Troy Hunt

OCTOBER 28, 2020

Been a lot of "victim blaming" going on these last few days. The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty. Here's where it all started: This is a great example of how bad people are at reading and understanding even the domain part of the URL then making decisions based on that which affect their security and privacy (see the answer under the pol

Phishing 361

Phishing Password Management Passwords Internet 361

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.

Hacking 357

Hacking Ransomware Banking Accountability 357

Schneier on Security

OCTOBER 27, 2020

Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names. We’ve long known that redacting is hard in the modern age, but most of the failures to date have been a result of not realizing that covering digital text with a black bar doesn’t always remove the text from the underlying digital file.

Engineering 345

Engineering 345

Javvad Malik

OCTOBER 29, 2020

There’s often a lot of debate as to what the best security or hacking movie is. Many people talk about Hackers, or Sneakers, or try and slip Mr Robot into the mix. But they are all way way waaaaay off the mark. I was reminded of this by Phil Cracknell who posted on linkedin that in his opinion the Kevin Costner, Whitney Houston classic, Bodyguard was the best infosec movie.

CISO 246

CISO InfoSec Banking Technology 246

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

OCTOBER 29, 2020

Almost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You Can't Remember. I had come to the realisation that I simply had too many accounts across too many systems to ever have any chance of creating decent unique passwords I could remember. So, I set out to find a password manager and 10 Christmas holidays ago now, I spent the best 50 bucks ever: I choose 1Password way back then and without a shadow of a doubt, it has b

Password Management 343

Password Management Passwords Software Accountability 343

Krebs on Security

OCTOBER 26, 2020

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney , Hulu and Netflix to prevent their content from being pirated. The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for low-quality video and audio streams only.

Software 289

Software Technology Mobile Media 289

Daniel Miessler

OCTOBER 28, 2020

I have an unpopular opinion about the security conference scene. Basically, it’s the opposite of what John Strand said here: Can we all agree that pre-recorded Conference talks are horrible? I mean… Why? — strandjs (@strandjs) October 28, 2020. I see this sentiment a lot from a lot of people in infosec, and I think I’ve figured it out.

InfoSec 229

InfoSec Education Information Security 229

Troy Hunt

OCTOBER 30, 2020

It was a bit of a slow start this week. "Plan A" was to use the new GoPro with the Media Mod (including light and lapel mic) and do an outdoor session. This should really be much easier than it was with multiple issues ranging from connectivity drops to audio sync to simply not having a GoPro to tripod adaptor. I'll need to get on top of that before my big Xmas holiday trip and none of these are insurmountable problems, but this stuff should be easy!

Media 239

Media Passwords 239

Krebs on Security

OCTOBER 28, 2020

On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime t

Ransomware 278

Ransomware Healthcare Computers and Electronics Cybercrime 278

Schneier on Security

OCTOBER 29, 2020

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users: I found out that I can visit Waze from any web browser at waze.com/livemap so I decided to check how are those driver icons implemented. What I found is that I can ask Waze API for data on a location by sending my latitude and longitude coordinates. Except the essential traffic information, Waze also sends me coordinates of other drivers who are nearby.

266

266

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

OCTOBER 29, 2020

One policy expert says cybersecurity measures should be an expected item that comes with every purchase, like the safety measures in your car.

Government 216

Government Cybersecurity 216

Security Affairs

OCTOBER 24, 2020

Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams. Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a phishing campaign that pretends to be automated message from Microsoft Teams. The bait message uses fake notifications of a “missed chat” from Microsoft Teams, the campaigns aims at stealing Office 365 recipients’ login credentials.

Phishing 145

Phishing Advertising Passwords Hacking 145

Adam Levin

OCTOBER 28, 2020

An immigration law firm confirmed a data breach that may have compromised the personal information of current and former Google employees. Fragomen, Del Rey, Bernsen & Loewy, a New-York based law firm specializing in work permit and work authorization services that has contacted an undisclosed number of Google employees informing them of the breach.

Data breaches 114

Data breaches Identity Theft Technology 114

Javvad Malik

OCTOBER 26, 2020

I just took a photo of my scribblings on my whiteboard. The automation workflow will trigger that photo to be uploaded with that relevant project. Technology is but a mere extension of me. As I sit down, I recall a time, probably around 2006 because it was before the iPhone came out and only important people had Blackberry’s which they could use to send and receive emails on.

Technology 100

Technology 100

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 27, 2020

For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.

Data privacy 203

Data privacy 203

Security Affairs

OCTOBER 29, 2020

FBI and the DHS’s CISA agencies published a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia. The FBI, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) has issued a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia.

Healthcare 145

Healthcare Ransomware Cybercrime Advertising 145

Dark Reading

OCTOBER 28, 2020

Third-party Web trackers might be following your website visitors' every step. How can new tools like Blacklight help you stop them in their tracks?

135

135

Threatpost

OCTOBER 30, 2020

Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend before the presidential election -- and they also highlight the positives.

Mobile 114

Mobile Government Ransomware Malware 114

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

OCTOBER 28, 2020

Wandera finds malicious network traffic and configuration vulnerabilities on mobile devices as popular entry points for cybercriminals.

Healthcare 218

Healthcare Mobile Risk Cybersecurity 218

Security Affairs

OCTOBER 30, 2020

Google researchers disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. Security researchers from Google have disclosed a zero-day vulnerability in the Windows operating system, tracked as CVE-2020-17087, that is currently under active exploitation. Ben Hawkes, team lead for Google Project Zero team, revealed on Twitter that the vulnerability was chained with another Chrome zero-day flaw, tracked as CVE-2020-15999 , that Google re

Advertising 145

Advertising Hacking Information Security Malware 145

Dark Reading

OCTOBER 27, 2020

More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.

Firewall 134

Firewall Technology 134

WIRED Threat Level

OCTOBER 30, 2020

On the battlefield, any doorway can be a death trap. A special ops vet, and his businessman brother, have built an AI to solve that problem.

127

127

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

OCTOBER 29, 2020

BEC campaigns continue to shift their targets from C-suite executives and finance employees to group mailboxes, says Abnormal Security.

186

186

Security Affairs

OCTOBER 30, 2020

Microsoft researchers are warning that threat actors are continuing to actively exploit the ZeroLogon vulnerability in attacks in the wild. Microsoft is warning that threat actors are actively exploiting the ZeroLogon vulnerability in the Netlogon Remote Protocol. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it re

Authentication 144

Authentication Advertising Architecture Cybercrime 144

Dark Reading

OCTOBER 30, 2020

Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.

Phishing 134

Phishing 134

Threatpost

OCTOBER 29, 2020

Amid an uptick in attacks on healthcare orgs, malware families, Kegtap, Singlemalt and Winekey are being used to deliver the Ryuk ransomware to already strained systems.

Malware 114

Malware Ransomware Healthcare Phishing 114

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

OCTOBER 30, 2020

According to Amazon, Nitro Enclaves will help customers reduce attack surfaces for their applications by providing a highly isolated and hardened environment for data processing.

149

149

Security Affairs

OCTOBER 30, 2020

Experts uncovered a new watering hole attack, dubbed Operation Earth Kitsune , targeting the Korean diaspora that exploits flaws in web browsers. Researchers at Trend Micro have disclosed details about a new watering hole campaign, dubbed Operation Earth Kitsune , targeting the Korean diaspora that exploits flaws in web browsers such as Google Chrome and Internet Explorer to deploy backdoors.

Advertising 144

Advertising Malware Spyware Internet 144

Dark Reading

OCTOBER 26, 2020

An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.

140

140

CompTIA on Cybersecurity

OCTOBER 28, 2020

Learn how the specific skills covered in CompTIA PenTest+ translate into actual on-the-job responsibilities and how you can earn that promotion.

121

121

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity