Krebs on Security
APRIL 23, 2020
Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.
Schneier on Security
APRIL 24, 2020
OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 24, 2020
A breach has impacted the accounts of some 160,000 Nintendo users. Here's what to do if you're one of them.
Troy Hunt
APRIL 24, 2020
It's a day late because somehow, even in the current climate, I still find myself with a lot on my plate and the 2am getup yesterday morning didn't leave me much like talking by the usual time I'd record this video came around. Regardless, I haven't missed a week yet and I wasn't going to start today! No great single stories of significance this week but I thought I'd share some insights into how life is gradually returning to a new kind of normal here.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
APRIL 23, 2020
Google warns that nation-backed hackers are exploiting the COVID-19 pandemic to organizations involved in the fight against the pandemic. Google is warning that nation-state actors are exploiting the COVID-19 (Coronavirus) pandemic to target health care organizations and entities involved in the fight against the pandemic. Google’s Threat Analysis Group (TAG) shared its latest findings related to state-backed attacks and revealed that it has identified more than a dozen state-sponsored groups us
Schneier on Security
APRIL 23, 2020
The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Dark Reading
APRIL 23, 2020
A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease.
Security Affairs
APRIL 20, 2020
Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords. Hackers are offering for sale over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums, the archive doesn’t include passwords. Early March, the security expert Bob Diachenko uncovered an Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names.
Schneier on Security
APRIL 21, 2020
This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from countries such as Iran, Egypt and Saudi Arabia.
Tech Republic Security
APRIL 24, 2020
Campaigns against government agencies, educational establishments, and healthcare providers aren't proving as successful as expected, says security firm Emsisoft.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Threatpost
APRIL 24, 2020
After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked.
Security Affairs
APRIL 19, 2020
The FBI announced that the number of cybercrime reports is spiked since the beginning of the Coronavirus (COVID-19) pandemic. Speaking at the Aspen Institute, FBI Deputy Assistant Director Tonya Ugoretz, announced that the bureau has observed a spike in cybercrime reports since the beginning of the C oronavirus pandemic. The FBI official explained that the number of reports has quadrupled compared to months before the COVID-19 outbreak. “The FBI has an Internet Crime Complaint Center, the
Schneier on Security
APRIL 22, 2020
Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was targeted." He said some of the targets were an executive from a telephone carrier in Japan, a "VIP" from Germany, managed security service providers from Saudi Arabia and Israel, people who work for a Fortu
Tech Republic Security
APRIL 21, 2020
Designed to mimic legitimate users, these bots allow attackers to mine data, brute force login credentials, and harvest personal information, according to Imperva.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
APRIL 22, 2020
Privileged Access Management ( PAM ) arose some 15 years ago as an approach to restricting access to sensitive systems inside of a corporate network. Related: Active Directory holds ‘keys to the kingdom’ The basic idea was to make sure only the folks assigned “privileged access’’ status could successfully log on to sensitive servers. PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory ( AD ) environment.
Security Affairs
APRIL 21, 2020
The OpenSSL Project has released a security update for OpenSSL that addresses a DoS vulnerability tracked as CVE-2020-1967. The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. This is the first issue addressed in OpenSSL in 2020.
Schneier on Security
APRIL 20, 2020
Microsoft is training a machine-learning system to find software bugs : At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply more people to the problem. However, large volumes of semi-curated data are perfect for machine learning.
Tech Republic Security
APRIL 21, 2020
Many small- and mid-sized business owners say they lack of the time or resources to effectively battle ransomware, according to a survey from security provider Infrascale.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Adam Shostack
APRIL 23, 2020
This week’s threat model Thursday looks at an academic paper, Security Threat Modeling: Are Data Flow Diagrams Enough? by Laurens Sion and colleagues. The short (4 page), readable paper looks at the strengths and weaknesses of forms of DFDs, and what we might achieve with variations on the form and different investments of effort. I take issue with the framing of ‘enough’, as if there’s a single definition of enough that’s enough for all of us, but that’s the
Security Affairs
APRIL 24, 2020
A joint report released by the U.S. NSA and the Australian Signals Directorate (ASD) warns of attackers increasingly exploiting vulnerable web servers to deploy web shells. A joint report published by the U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) is warning of bad actors increasingly exploiting vulnerable web servers to deploy web shells.
Daniel Miessler
APRIL 20, 2020
THIS WEEK’S TOPICS: Bay Area Lockdown Til May, The Swedish Approach, California Autopsies, Zoom Security Updates, Palantir Contacts, NSA Web Vulns, GreyNoise Services, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.
Tech Republic Security
APRIL 22, 2020
The Maze ransomware group is believed to be responsible for the attack, and it typically blackmails victims by demanding payment to decrypt stolen files.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
APRIL 23, 2020
Attackers are sending convincing emails that ultimately steal victims' Skype credentials.
Security Affairs
APRIL 22, 2020
China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity, QuoIntelligence (QuoINT) firm reported. Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity. The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007.
WIRED Threat Level
APRIL 22, 2020
Security researchers reveal a months-long, indiscriminate campaign targeting the iPhones of Chinese Muslims.
Tech Republic Security
APRIL 22, 2020
Zoom 5.0 is due to be launched within a week, bringing 256-bit encryption and new features for helping hosts stay in control of their meetings and their data.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Threatpost
APRIL 20, 2020
Cognizant has confirmed that a Friday evening Maze ransomware attack has disrupted its systems.
Security Affairs
APRIL 18, 2020
TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19 -themed malicious emails and attachments.
Lenny Zeltser
APRIL 19, 2020
You can now take my malware analysis and cybersecurity writing courses online in two formats at SANS Institute, depending on how you prefer to learn: OnDemand: Self-paced, recorded training with four months of access to course materials and labs. You’ll like this if you prefer to start, stop, or speed up training any time they want or who need the flexibility of extended access to the materials.
Tech Republic Security
APRIL 21, 2020
Fears over data leaks from remote workers are not only founded, they're much worse than anticipated, said the International Association of IT Asset Managers.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
363 
Let's personalize your content