Schneier on Security

APRIL 13, 2020

Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you've been in contact with. (Note that some of his comments are UK-specific.). First, it isn't anonymous. They then call your contacts in turn.

363

363

Krebs on Security

JUNE 20, 2022

See if you can tell from the store owner’s message what happened. Visit any random fast-casual dining establishment and there’s a good chance you’ll see a sign somewhere from the management telling customers their next meal is free if they don’t receive a receipt with their food.

Scams 327

Scams Media 327

Troy Hunt

MARCH 18, 2024

AT&T's position on this is pretty simple: AT&T continues to tell BleepingComputer today that they still see no evidence of a breach in their systems and still believe that this data did not originate from them. It is undoubtedly in the hands of thousands of internet randos. For my part, I've got 4.8M And the data is real.

Data breaches 347

Data breaches Encryption Identity Theft InfoSec 347

Malwarebytes

JULY 3, 2023

The fraudsters pretended to be police officers or impersonated other official authorities, calling targets to tell them one of their relatives had caused something like a car accident which resulted in injuries or the death of someone else. If you receive a call like this, hang up immediately and tell the police.

Scams 80

Scams Ransomware Risk 80

CSO Magazine

MARCH 30, 2022

This longstanding, fundamental element of security continues to cause headaches for security leaders seeking to identify and authorize users and devices often spread across different states, borders, and time zones. Authentication remains one of the most painstaking challenges faced by CISOs in organizations large and small.

Authentication 107

Authentication CISO CSO Passwords 107

InfoWorld on Security

AUGUST 10, 2021

I’ve spoken to hundreds of development teams, and most of them still build authorization by hand, ad-hoc, and without a plan. That’s natural—no one has yet developed a “Stripe” or “Twilio” for authorization that solves programmers’ problems. And in this post I’m going to tell you why. The great unbundling.

Software 98

Software 98

Krebs on Security

NOVEMBER 3, 2020

“The call was a ‘swatting’ attack, a criminal harassment tactic in which a person places a false call to authorities that will trigger a police or special weapons and tactics (SWAT) team response — thereby causing a life-threatening situation.” Attorney’s Office for the District of Maryland.

Scams 302

Scams Wireless Identity Theft Mobile 302

Krebs on Security

AUGUST 14, 2020

Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray. “The phishing emails the authors use are well-crafted,” Trend Micro wrote. Defray was first spotted in 2017, and its purveyors have a history of specifically targeting companies in the healthcare space.

Ransomware 361

Ransomware Healthcare Insurance Phishing 361

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

Malwarebytes

JANUARY 31, 2024

Italy’s Data Protection Authority (GPDP) has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. Time will tell. OpenAI has 30 days to respond with a defense. The GPDP started an investigation into data privacy violations.

Artificial Intelligence 112

Artificial Intelligence Data privacy Marketing Internet 112

Krebs on Security

OCTOBER 18, 2022

Over the past several months, authorities in multiple U.S. When a participant uses a SNAP payment card at an authorized retail store, their SNAP EBT account is debited to reimburse the store for food that was purchased. Skimming gear seized from three suspects arrested by Sacramento authorities in September.

Retail 240

Retail Banking Accountability Technology 240

Adam Shostack

AUGUST 21, 2019

Author Marko Kloos talks about Life after FaceTwitStagram : “And I have to tell you that the absence of social media has had a major positive effect in my life…It’s strange how the first few days after social media feel like kicking an addiction.” ”

Media 113

Media Authentication Malware Personal Security 113

Security Boulevard

MAY 17, 2023

In Privacy in the Age of Big Data, Theresa Payton and Ted Claypool tell us just how ubiquitous current threats to privacy are (which both the lay reader and security professionals will find disturbing). Using real-life stories of privacy gone wrong, the authors make the reader want to protest, though, rather than put on a tinfoil hat.

Big data 52

Big data 52

Security Boulevard

SEPTEMBER 23, 2022

authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, "America is looking for me because I have enormous information and they need it.". The post Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

52

52

Adam Shostack

APRIL 5, 2019

Recommended despite the writing being somewhat rocky and uneven – these are hard topics and I do not envy the author’s task of making an accessible and interesting read. The Queens of Innis Lear , by Tessa Gratton is a re-telling of Lear from the perspective of his daughters. Hugo nominated).

Marketing 150

Marketing Internet Internet Software 150

Joseph Steinberg

OCTOBER 6, 2022

According to prosecutors, Sullivan broke multiple laws when he failed to disclose the subsequent breach to government regulators; a federal jury in San Francisco consisting of six women and six men yesterday convicted him of two crimes: obstructing the FTC’s investigation and acting to conceal a felony from authorities. Stephanie M.

CISO 247

CISO Artificial Intelligence Data breaches Cybersecurity 247

Security Affairs

MARCH 14, 2024

By using plugins, users authorize ChatGPT to transmit sensitive data to third-party services. “Attacker can write his own plugin, which tells ChatGPT to forward almost any Chat data to this plugin, and then by exploiting a vulnerability in ChatGPT, he can install this malicious plugin on a victim account.”

Accountability 128

Accountability Authentication Passwords Hacking 128

Krebs on Security

FEBRUARY 19, 2021

Unlike most skimmers — which can be detected by looking for out-of-place components attached to the exterior of a compromised cash machine — these skimmers were hooked to the internal electronics of ATMs operated by Intacash’s competitors by authorized personnel who’d reportedly been bribed or coerced by the gang. Close everything.

Banking 292

Banking Accountability Cybercrime Mobile 292

Krebs on Security

SEPTEMBER 24, 2022

authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.” The Bulgarian news outlet 24Chasa.bg

Cybercrime 205

Cybercrime Data breaches Malware Ransomware 205

Security Boulevard

OCTOBER 18, 2021

He’s had the internet since 1995, but didn’t start spending so much time on it until he retired from his position as chief helicopter pilot of the Port Authority New York/New Jersey in 2002. “It It keeps my mind busy,” McGowan tells Avast. “It It keeps me from getting bored.”.

Internet 52

Internet Internet Network Security 52

Security Boulevard

AUGUST 12, 2022

Not an automated process, not something ML can do, regardless of what vendor xyz tells you. What does the current security environment tell you an attacker would do that's already inside your network? Phil Hagen, author). No Big Red Easy button. Not something that can be automated. Need analysts, trained analysts.

Engineering 52

Engineering Information Security Network Security 52

Security Through Education

MARCH 22, 2023

He soon realized that when he impersonated doctors and pilots, people viewed him as someone with authority and would rarely question him if at all. Con artists play on our own unconscious bias that people in authority are trustworthy. If you’re on the phone, they might tell you not to hang up so you can’t check out their story.

Scams 122

Scams Social Engineering Engineering Media 122

Joseph Steinberg

JANUARY 26, 2022

The criminal tells you the reason that they are contacting you – and the reason sounds totally legitimate – but, they go on and tell you that for security reasons, before they speak with you further, they want to verify that you are who you claim to be, and that the phone number that you gave them is really yours.

Scams 316

Scams Authentication Accountability Artificial Intelligence 316

The Last Watchdog

JANUARY 18, 2022

All information either stolen or taken from a system without the authorization of the platform’s owner (in other words, proactively hacked or scrapped) is considered a data breach. It will also tell you what to do if you find yourself in that situation. Data associations to specific breach instances are only stipulated.

Data breaches 279

Data breaches VPN Internet Internet 279

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” Further reading: uAdmin Show & Tell.

Phishing 271

Phishing Scams Banking Mobile 271

Krebs on Security

NOVEMBER 13, 2021

According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities. The phony message sent late Thursday evening via the FBI’s email system. Image: Spamhaus.org.

Internet 363

Internet Internet Hacking Accountability 363

Malwarebytes

APRIL 28, 2022

Some ransomware authors seem to be further whittling down their tenuous “circle of trust” style agreement with victims even further. The message is loud and clear: ransomware authors simply don’t care about playing “fair” anymore. The ransomware in question overwrites files larger than just 2MB.

Ransomware 97

Ransomware Encryption 97

Security Affairs

JANUARY 22, 2024

As Cert-AgiD ( [link] ) has also recently put the spotlight on this issue, I take this opportunity to tell you about the “My Slice” campaign which I have personally taken over. “My He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”.

Phishing 107

Phishing Education Social Engineering Media 107

Malwarebytes

MAY 30, 2022

The phishing emails tell recipients that their account has been put on hold, and try to trick users into “validating their account” to release it again. Intuit wants you to know that “the sender is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit.”

Phishing 130

Phishing Accountability Small Business Malware 130

Krebs on Security

JUNE 3, 2020

billion and enjoyed the protection of top Mexican authorities. Tudor claims he’s an innocent, legitimate businessman who’s been harassed and robbed by Mexican authorities. The Shark: Tell them that I am going to kill them. Close everything. Marcu: Okay, I can kill them. Any time, any hour. Even at banks.

Banking 352

Banking Mobile Advertising Marketing 352

Security Affairs

DECEMBER 2, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ransomware 96

Ransomware Hacking Spyware Cybercrime 96

Security Affairs

DECEMBER 19, 2019

” Authorities recommend travelers to avoid using free or untrusted WiFi networks to access sensitive information, such as financial or medical data. The authorities recommend the use of phone’s mobile data connection rather than connecting devices untrusted or Free WiFi networks. ” continues the FBI.

Wireless 73

Wireless Advertising Passwords Banking 73

Krebs on Security

SEPTEMBER 9, 2022

states now have designated safe trading stations — mostly at local police departments — which ensure that all transactions are handled in plain view of both the authorities and security cameras. Nearly all U.S. Email the ID information to a friend, or to someone trusted (not to yourself). Always make sure they are escorted.

Internet 290

Internet Internet Banking Surveillance 290

Security Affairs

NOVEMBER 13, 2021

The message tells the recipients that their network has been breached and that the threat actor has stolen their data. Vinny Troia blamed a threat actor known as “ pompomourin ,” as the author of the attack. Wow I can’t imagine who would be behind this. Follow me on Twitter: @securityaffairs and Facebook.

Hacking 143

Hacking Technology Information Security 143

CyberSecurity Insiders

JULY 18, 2021

For marketing firms, it is easy to tell whether an online shopper is using a Macbook or not- all thanks to Browser & cookies data; and based on such predictions, they target the user with prices that are usually exorbitant that what other Windows PC users are paying.

Scams 137

Scams Retail Marketing Cybersecurity 137

Troy Hunt

JANUARY 29, 2024

You may only search information about yourself, or those you are authorized in writing to do so. Furthermore, you may only search for information about yourself or those who you are authorized in writing to do so." That's not going to keep you out of trouble!

Data breaches 276

Data breaches Passwords Advertising Personal Security 276

Krebs on Security

APRIL 16, 2024

The Associated Press reports that Keel was careful not to release many details about the breach at his hearing, telling lawmakers he knows who did it but that he wasn’t ready to name anyone. In January 2024, authorities in Australia, the United States and the U.K.

Identity Theft 230

Identity Theft Banking Cybercrime Hacking 230