Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.

Accountability 315

Accountability Authentication Passwords Hacking 315

Schneier on Security

SEPTEMBER 1, 2021

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they don’t require to victim to do anything, like click on a link or open a file. The victim receives a text message, and then they are hacked. More on this here.

Spyware 296

Spyware Manufacturing Government Hacking 296

Lohrman on Security

AUGUST 29, 2021

From cryptocurrency thefts to hacking bank accounts, SIM swapping is a growing threat online. Here are relevant definitions, real-world examples and tips to help stop cyber criminals.

Cyber threats 261

Cyber threats Cryptocurrency Banking Accountability 261

Anton on Security

AUGUST 30, 2021

As you are reading our recent paper “Autonomic Security Operations?—?10X Transformation of the Security Operations Center” , some of you may think “Hey, marketing inserted that 10X thing in there.” Well, 10X thinking is, in fact, an ancient tradition here at Google. We think that it is definitely possible to apply “10X thinking” to many areas of security (at the same link , they say that sometimes it is “easier to make something 10 times better than it is to make it 10 percent better” ).

Engineering 273

Engineering Marketing Education Threat Detection 273

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

SEPTEMBER 1, 2021

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two weeks ago, VIP72’s online storefront — which ironically enough has remained at the same U.S.-based Internet address for more than a decade — simply vanished.

Malware 305

Malware Cybercrime Internet Internet 305

Schneier on Security

AUGUST 30, 2021

Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.

Data breaches 312

Data breaches Cybersecurity 312

Bleeping Computer

SEPTEMBER 1, 2021

Juliana Barile, the former employee of a New York credit union, pleaded guilty to accessing the financial institution's computer systems without authorization and destroying over 21 gigabytes of data in revenge. [.].

145

145

Security Boulevard

AUGUST 31, 2021

Microsoft Windows 11 won’t auto-update on slightly old PCs. It appears this includes security updates. The post Windows 11 Security Scare—MS Nixes Fixes on Older PCs appeared first on Security Boulevard.

Social Engineering 145

Social Engineering Engineering Security Awareness Mobile 145

Schneier on Security

SEPTEMBER 3, 2021

Black Hat is a hacker-themed board game.

Hacking 287

Hacking 287

Tech Republic Security

AUGUST 31, 2021

Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passé, it's time to make the leap to better security.

Passwords 208

Passwords Marketing Authentication 208

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

CSO Magazine

AUGUST 30, 2021

Enterprise-class password managers have become one of the easiest and most cost-effective ways to help employees lock down their online accounts. Most of the options were originally designed for individual users. Your organizational needs will differ wildly from security-conscious personal users, but the good news is that the key password management players all have made their solutions suitable for the business world. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 s

Password Management 145

Password Management Passwords CSO Accountability 145

We Live Security

SEPTEMBER 3, 2021

Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure. The post A parent’s guide to smartphone security appeared first on WeLiveSecurity.

Education 144

Education Cybersecurity 144

Bleeping Computer

AUGUST 30, 2021

Single-factor authentication (SFA) has been added today by the US Cybersecurity and Infrastructure Security Agency (CISA) to a very short list of cybersecurity bad practices it advises against. [.].

Internet 144

Internet Internet Authentication Cybersecurity 144

Tech Republic Security

AUGUST 31, 2021

Identity and access management is pushing application security past single-factor authentication (a password) and even multi-factor authentication to a risk management model says Ping Identity CEO.

Passwords 197

Passwords Software Authentication Risk 197

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

SEPTEMBER 2, 2021

Cybersecurity has steadily crept up the agenda of governments across the globe. This has led to initiatives designed to address cybersecurity issues that threaten individuals and organizations. “Government-led cybersecurity initiatives are critical to addressing cybersecurity issues such as destructive attacks, massive data breaches, poor security posture, and attacks on critical infrastructure,” Steve Turner, security and risk analyst at Forrester, tells CSO.

Government 144

Government Cybersecurity CSO Data breaches 144

Security Affairs

AUGUST 29, 2021

So far, Konni RAT has managed to evade detection as only 3 security solutions on VirusTotal were able to detect the malware. Researchers from Malwarebytes Labs spotted an ongoing malware campaign that is targeing Russia with the Konni RAT. Security researchers at Malwarebytes Labs have uncovered an ongoing malware campaign that is mainly targeting Russia with the Konni RAT.

Malware 143

Malware Encryption Hacking Information Security 143

eSecurity Planet

SEPTEMBER 3, 2021

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses. According to a recent blog post from email security service provider Perception Point, the bad actors are sending phishing emails via the Salesforce email service by impersonating the Israel Postal Service in a campaign

Phishing 142

Phishing Architecture Education Marketing 142

Tech Republic Security

SEPTEMBER 3, 2021

Fail2ban should be on every one of your Linux servers. If you've yet to install it on either Rocky Linux or AlmaLinux, Jack Wallen is here to help you out with that.

193

193

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

SEPTEMBER 3, 2021

It’s a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to. If the mail ends up in the wild? They know there’s a good chance which service has suddenly experienced a breach.

Mobile 142

Mobile Accountability Passwords Social Engineering 142

Security Affairs

AUGUST 29, 2021

The Philippine human rights alliance Karapatan has suffered a massive and prolonged Distributed Denial of Service (DDoS) attack, Qurium organizations linked it to the local government. For the past three weeks, the Philippine human rights alliance Karapatan has suffered a heavy and sustained DDoS attack. The attack comes only a month after the waves of DDoS attacks targeting the alternative media outlets Bulatlat and Altermidya , which Qurium could link to infrastructure controlled by t

DDOS 141

DDOS Media Government Cyber Attacks 141

We Live Security

AUGUST 31, 2021

ESET's cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec's vaccine proof apps VaxiCode and VaxiCode Verif. The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity.

Cybersecurity 140

Cybersecurity 140

Tech Republic Security

AUGUST 31, 2021

Soft skills are just as important, if not more so, than technical skills in cybersecurity professionals. People with soft skills can be trained in tech skills, expert says.

Cybersecurity 173

Cybersecurity 173

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

SEPTEMBER 3, 2021

The FBI has issued a Private Industry Notification (PIN) about cybercriminal actors targeting the food and agriculture sector with ransomware attacks. Farms are literally the first step in one of the most important, if not the most important, supply chain in our economy: The food supply chain. As always, cybercriminals love the extra leverage that is provided by how important a target is.

Ransomware 141

Ransomware Manufacturing Passwords Internet 141

The Hacker News

SEPTEMBER 2, 2021

Microsoft's Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data. A key authentication technology that underpins Microsoft Active Directory is Kerberos.

Authentication 143

Authentication Technology 143

Security Boulevard

SEPTEMBER 1, 2021

The White House-hosted cybersecurity summit on August 25, 2021 was an opportunity for representatives from the private and public sectors to discuss how they can collaborate to address pressing information and computer security issues. Many of the leading technology companies, such as Amazon, Google, IBM and Microsoft, made commitments to expand cybersecurity funding and to.

Technology 138

Technology Cybersecurity CISO Security Awareness 138

Tech Republic Security

AUGUST 31, 2021

Docker announced a new subscription plan for enterprises and free access to Docker Desktop for personal use, educational institutions, non-commercial open-source projects and small businesses.

Small Business 162

Small Business Education 162

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

eSecurity Planet

SEPTEMBER 1, 2021

5G is on the cusp of widespread adoption. Consumers and organizations are enthused about the operational benefits of more robust mobile connectivity, but the shift to 5G networks doesn’t come without risks. Service providers and 5G-enabled device manufacturers both have critical roles to play in the success and sustainability of this wireless network rollout.

Risk 137

Risk Cybersecurity IoT Wireless 137

SecureList

SEPTEMBER 2, 2021

Main description. QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in the wild in 2007 and since then it has been continually maintained and developed. In recent years, QakBot has become one of the leading banking Trojans around the globe. Its main purpose is to steal banking credentials (e.g., logins, passwords, etc.), though it has also acquired functionality allowing it to spy on financial operations, spread itself, and

Passwords 136

Passwords Encryption Banking Malware 136

Security Boulevard

AUGUST 30, 2021

When access to software-as-a-service (SaaS) data goes unmanaged, the likelihood of both insider and external threats increases. That’s why a new report from DoControl Inc. is so troubling. After assessing companies with an average of 1,000 employees and data stores with between 500,000 to 10 million assets, the SaaS company found that 40% of all. The post Unmanaged SaaS Data Brings Supply Chain Risks appeared first on Security Boulevard.

Risk 137

Risk Software Data breaches Security Awareness 137

Tech Republic Security

AUGUST 31, 2021

Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.

Passwords 159

Passwords Software 159

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity