Krebs on Security
OCTOBER 9, 2020
A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet , a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. Image: Shuttstock.
Troy Hunt
OCTOBER 9, 2020
It's a bit of a mega one this week running over the 1-hour mark, but there's been an awful lot happen during the last week that I reckon is of interest. There's a decidedly adult theme running across the topics not by design, but just by pure coincidence between the Grindr incident, a query I got regarding erasing one's adult website browsing history and the IoT male chastity device full of security holes and potential requiring a grinder (not Grindr!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 9, 2020
Hackers accidentally allowed into company software by security noncompliant employees cost businesses millions annually; we asked experts to weigh in on best safety practices.
Adam Shostack
OCTOBER 9, 2020
In a simpler age, Matt Stoller famously lost his job for critiquing Google. He has a really interesting article summarizing and analyzing the massive anti-trust report at Congress Gets Ready to Smash Big Tech Monopolies. If you’re like me, unsure if or how this might matter, take the time to read what he said. (Via Wendy Grossman , who also has interesting commentary.).
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 9, 2020
Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. Two experts weigh in.
Threatpost
OCTOBER 9, 2020
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Threatpost
OCTOBER 9, 2020
Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.
Tech Republic Security
OCTOBER 9, 2020
Jack Wallen offers his take on the upcoming release of the Ring Always Home Cam.
Security Affairs
OCTOBER 9, 2020
German tech firm Software AG has suffered a ransomware attack that took place during last weekend, media blamed the Clop ransomware gang. The website ZDNet revealed in exclusive that German tech firm Software AG was hit by the Clop ransomware , the criminal gang is demanding more than $20 million ransom. Clop ransomware's base ransom amount for a German company is over 20 million $… That is a serious amount for sure.
Dark Reading
OCTOBER 9, 2020
Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
OCTOBER 9, 2020
Cisco fixed three high-severity flaws in Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. Cisco has addressed three high-severity flaws and eleven medium-severity vulnerabilities in its Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. The most severe of these vulnerabilities is a Remote Code Execution and Denial of Service issue in Cisco’s Video Surveillance 8000 Series IP Cameras.
Dark Reading
OCTOBER 9, 2020
In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works.
eSecurity Planet
OCTOBER 9, 2020
Your SD-WAN solution comes with built-in security, but it's likely not enough to meet enterprise security requirements. Here are some next steps.
Dark Reading
OCTOBER 9, 2020
So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
OCTOBER 9, 2020
Microsoft warns of Android ransomware that activates when you press the Home button. Microsoft spotted a new strain of Amdroid ransomware tracked as MalLocker.B that activates when the users press the Home button. Researchers from Microsoft spotted a new strain of Android ransomware that abuses the mechanisms behind the “incoming call” notification and the “Home” button to lock the screen on the victim’s device.
Threatpost
OCTOBER 9, 2020
Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports -- which will dictate new bonus percentages.
Security Affairs
OCTOBER 9, 2020
NATO Chief calls for a new strategic to mitigate the risks related to the threats to the rising technologies, new forms of terrorism, and the role of China. The rapid and continuous changes in our society needs to be properly addressed, NATO warns, NATO Chief call for a new strategic to address the global rise of new technologies, the evolution of terrorism and role of China in the global politics.
Google Security
OCTOBER 9, 2020
Posted by Abhishek Arya, Chrome Security team Open source software is the foundation of many modern software products. Over the years, developers increasingly have relied on reusable open source components for their applications. It is paramount that these open source components are secure and reliable, as weaknesses impact those that build upon it.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
OCTOBER 9, 2020
The hacker who shared with the ISIS personal data of more than 1,300 U.S. government and military personnel will remain in a federal prison. Ardit Ferizi , aka Th3Dir3ctorY, is the hacker that supported the ISIS organization by handing over data for 1,351 US government and military personnel. Ferizi is the first man charged with cyber terrorism that was extradited to the US early 2016.
Dark Reading
OCTOBER 9, 2020
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
eSecurity Planet
OCTOBER 9, 2020
We review the top vendors in threat intelligence, which has become a critical security tool as the volume and complexity of threat vectors grows.
Dark Reading
OCTOBER 9, 2020
Like most such mobile malware, the new one doesn't encrypt data but attempts to make an infected system impossible to use, Microsoft says.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Threatpost
OCTOBER 9, 2020
The malware also has a unique machine-learning module.
Dark Reading
OCTOBER 9, 2020
Budgets are on the rise, even in a time of revenue worries across the industry.
Spinone
OCTOBER 9, 2020
According to Microsoft, SharePoint has 190 million users across 200,000 organizations. Just like with other Office 365 services, a backup for SharePoint is critical for protecting your data (and here’s why ). As one of the leading Office 365 backup providers, we would like to show several ways to back up SharePoint data using both native and third-party tools.
Schneier on Security
OCTOBER 9, 2020
Genetic research finds the Humboldt squid is vulnerable to overfishing. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
325 
Let's personalize your content