Sat.Jul 11, 2020 - Fri.Jul 17, 2020

article thumbnail

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Hacking 354
article thumbnail

Enigma Machine for Sale

Schneier on Security

A four-rotor Enigma machine -- with rotors -- is up for auction.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Data breaches decline 33% in the first half of 2020

Tech Republic Security

The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.

article thumbnail

Weekly Update 200

Troy Hunt

I made it to 200! And look at that picture quality too ?? I'm streaming in 1080p rather than 4K and that's absolutely fine for content like this. I've finally gotten on top of the camera setup and the Elgato HDMI dongle to allow the camera to be seen as a webcam over HDMI. I really want to write this up in detail for next week's update because with the new PC as well, I'm super happy with how this all works together.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone.

DNS 300
article thumbnail

NSA on Securing VPNs

Schneier on Security

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network administrators should perform the following tasks on a regular basis: Reduce the VPN gateway attack surface Verify that cryptographic algori

VPN 218

More Trending

article thumbnail

MGM Data Breach Ten Times Larger Than Initially Reported

Adam Levin

The discovery of a database for sale on the dark web suggests the 2019 data breach of MGM Resorts was significantly larger than initially reported. Access to the database was made available on a dark web cybercrime marketplace for roughly $3,000. It contains the personal information of more than 142 million guests of MGM hotels, according to technology reporting site ZDNet.

article thumbnail

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

WIRED Threat Level

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting.

Hacking 145
article thumbnail

Twitter Hackers May Have Bribed an Insider

Schneier on Security

Motherboard is reporting that this week's Twitter hack involved a bribed insider. Twitter has denied it. I have been taking press calls all day about this. And while I know everyone wants to speculate about the details of the hack, we just don't know -- and probably won't for a couple of weeks.

Hacking 206
article thumbnail

Watch out for these subject lines in email phishing attacks

Tech Republic Security

Campaigns exploiting COVID-19 remained popular last quarter, but cybercriminals also relied on tried and true subjects, says KnowBe4.

Phishing 212
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Joe Biden, Bill Gates, Barack Obama All Hacked in Twitter Compromise

Adam Levin

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. Most of the messages requested a transfer of Bitcoin with a promise of doubling all payments made within 30 minutes of posting.

Hacking 167
article thumbnail

Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

Security Affairs

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link]. I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun. “We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers&#

article thumbnail

A Peek into the Fake Review Marketplace

Schneier on Security

A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist.

article thumbnail

CISOs discuss cybersecurity in the COVID-19 environment

Tech Republic Security

A digital panel discussion sponsored by MIT's Sloan CIO Digital Learning Series covered a range of topics from protecting remote workers to phishing to how to manage risk.

CISO 211
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How Two-Factor Authentication Keeps Your Accounts Safe

WIRED Threat Level

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier.

article thumbnail

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@Au

Mobile 145
article thumbnail

Twitter Hack Update: What We Know (and What We Don’t)

Threatpost

With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.

Hacking 136
article thumbnail

Microsoft patches critical 17-year-old DNS bug in Windows Server

Tech Republic Security

The bug has been deemed "wormable," which means a single exploit could spread from one unpatched server to another.

DNS 207
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Does TikTok Really Pose a Risk to US National Security?

WIRED Threat Level

Concerns about the Chinese government shouldn't be dismissed, experts say. But banning TikTok would be a drastic measure.

Risk 144
article thumbnail

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. A credible actor is selling details of 142 million MGM hotel guests on the dark web , the news was reported in exclusive by ZDNet.

article thumbnail

Amazon-Themed Phishing Campaigns Swim Past Security Checks

Threatpost

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

Phishing 134
article thumbnail

Ransomware accounts for a third of all cyberattacks against organizations

Tech Republic Security

Government agencies were most heavily hit by ransomware during the first quarter, says Positive Technologies.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

A New Map Shows the Inescapable Creep of Surveillance

WIRED Threat Level

The Atlas of Surveillance shows which tech law enforcement agencies across the country have acquired. It's a sobering look at the present-day panopticon.

article thumbnail

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France. The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity.

article thumbnail

Joe Biden, Bill Gates, Barack Obama Hacked in Twitter Compromise

Adam Levin

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. Most of the messages requested a transfer of Bitcoin with a promise of doubling all payments made within 30 minutes of posting.

Hacking 130
article thumbnail

Phishing: Email fraudsters are impersonating colleagues, customers, and vendors, report says

Tech Republic Security

Nearly a third of professionals said they have to remediate email-based attacks every day, GreatHorn found.

Phishing 207
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

‘DDoS-For-Hire’ Is Fueling a New Wave of Attacks

WIRED Threat Level

Turf wars are heating up over the routers that fuel distributed denial of service attacks—and cybermercenaries are running rampant.

DDOS 140
article thumbnail

Personal details and SSNs of 40,000 US citizens available for sale

Security Affairs

Security experts at threat intelligence firm Cyble have identified a credible actor selling personal details of approximately 40,000 US citizens. Security experts at threat intelligence firm Cyble Experts have discovered the availability on the darkweb of personal details of approximately 40,000 US citizens along with their social security numbers (SSNs).

article thumbnail

COVID-19 Crisis Survival Kit

Jane Frankland

COVID-19 has spread around the world at lightning speed since it emerged at the tail end of 2019 in Wuhan, China. Due to the pandemic, and the impact it’s having on businesses, last week I offered a free, online masterclass for entrepreneurs. I wanted to teach them how to deal constructively with a crisis and how to build their resilience. Having had over twenty-two years of business experience, including business turnaround and recovery, I wanted to ensure other entrepreneurs could move forward

article thumbnail

Demand for video surveillance cameras expected to skyrocket

Tech Republic Security

Video cameras can be used in a variety of situations beyond simple surveillance, says research firm IDC.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!