Krebs on Security

APRIL 10, 2020

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return.

Computers and Electronics 336

Computers and Electronics Banking Accountability Scams 336

Troy Hunt

APRIL 6, 2020

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog.

Advertising 295

Advertising VPN Internet Internet 295

The Last Watchdog

APRIL 7, 2020

Application programming interface. API. It’s the glue holding digital transformation together. Related: A primer on ‘credential stuffing’ APIs are the conduits for moving data to-and-fro in our digitally transformed world. APIs are literally everywhere in the digital landscape, and more are being created every minute. APIs connect the coding that enables the creation and implementation of new applications.

Mobile 266

Mobile Digital transformation Scams Accountability 266

Schneier on Security

APRIL 9, 2020

A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as " namespace collision ," a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. Windows computers on an internal corporate network validate other things on that network using a Microsoft innovation called Active Directory , which is th

DNS 361

DNS Wireless Internet Internet 361

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

APRIL 7, 2020

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe.

DNS 326

DNS Wireless Risk Passwords 326

Troy Hunt

APRIL 10, 2020

Somehow this week's update ended up being 55 minutes, largely because of playing with a bunch of the new network gear and unboxing a pretty snazzy looking rack from 4Cabling. I get through with that then sit by the pool for the rest of this week's update. (And yes, I shaved!) Incidentally, there's some audio clipping occurring after I sit by the pool.

Passwords 263

Passwords 263

Schneier on Security

APRIL 8, 2020

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz): RSA-250 sieving: 2450 physical core-years. RSA-250 matrix: 250 physical core-years. The computation involved tens of thousands of machines worldwide, and was completed in a few months.

Software 359

Software Encryption 359

Adam Levin

APRIL 6, 2020

Marriott International announced a data breach that may have exposed the information of 5.2 million guests. Among the information potentially compromised are names, birthdates, mailing addresses, phone numbers, email addresses, and birthdates. This is the second major data breach that Marriott has experienced in recent years; in 2018, the company announced that the information of 327 million customers of subsidiary Starwoodhad been compromised in a similar incident. .

Data breaches 187

Data breaches Financial Services Passwords Insurance 187

The Last Watchdog

APRIL 9, 2020

There’s no stopping the Internet of Things now. Related: The promise, pitfalls of IoT Companies have commenced the dispersal of IoT systems far and wide. Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. And fantastic new IoT-enabled services will spew out of the other end.

Internet 195

Internet Internet IoT Technology 195

Tech Republic Security

APRIL 7, 2020

Phishing is the leading threat exploiting COVID-19, followed by malicious websites, according to a survey of IT professionals from Check Point.

Phishing 200

Phishing 200

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

APRIL 7, 2020

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Cybersecurity 320

Cybersecurity VPN Scams Phishing 320

Adam Levin

APRIL 10, 2020

Businesses across the country have had to adjust to their employees working from home. For many it was a last-minute scramble to adjust to what has become “the new normal” in the face of the coronavirus pandemic. As businesses and their employees settle into what could be for many a span of several weeks or months with a mandatory or recommended work from home order, organizations large and small face a potential company-killer: their surface of potentially vulnerable technology gre

Cybersecurity 130

Cybersecurity Data breaches Phishing Technology 130

The Last Watchdog

APRIL 6, 2020

Cyber criminals who specialize in plundering local governments and school districts are in their heyday. Related : How ransomware became a scourge Ransomware attacks and email fraud have spiked to record levels across the U.S. in each of the past three years, and a disproportionate number of the hardest hit organizations were local public agencies. Lucy Security, a security training company based in Zug, Switzerland that works with many smaller public entities, has been in the thick of this onsl

Scams 147

Scams Social Engineering Ransomware Engineering 147

Tech Republic Security

APRIL 8, 2020

Cybercriminals are already looking for ways to steal government assistance designed to help those struggling because of the COVID-19 pandemic.

Scams 191

Scams Cybersecurity Government 191

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

APRIL 10, 2020

Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system.

Cybersecurity 318

Cybersecurity 318

Adam Levin

APRIL 8, 2020

In the latest episode of Third Certainty, Adam Levin explains the danger of voice deepfakes. The post Beware Voice Deepfakes: Third Certainty #16 appeared first on Adam Levin.

Technology 130

Technology 130

Daniel Miessler

APRIL 6, 2020

THIS WEEK’S TOPICS: Coronavirus unemployment rate, 2 million guns, UK 5G attacks, German Antibodies, Zoom Drama, New Cloudflare Servers, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Tech Republic Security

APRIL 8, 2020

IntSights researchers surveyed the cyberthreat landscape, finding a wide variety of coronavirus-themed phishing lures, malware infections, network intrusions, scams, and disinformation campaigns.

Scams 168

Scams Phishing Malware 168

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Schneier on Security

APRIL 6, 2020

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam -- a fake name Microsoft gave the victim in their case study -- five days after the employee's user credentials were exfiltrated to the attacker's command and control (C&C) server.

Malware 284

Malware Phishing Authentication Internet 284

Security Affairs

APRIL 8, 2020

This week, NASA sent out a memo to its personnel warning of a significant increase in the cyberattacks during the Coronavirus outbreak. NASA sent out a memo to its personnel warning of a significant increase in cyberattacks on the agency while its employees are in smart-working due to the Coronavirus outbreak. According to the Agency, roughly 75 percent of its employees are currently working from home.

Cyber Attacks 145

Cyber Attacks Computers and Electronics VPN Phishing 145

WIRED Threat Level

APRIL 10, 2020

The tech giants have teamed up to use a Bluetooth-based framework to keep track of the spread of infections without compromising location privacy.

137

137

Tech Republic Security

APRIL 8, 2020

Bitdefender warns against this dangerous new IoT "dark_nexus" attack that is innovative and cheap for attackers to acquire.

IoT 194

IoT 194

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

APRIL 10, 2020

Apple and Google announced that decentralized Bluetooth technology will soon be rolled out for coronavirus contact tracing. The privacy implications are worrisome for some.

Technology 124

Technology Data privacy Mobile 124

Security Affairs

APRIL 10, 2020

VMware has addressed a critical information disclosure vulnerability related to the Directory Service that can be exploited to compromise vCenter Server. VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service ( vmdir ) for authentication.

Hacking 144

Hacking Advertising Authentication Information Security 144

Dark Reading

APRIL 10, 2020

Identifying normal behavior baselines is essential to behavior-based authentication. However, with COVID-19 upending all aspects of life, is it possible to build baselines and measure normal patterns when nothing at all seems normal?

Authentication 118

Authentication 118

Tech Republic Security

APRIL 9, 2020

Zoom's security woes have led to a number of organizations, companies, and schools banning or restricting its use, with some recommending alternatives such as Microsoft Teams.

157

157

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Threatpost

APRIL 9, 2020

Emails purporting to be a Cisco "critical security advisory" are actually part of a phishing campaign trying to steal victims' Webex credentials.

Phishing 136

Phishing 136

Security Affairs

APRIL 10, 2020

Sophos announced the public release of the source code of the sandbox-based isolation program Sandboxie. Sophos is going to release the Windows sandbox-based isolation program Sandboxie in open source. “Sandboxie has long been a favorite sandbox-based isolation tool since its original release over fifteen years ago. Now this technology will live on in the hands of its dedicated users.” Sophos Director of Product Marketing Seth Geftic said. “We are thrilled to give the code to

Advertising 143

Advertising Malware Marketing Technology 143

Dark Reading

APRIL 9, 2020

How the hacker mindset and skill set could play a role in improving and securing societal systems, according to renowned security technologist Bruce Schneier.

Hacking 123

Hacking 123

Tech Republic Security

APRIL 9, 2020

The road to secure containers is long and winding. One stop you should take on that journey is unloading unnecessary kernel modules in your Linux containers.

167

167

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk