformation campaigns.

Scams 175

Scams Phishing Malware 175

Adam Levin

APRIL 8, 2020

In the latest episode of Third Certainty, Adam Levin explains the danger of voice deepfakes. The post Beware Voice Deepfakes: Third Certainty #16 appeared first on Adam Levin.

Technology 130

Technology 130

Daniel Miessler

APRIL 6, 2020

THIS WEEK’S TOPICS: Coronavirus unemployment rate, 2 million guns, UK 5G attacks, German Antibodies, Zoom Drama, New Cloudflare Servers, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

APRIL 6, 2020

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam -- a fake name Microsoft gave the victim in their case study -- five days after the employee's user credentials were exfiltrated to the attacker's command and control (C&C) server.

Malware 291

Malware Phishing Authentication Internet 291

Tech Republic Security

APRIL 8, 2020

Cybercriminals are already looking for ways to steal government assistance designed to help those struggling because of the COVID-19 pandemic.

Scams 193

Scams Cybersecurity Government 193

Security Affairs

APRIL 8, 2020

This week, NASA sent out a memo to its personnel warning of a significant increase in the cyberattacks during the Coronavirus outbreak. NASA sent out a memo to its personnel warning of a significant increase in cyberattacks on the agency while its employees are in smart-working due to the Coronavirus outbreak. According to the Agency, roughly 75 percent of its employees are currently working from home.

Cyber Attacks 145

Cyber Attacks Computers and Electronics VPN Phishing 145

WIRED Threat Level

APRIL 10, 2020

The tech giants have teamed up to use a Bluetooth-based framework to keep track of the spread of infections without compromising location privacy.

144

144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

APRIL 10, 2020

Apple and Google announced that decentralized Bluetooth technology will soon be rolled out for coronavirus contact tracing. The privacy implications are worrisome for some.

Technology 124

Technology Data privacy Mobile 124

Tech Republic Security

APRIL 9, 2020

The road to secure containers is long and winding. One stop you should take on that journey is unloading unnecessary kernel modules in your Linux containers.

174

174

Security Affairs

APRIL 10, 2020

Cryptocurrency exchange Bisq stopped trading activities due to a cyberattack , crooks have stolen $250,000 worth of virtual currency from the company. The decentralized exchange (DEX) Bisq rang stopped trading activities late Tuesday night after it uncovered a critical security vulnerability that was exploited by a hacker to steal more than $250,000 worth of cryptocurrency from users. “Bisq developers are currently investigating a critical security vulnerability, and the alert key has been

Cryptocurrency 145

Cryptocurrency Advertising Hacking Information Security 145

Dark Reading

APRIL 10, 2020

Identifying normal behavior baselines is essential to behavior-based authentication. However, with COVID-19 upending all aspects of life, is it possible to build baselines and measure normal patterns when nothing at all seems normal?

Authentication 118

Authentication 118

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

APRIL 9, 2020

Emails purporting to be a Cisco "critical security advisory" are actually part of a phishing campaign trying to steal victims' Webex credentials.

Phishing 136

Phishing 136

Tech Republic Security

APRIL 8, 2020

Bitdefender warns against this dangerous new IoT "dark_nexus" attack that is innovative and cheap for attackers to acquire.

IoT 196

IoT 196

Security Affairs

APRIL 10, 2020

VMware has addressed a critical information disclosure vulnerability related to the Directory Service that can be exploited to compromise vCenter Server. VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service ( vmdir ) for authentication.

Hacking 145

Hacking Advertising Authentication Information Security 145

Dark Reading

APRIL 9, 2020

How the hacker mindset and skill set could play a role in improving and securing societal systems, according to renowned security technologist Bruce Schneier.

Hacking 123

Hacking 123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity