Krebs on Security

MAY 26, 2020

A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division.

Government 360

Government Media 360

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Digital commerce would fly apart if businesses could not reliably affirm the identities of all humans and all machines, that is, computing instances, that are constantly connecting to each other across the Internet. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication.

Authentication 280

Authentication Cloud Migration Accountability Digital transformation 280

Schneier on Security

MAY 27, 2020

Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors. Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I marked out the ports and what they are known for (with a few blanks for ones I am unfamiliar with): 5900: VNC. 5901: VNC port 2. 5902: VNC port 3. 5903: VNC port 4. 5279: 3389: Windows remote desktop / RD

Banking 243

Banking 243

Troy Hunt

MAY 29, 2020

First time back in a restaurant! Wandering down my local dining area during the week, I was rather excited to see a cafe that wasn't just open, but actually had spare seating. Being limited to only 10 patrons at present, demand is well in excess of supply and all you have to do is leave some contact info in case someone else in the restaurant tests positive at a later date.

Data breaches 228

Data breaches VPN Government 228

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

MAY 23, 2020

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S. states struggle to combat a tsunami of phony Pandemic Unemployment Assistance (PUA) claims.

Insurance 356

Insurance Accountability Banking Government 356

Tech Republic Security

MAY 28, 2020

The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security.

Phishing 216

Phishing Accountability 216

The Last Watchdog

MAY 29, 2020

If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profoundly and permanently disrupted by the coronavirus pandemic. The tech giants are partnering on a tool for public good, but critics worry it will ultimately get used for predatory surveillance Related: Europe levies big fines for data privacy missteps If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profou

Surveillance 195

Surveillance Healthcare Government Data privacy 195

Krebs on Security

MAY 29, 2020

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offende

Cybercrime 287

Cybercrime System Administration Marketing Malware 287

Tech Republic Security

MAY 29, 2020

Zero trust means rethinking the safety of every bit of tech on a network. Learn five steps to building a zero trust environment.

214

214

Schneier on Security

MAY 29, 2020

The 5GBioShield sells for £339.60, and the description sounds like snake oil : its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF [electromagnetic field] emitting device".

Technology 216

Technology 216

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Levin

MAY 26, 2020

Over 25 million user logins and passwords from a popular math app are being offered for sale on the dark web following a data breach. Mathway, a popular app for iOS and Android devices, recently uncovered evidence of the breach after a hacking group announced it was selling Mathway user data on the dark web for roughly $4,000 in Bitcoin. . ShinyGroup, a hacking group notorious for selling compromised data, announced that they had breached Mathway in January 2020.

Data breaches 150

Data breaches Passwords Accountability Encryption 150

Krebs on Security

MAY 28, 2020

The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail.

Cybercrime 264

Cybercrime DDOS Advertising Hacking 264

Tech Republic Security

MAY 28, 2020

Scammers are increasingly exploiting file sharing sites such as Google Docs and Microsoft Sway to steal user credentials, according to Barracuda Networks.

Phishing 213

Phishing 213

Schneier on Security

MAY 26, 2020

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key.

Authentication 215

Authentication Wireless Manufacturing Technology 215

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MAY 29, 2020

Security experts from Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. A few weeks ago, threat intelligence firm Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. According to the experts, the leak includes government data of an entire country, it was leaked online by a reputable actor that goes online with moniker ‘Toogod.”. “A few weeks ago, our researchers came across a leaked databa

Advertising 145

Advertising Data breaches Government Information Security 145

WIRED Threat Level

MAY 28, 2020

In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim.

Hacking 145

Hacking 145

Tech Republic Security

MAY 29, 2020

People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.

Social Engineering 210

Social Engineering Engineering Hacking Cybersecurity 210

Schneier on Security

MAY 29, 2020

Note that this is " announced ," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling out on Android in March and is now bringing to iOS, uses machine learning analysis of communications across Faceb

Encryption 199

Encryption Accountability 199

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

MAY 29, 2020

Threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks, Kaspersky reported. Researchers from Kaspersky’s ICS CERT unit reported that threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks. The experts first observed the attacks in early 2020, while in early May, threat actors targeted organizations in Japan, Italy, Germany and the UK.

Phishing 145

Phishing Malware Advertising Encryption 145

WIRED Threat Level

MAY 23, 2020

The Unc0ver tool works on all versions of iOS from 11 to 13.5, the current release.

145

145

Tech Republic Security

MAY 27, 2020

An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States.

Phishing 208

Phishing 208

InfoWorld on Security

MAY 26, 2020

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

143

143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MAY 26, 2020

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. According to the Veracode’s annual State of Software Security report, 70 percent of mobile and desktop applications being used today have at least one security flaw that is the result of the use of an open-source library.

Software 145

Software Advertising Mobile Hacking 145

WIRED Threat Level

MAY 23, 2020

These built-in features definitely protect your data, but they can help keep your inbox tidy too.

139

139

Tech Republic Security

MAY 27, 2020

Attackers are increasingly hitting collaboration services such as Microsoft 365 to access cloud accounts with stolen credentials, says McAfee.

Accountability 197

Accountability 197

Dark Reading

MAY 26, 2020

Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your organization has fallen victim and is going to pay. Here's how to handle it.

Ransomware 135

Ransomware 135

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MAY 25, 2020

Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to have been hacked and their databases have been leaked online. Researchers from intelligence firm Cyble made the headlines again, this time they have discovered online the databases of three hacking forums. The three forums are Sinful Site , SUXX.TO and Nulled , they were all hacked. Databases of three #Hacking #Forums ( [link] , [link] , and [link] ) Got Breached.

Hacking 145

Hacking Data breaches Advertising Cybercrime 145

Daniel Miessler

MAY 25, 2020

THIS WEEK’S TOPICS: Twitter Bots, Face Recognition Headsets, Chrome Bug Memories, Virtual Currency, White House OPSEC, Realtime Language Translation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. Subscribe To Podcast. Show Notes.

Technology 130

Technology Information Security 130

Tech Republic Security

MAY 29, 2020

In the digital age, paper files--even those containing sensitive information--are not usually considered as high a security risk. Experts say that's a mistake.

Risk 194

Risk 194

WIRED Threat Level

MAY 23, 2020

Plus: An iOS leak, an EasyJet breach, and more of the week's top security news.

Scams 127

Scams Phishing 127

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity