Krebs on Security
APRIL 23, 2020
Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.
Schneier on Security
APRIL 24, 2020
OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
APRIL 24, 2020
It's a day late because somehow, even in the current climate, I still find myself with a lot on my plate and the 2am getup yesterday morning didn't leave me much like talking by the usual time I'd record this video came around. Regardless, I haven't missed a week yet and I wasn't going to start today! No great single stories of significance this week but I thought I'd share some insights into how life is gradually returning to a new kind of normal here.
Tech Republic Security
APRIL 23, 2020
Ranging from ethical hacking to cloud security, these certs make it easier to get promoted and negotiate a higher salary.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Adam Shostack
APRIL 23, 2020
This week’s threat model Thursday looks at an academic paper, Security Threat Modeling: Are Data Flow Diagrams Enough? by Laurens Sion and colleagues. The short (4 page), readable paper looks at the strengths and weaknesses of forms of DFDs, and what we might achieve with variations on the form and different investments of effort. I take issue with the framing of ‘enough’, as if there’s a single definition of enough that’s enough for all of us, but that’s the
Schneier on Security
APRIL 23, 2020
The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
APRIL 24, 2020
A breach has impacted the accounts of some 160,000 Nintendo users. Here's what to do if you're one of them.
The Last Watchdog
APRIL 22, 2020
Privileged Access Management ( PAM ) arose some 15 years ago as an approach to restricting access to sensitive systems inside of a corporate network. Related: Active Directory holds ‘keys to the kingdom’ The basic idea was to make sure only the folks assigned “privileged access’’ status could successfully log on to sensitive servers. PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory ( AD ) environment.
Schneier on Security
APRIL 21, 2020
This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from countries such as Iran, Egypt and Saudi Arabia.
Security Affairs
APRIL 20, 2020
Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords. Hackers are offering for sale over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums, the archive doesn’t include passwords. Early March, the security expert Bob Diachenko uncovered an Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
APRIL 24, 2020
Campaigns against government agencies, educational establishments, and healthcare providers aren't proving as successful as expected, says security firm Emsisoft.
Dark Reading
APRIL 23, 2020
A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease.
Schneier on Security
APRIL 22, 2020
Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was targeted." He said some of the targets were an executive from a telephone carrier in Japan, a "VIP" from Germany, managed security service providers from Saudi Arabia and Israel, people who work for a Fortu
Security Affairs
APRIL 19, 2020
The FBI announced that the number of cybercrime reports is spiked since the beginning of the Coronavirus (COVID-19) pandemic. Speaking at the Aspen Institute, FBI Deputy Assistant Director Tonya Ugoretz, announced that the bureau has observed a spike in cybercrime reports since the beginning of the C oronavirus pandemic. The FBI official explained that the number of reports has quadrupled compared to months before the COVID-19 outbreak. “The FBI has an Internet Crime Complaint Center, the
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
APRIL 21, 2020
Many small- and mid-sized business owners say they lack of the time or resources to effectively battle ransomware, according to a survey from security provider Infrascale.
Threatpost
APRIL 24, 2020
After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked.
Schneier on Security
APRIL 20, 2020
Microsoft is training a machine-learning system to find software bugs : At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply more people to the problem. However, large volumes of semi-curated data are perfect for machine learning.
Security Affairs
APRIL 23, 2020
Google warns that nation-backed hackers are exploiting the COVID-19 pandemic to organizations involved in the fight against the pandemic. Google is warning that nation-state actors are exploiting the COVID-19 (Coronavirus) pandemic to target health care organizations and entities involved in the fight against the pandemic. Google’s Threat Analysis Group (TAG) shared its latest findings related to state-backed attacks and revealed that it has identified more than a dozen state-sponsored groups us
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
APRIL 21, 2020
Designed to mimic legitimate users, these bots allow attackers to mine data, brute force login credentials, and harvest personal information, according to Imperva.
Thales Cloud Protection & Licensing
APRIL 21, 2020
As the U.S. federal government contends with a tidal wave of demands in the COVID-19 battle, agencies are pushed to unprecedented limits. Some good news: the U.S. government is excelling with digital transformation (DX) which is critical in this time of crisis as the cloud becomes a crucial dynamic with the world working remotely. New digital capabilities are enabling data to be more fully utilized.
Lenny Zeltser
APRIL 19, 2020
You can now take my malware analysis and cybersecurity writing courses online in two formats at SANS Institute, depending on how you prefer to learn: OnDemand: Self-paced, recorded training with four months of access to course materials and labs. You’ll like this if you prefer to start, stop, or speed up training any time they want or who need the flexibility of extended access to the materials.
Security Affairs
APRIL 21, 2020
The OpenSSL Project has released a security update for OpenSSL that addresses a DoS vulnerability tracked as CVE-2020-1967. The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. This is the first issue addressed in OpenSSL in 2020.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
APRIL 24, 2020
Telecommuting comes with its own set of cybersecurity risks. Kaspersky has announced a free training module to help remote teams make more informed cybersecurity decisions.
Threatpost
APRIL 20, 2020
Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.
WIRED Threat Level
APRIL 22, 2020
Security researchers reveal a months-long, indiscriminate campaign targeting the iPhones of Chinese Muslims.
Security Affairs
APRIL 24, 2020
A joint report released by the U.S. NSA and the Australian Signals Directorate (ASD) warns of attackers increasingly exploiting vulnerable web servers to deploy web shells. A joint report published by the U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) is warning of bad actors increasingly exploiting vulnerable web servers to deploy web shells.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
APRIL 22, 2020
Zoom 5.0 is due to be launched within a week, bringing 256-bit encryption and new features for helping hosts stay in control of their meetings and their data.
Threatpost
APRIL 24, 2020
Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them.
WIRED Threat Level
APRIL 19, 2020
In an exclusive interview with WIRED, FBI director Christopher Wray discusses a scourge that “moves at the speed of social media.”.
Security Affairs
APRIL 18, 2020
TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19 -themed malicious emails and attachments.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
363 
Let's personalize your content