Krebs on Security
APRIL 23, 2020
Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.
Schneier on Security
APRIL 24, 2020
OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 23, 2020
Ranging from ethical hacking to cloud security, these certs make it easier to get promoted and negotiate a higher salary.
Troy Hunt
APRIL 24, 2020
It's a day late because somehow, even in the current climate, I still find myself with a lot on my plate and the 2am getup yesterday morning didn't leave me much like talking by the usual time I'd record this video came around. Regardless, I haven't missed a week yet and I wasn't going to start today! No great single stories of significance this week but I thought I'd share some insights into how life is gradually returning to a new kind of normal here.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
APRIL 23, 2020
Google warns that nation-backed hackers are exploiting the COVID-19 pandemic to organizations involved in the fight against the pandemic. Google is warning that nation-state actors are exploiting the COVID-19 (Coronavirus) pandemic to target health care organizations and entities involved in the fight against the pandemic. Google’s Threat Analysis Group (TAG) shared its latest findings related to state-backed attacks and revealed that it has identified more than a dozen state-sponsored groups us
Schneier on Security
APRIL 23, 2020
The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
APRIL 23, 2020
A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease.
Security Affairs
APRIL 20, 2020
Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords. Hackers are offering for sale over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums, the archive doesn’t include passwords. Early March, the security expert Bob Diachenko uncovered an Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names.
Schneier on Security
APRIL 21, 2020
This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from countries such as Iran, Egypt and Saudi Arabia.
Tech Republic Security
APRIL 24, 2020
Campaigns against government agencies, educational establishments, and healthcare providers aren't proving as successful as expected, says security firm Emsisoft.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Threatpost
APRIL 24, 2020
After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked.
Security Affairs
APRIL 19, 2020
The FBI announced that the number of cybercrime reports is spiked since the beginning of the Coronavirus (COVID-19) pandemic. Speaking at the Aspen Institute, FBI Deputy Assistant Director Tonya Ugoretz, announced that the bureau has observed a spike in cybercrime reports since the beginning of the C oronavirus pandemic. The FBI official explained that the number of reports has quadrupled compared to months before the COVID-19 outbreak. “The FBI has an Internet Crime Complaint Center, the
Schneier on Security
APRIL 22, 2020
Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was targeted." He said some of the targets were an executive from a telephone carrier in Japan, a "VIP" from Germany, managed security service providers from Saudi Arabia and Israel, people who work for a Fortu
Tech Republic Security
APRIL 21, 2020
Designed to mimic legitimate users, these bots allow attackers to mine data, brute force login credentials, and harvest personal information, according to Imperva.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
APRIL 22, 2020
Security researchers reveal a months-long, indiscriminate campaign targeting the iPhones of Chinese Muslims.
Security Affairs
APRIL 21, 2020
The OpenSSL Project has released a security update for OpenSSL that addresses a DoS vulnerability tracked as CVE-2020-1967. The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. This is the first issue addressed in OpenSSL in 2020.
Schneier on Security
APRIL 20, 2020
Microsoft is training a machine-learning system to find software bugs : At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply more people to the problem. However, large volumes of semi-curated data are perfect for machine learning.
Tech Republic Security
APRIL 21, 2020
Many small- and mid-sized business owners say they lack of the time or resources to effectively battle ransomware, according to a survey from security provider Infrascale.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Last Watchdog
APRIL 22, 2020
Privileged Access Management ( PAM ) arose some 15 years ago as an approach to restricting access to sensitive systems inside of a corporate network. Related: Active Directory holds ‘keys to the kingdom’ The basic idea was to make sure only the folks assigned “privileged access’’ status could successfully log on to sensitive servers. PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory ( AD ) environment.
Security Affairs
APRIL 24, 2020
A joint report released by the U.S. NSA and the Australian Signals Directorate (ASD) warns of attackers increasingly exploiting vulnerable web servers to deploy web shells. A joint report published by the U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) is warning of bad actors increasingly exploiting vulnerable web servers to deploy web shells.
Adam Shostack
APRIL 23, 2020
This week’s threat model Thursday looks at an academic paper, Security Threat Modeling: Are Data Flow Diagrams Enough? by Laurens Sion and colleagues. The short (4 page), readable paper looks at the strengths and weaknesses of forms of DFDs, and what we might achieve with variations on the form and different investments of effort. I take issue with the framing of ‘enough’, as if there’s a single definition of enough that’s enough for all of us, but that’s the
Tech Republic Security
APRIL 22, 2020
Zoom 5.0 is due to be launched within a week, bringing 256-bit encryption and new features for helping hosts stay in control of their meetings and their data.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Daniel Miessler
APRIL 20, 2020
THIS WEEK’S TOPICS: Bay Area Lockdown Til May, The Swedish Approach, California Autopsies, Zoom Security Updates, Palantir Contacts, NSA Web Vulns, GreyNoise Services, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.
Security Affairs
APRIL 22, 2020
China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity, QuoIntelligence (QuoINT) firm reported. Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity. The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007.
WIRED Threat Level
APRIL 19, 2020
In an exclusive interview with WIRED, FBI director Christopher Wray discusses a scourge that “moves at the speed of social media.”.
Tech Republic Security
APRIL 22, 2020
The Maze ransomware group is believed to be responsible for the attack, and it typically blackmails victims by demanding payment to decrypt stolen files.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Threatpost
APRIL 23, 2020
Attackers are sending convincing emails that ultimately steal victims' Skype credentials.
Security Affairs
APRIL 18, 2020
TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19 -themed malicious emails and attachments.
WIRED Threat Level
APRIL 18, 2020
Plus: Windows zero days, Covid-19 spam, and more of the week's top security news.
Tech Republic Security
APRIL 24, 2020
Telecommuting comes with its own set of cybersecurity risks. Kaspersky has announced a free training module to help remote teams make more informed cybersecurity decisions.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
363 
Let's personalize your content