Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.

Phishing 353

Phishing VPN Social Engineering Media 353

Tech Republic Security

AUGUST 19, 2020

365 ICS vulnerabilities were disclosed in the first half of the year, 75% of them are high or critical on the CVSS scale, and nearly three-quarters can be exploited remotely, according to a report.

Cybersecurity 214

Cybersecurity 214

Adam Shostack

AUGUST 19, 2020

These are the books that I read in Q2 2020 that I think are worth your time. Sorry it’s late. They’re still worthwhile. Cyber. You’ll See This Message When It Is Too Late , by Josephine Wolff. This is an interesting examination of the effects of finger-pointing and blame avoidance on the cybersecurity landscape, with chapter titles like “How the TJX breach set the sate for a decade of payment card conflict” and “what they aren’t telling you is their rule

Internet 147

Internet Internet Software Government 147

Tech Republic Security

AUGUST 19, 2020

Manufactured by Thales, the EHS8 module family has security flaws that could allow attackers to take total control over internet-connected industrial machines.

IoT 218

IoT Manufacturing Internet Internet 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Threatpost

AUGUST 19, 2020

Researchers reveal technology called SpiKey that can ‘listen’ to the clicks a key makes in a lock and create a duplicate from the sounds.

Technology 135

Technology Hacking 135

Tech Republic Security

AUGUST 19, 2020

There are new issues organizations should consider as work from home continues with no end in sight. One expert offers ideas to secure your widening perimeter.

212

212

Tech Republic Security

AUGUST 19, 2020

Without early threat detection, you may not know your website has been hit by a DDoS attack until it slows down or stops, says NordVPN Teams.

DDOS 207

DDOS Threat Detection 207

Threatpost

AUGUST 19, 2020

A patch has been issued for the flaw in a widely-used module, and researchers are urging IoT manufacturers to update their devices ASAP.

IoT 116

IoT Manufacturing Internet Internet 116

Tech Republic Security

AUGUST 19, 2020

The company says in SEC filing it is preparing for potential claims from guests, employees, and shareholders based on the data accessed.

Ransomware 186

Ransomware 186

Threatpost

AUGUST 19, 2020

Up to 61 percent out of the IATA (International Air Transport Association) airline members do not have a published DMARC record.

Authentication 119

Authentication 119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

AUGUST 19, 2020

If you want to lock down your Nextcloud instance so only certain computers can log in, follow these steps.

177

177

WIRED Threat Level

AUGUST 19, 2020

You should never invest without fully understanding the risks, but tax prep and stock trading services often obfuscate the things you really need to know.

Risk 97

Risk 97

Dark Reading

AUGUST 19, 2020

Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.

Manufacturing 94

Manufacturing IoT Network Security 94

Threatpost

AUGUST 19, 2020

The unique, advanced worming P2P botnet drops backdoors and cryptominers, and is spreading globally.

Malware 99

Malware 99

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

AUGUST 19, 2020

Users regularly reuse logins and passwords, and data thieves are leveraging that reality to breach multiple accounts.

Passwords 133

Passwords Accountability 133

Security Affairs

AUGUST 19, 2020

US CISA published an alert related to a new North Korean malware, dubbed BLINDINGCAN, used in attacks on the US defense and aerospace sectors. The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) that includes technical details about a new strain of malware, tracked as BLINDINGCAN, that was attributed to North Korea.

Malware 70

Malware Cyber threats Government System Administration 70

Dark Reading

AUGUST 19, 2020

Three key areas security professionals should watch when managing their budgets.

107

107

Security Affairs

AUGUST 19, 2020

The actively exploited Windows spoofing vulnerability (CVE-2020-1464) recently patched by Microsoft has been known for more than two years. The actively exploited Windows spoofing flaw, tracked as CVE-2020-1464 and patched last week by Microsoft, has been known for more than two years, researchers revealed. Microsoft’s August 2020 Patch Tuesday security updates addressed 120 vulnerabilities, including two zero-days that have been exploited in attacks in the wild.

Advertising 70

Advertising Malware Internet Internet 70

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 19, 2020

As part of a continuous testing approach, fuzzing has evolved to provide in-depth code checks for unknown vulnerabilities before deployment.

Technology 113

Technology 113

SecureWorld News

AUGUST 19, 2020

What could you do with $50 and a disposable coffee cup? One option would be to order a lot of coffee. Another option: take down part of the power grid. And security researchers at the University of California, Irvine (UCI) just revealed how it's possible. How does a cyber-physical attack work? When we think about cyberattacks and cybersecurity, the concept that comes to mind is intangibility.

Engineering 57

Engineering Cybersecurity 57

Dark Reading

AUGUST 19, 2020

Hidden Cobra, an APT group associated with the government of North Korea, is thought to be behind the campaign.

Government 93

Government 93

SecureWorld News

AUGUST 19, 2020

According to Akamai, these old dogs have some new tricks. And by new tricks, we mean new DDoS extortion threats. This August, old cyber actors have returned with a string of malicious DDoS attacks. Or are they copycats? Old actors, new threats. They might sound strange to anyone outside the cybersecurity sphere, but the names Fancy Bear and Armada Collective are well-known bad actors.

DDOS 52

DDOS Retail Banking Security Intelligence 52

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

AUGUST 19, 2020

More scrutiny of products for industrial control systems is expected to expose even more weaknesses in devices that run critical infrastructure.

80

80

Notice Bored

AUGUST 19, 2020

Inspired by a heads-up from a colleague on LinkeDin, I bumped into MURAL today. MURAL is a 'digital workspace for visual collaboration' by virtual teams. The animated demonstration on their home page caught my beady eye. Here's a static snapshot as a small group of people are busy placing/moving blobs on a graphic, presumably while discussing what they are doing on a parallel channel (e.g.

Architecture 52

Architecture Security Awareness Risk 52

Dark Reading

AUGUST 19, 2020

'FritzFrog' is fileless, uses its own proprietary P2P implementation, and has breached at least 500 servers so far, Guardicore says.

79

79

Penetration Testing

AUGUST 19, 2020

Credential Digger Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), filtering the false positive data through machine learning models. It supports Python... The post credential digger v4.12 releases: identifies hardcoded credentials appeared first on Penetration Testing.

Penetration Testing 40

Penetration Testing Passwords 40

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Daniel Miessler

AUGUST 19, 2020

I’ve been in security for over 20 years now and have received thousands of emails asking for help or mentorship. And throughout that time I’ve also reached out to hundreds of people asking for something similar. I’ve had a mix of success and failure on both ends of that equation, and I think I might have deciphered what was going wrong. This can still work with some people, if it’s authentic.

Authentication 255

Authentication Information Security 255

Security Affairs

AUGUST 19, 2020

Researchers spotted a new sophisticated peer-to-peer (P2P) botnet, dubbed FritzFrog, that has been actively targeting SSH servers since January 2020. FritzFrog is a new sophisticated botnet that has been actively targeting SSH servers worldwide since January 2020. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in government, education, and finance sectors.

Cryptocurrency 122

Cryptocurrency Malware Advertising Encryption 122

Security Affairs

AUGUST 19, 2020

Chinese hackers have hacked thousands of Taiwan Government email accounts belonging at least 10 Taiwan government agencies, officials said. Chinese hackers have gained access to around 6,000 email accounts belonging to at least 10 Taiwan government agencies, officials said. According to a top Taiwan cyber official, the attacks are part of a cyber espionage campaign.

Government 136

Government Hacking Accountability Advertising 136