Sat.Jul 11, 2020 - Fri.Jul 17, 2020

article thumbnail

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Hacking 352
article thumbnail

MGM Data Breach Ten Times Larger Than Initially Reported

Adam Levin

The discovery of a database for sale on the dark web suggests the 2019 data breach of MGM Resorts was significantly larger than initially reported. Access to the database was made available on a dark web cybercrime marketplace for roughly $3,000. It contains the personal information of more than 142 million guests of MGM hotels, according to technology reporting site ZDNet.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NSA on Securing VPNs

Schneier on Security

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network administrators should perform the following tasks on a regular basis: Reduce the VPN gateway attack surface Verify that cryptographic algori

VPN 278
article thumbnail

Weekly Update 200

Troy Hunt

I made it to 200! And look at that picture quality too ?? I'm streaming in 1080p rather than 4K and that's absolutely fine for content like this. I've finally gotten on top of the camera setup and the Elgato HDMI dongle to allow the camera to be seen as a webcam over HDMI. I really want to write this up in detail for next week's update because with the new PC as well, I'm super happy with how this all works together.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone.

DNS 295
article thumbnail

CISOs discuss cybersecurity in the COVID-19 environment

Tech Republic Security

A digital panel discussion sponsored by MIT's Sloan CIO Digital Learning Series covered a range of topics from protecting remote workers to phishing to how to manage risk.

CISO 203

More Trending

article thumbnail

Joe Biden, Bill Gates, Barack Obama All Hacked in Twitter Compromise

Adam Levin

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. Most of the messages requested a transfer of Bitcoin with a promise of doubling all payments made within 30 minutes of posting.

Hacking 167
article thumbnail

COVID-19 Crisis Survival Kit

Jane Frankland

COVID-19 has spread around the world at lightning speed since it emerged at the tail end of 2019 in Wuhan, China. Due to the pandemic, and the impact it’s having on businesses, last week I offered a free, online masterclass for entrepreneurs. I wanted to teach them how to deal constructively with a crisis and how to build their resilience. Having had over twenty-two years of business experience, including business turnaround and recovery, I wanted to ensure other entrepreneurs could move forward

article thumbnail

Watch out for these subject lines in email phishing attacks

Tech Republic Security

Campaigns exploiting COVID-19 remained popular last quarter, but cybercriminals also relied on tried and true subjects, says KnowBe4.

Phishing 211
article thumbnail

A Peek into the Fake Review Marketplace

Schneier on Security

A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Joe Biden, Bill Gates, Barack Obama Hacked in Twitter Compromise

Adam Levin

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. Most of the messages requested a transfer of Bitcoin with a promise of doubling all payments made within 30 minutes of posting.

Hacking 130
article thumbnail

Unsupervised Learning: No. 237

Daniel Miessler

THIS WEEK’S TOPICS: Americans in China, TikTok Banning, Chinese Critics, BlueLeaks, Router Security, COVID Accelerating Trends, Twitter Subscriptions?, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

article thumbnail

Cybercriminals disguising as top streaming services to spread malware

Tech Republic Security

Malicious actors are posing as Netflix, Hulu, and more, to launch phishing attacks, steal passwords, launch spam, and distribute viruses.

Malware 206
article thumbnail

Enigma Machine for Sale

Schneier on Security

A four-rotor Enigma machine -- with rotors -- is up for auction.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Amicus Brief on CFAA

Adam Shostack

The EFF has filed an amicus brief on the Computer Fraud and Abuse Act: Washington, D.C.—The Electronic Frontier Foundation (EFF) and leading cybersecurity experts today urged the Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA)—and protect the security research we all rely on to keep us safe—by holding that accessing computers in ways that violate terms of service (TOS) does not violate the law.

article thumbnail

Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

Security Affairs

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link]. I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun. “We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers&#

article thumbnail

How to install Malware Information Sharing Platform on Ubuntu Server 18.04

Tech Republic Security

If you're looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool.

Malware 174
article thumbnail

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

WIRED Threat Level

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting.

Hacking 145
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Twitter Hack Update: What We Know (and What We Don’t)

Threatpost

With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.

Hacking 136
article thumbnail

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@Au

Mobile 145
article thumbnail

Data breaches decline 33% in the first half of 2020

Tech Republic Security

The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.

article thumbnail

Software Engineering Radio

Adam Shostack

I enjoyed being a guest on Software Engineering Radio: Adam Shostack on Threat Modeling. It’s a substantial, in depth interview, running nearly 80 minutes, and covering a wide variety of topics.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

9 Myths Busted About Having a Career in Cybersecurity [Women Don’t Read]

Jane Frankland

Last year, the world’s largest non-profit membership association of certified cybersecurity professionals, (ISC)², announced the findings of its Cybersecurity Workforce Study. For the first time, they estimated that the cybersecurity workforce was almost 3 million, and a growth of 145% (just over 4 million) was needed to close the skills gap and better defend organisations worldwide.

article thumbnail

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. A credible actor is selling details of 142 million MGM hotel guests on the dark web , the news was reported in exclusive by ZDNet.

article thumbnail

Microsoft patches critical 17-year-old DNS bug in Windows Server

Tech Republic Security

The bug has been deemed "wormable," which means a single exploit could spread from one unpatched server to another.

DNS 203
article thumbnail

How Two-Factor Authentication Keeps Your Accounts Safe

WIRED Threat Level

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Amazon-Themed Phishing Campaigns Swim Past Security Checks

Threatpost

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

Phishing 134
article thumbnail

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France. The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity.

article thumbnail

Twitter accounts of Elon Musk, Bill Gates and others hijacked to promote crypto scam

Tech Republic Security

The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address.

Scams 171
article thumbnail

A New Map Shows the Inescapable Creep of Surveillance

WIRED Threat Level

The Atlas of Surveillance shows which tech law enforcement agencies across the country have acquired. It's a sobering look at the present-day panopticon.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.