Adam Levin

AUGUST 7, 2020

The FBI warned in a private industry notification published August 3 that companies and organizations still using Windows 7 are at risk. Microsoft’s end of life (EOL) announcement for version 7 of its flagship Windows operating system means most customers still using it would no longer receive security updates or technical support. According to the FBI notification, continued use of the platform “creates the risk of criminal exploitation.”.

Risk 220

Risk Hacking Authentication Ransomware 220

Tech Republic Security

AUGUST 7, 2020

Security professionals must act before TLS 1.3 and DNS-over-HTTPS (DoH) are implemented or they won't be able to analyze network traffic and detect cyberthreats, warns Forrester Research.

DNS 218

DNS Encryption 218

Troy Hunt

AUGUST 7, 2020

What. A. Week. I've been absolutely non-stop publishing data breaches to HIBP whilst simultaneously putting in place the framework to start advising NordVPN on their cybers and open sourcing the HIBP code base at the same time (and a bunch of other more boring stuff that didn't make the cut). That's all explained in this week's update so I won't drill further into it here, there's obviously a couple of big announcements so if you have any questions, drop them in the comments below and I'll eithe

Data breaches 182

Data breaches 182

Tech Republic Security

AUGUST 7, 2020

If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.

170

170

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Threatpost

AUGUST 7, 2020

Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.

Data breaches 128

Data breaches 128

Dark Reading

AUGUST 7, 2020

Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.

IoT 107

IoT 107

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. Google revealed to have taken down ten coordinated operations in Q2 2020 (between April and June 2020), the campaigns were traced back to China, Russia, Iran, and Tunisia.

Accountability 89

Accountability Advertising Media Government 89

Threatpost

AUGUST 7, 2020

Chipmaker investigates a leak of intellectual property from its partner and customer resource center.

Data breaches 125

Data breaches 125

Security Affairs

AUGUST 7, 2020

An internal memo confirms that the prolonged outage suffered by Canon last week was caused by a ransomware infection, Maze operators took credit for it. According to an internal memo obtained by ZDNet , the recent outage of Canon was caused by a ransomware attack, while Maze ransomware operators are taking the credit for the incident. The memo also reveals that the company has hired an external security firm to investigate the incident.

Ransomware 87

Ransomware Advertising Banking Media 87

Threatpost

AUGUST 7, 2020

An inside look at how nation-states use social media to influence, confuse and divide -- and why cybersecurity researchers should be involved.

Cybersecurity 100

Cybersecurity Media CISO Government 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

AUGUST 7, 2020

A series of business email compromise campaigns has been targeting executives of more than 1,000 companies, most recently in the US and Canada.

90

90

Threatpost

AUGUST 7, 2020

Legacy applications don't support modern authentication -- and cybercriminals know this.

Accountability 108

Accountability Authentication Mobile Hacking 108

Dark Reading

AUGUST 7, 2020

Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.

96

96

Threatpost

AUGUST 7, 2020

Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.

Risk 83

Risk Data breaches 83

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

AUGUST 7, 2020

Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.

77

77

Security Affairs

AUGUST 7, 2020

Intel is investigating reports of an alleged hack that resulted in the theft and leak of 20GB of data coming from the chip giant. Intel is investigating reports that an alleged hacker has leaked 20GB of exfiltrated from its systems. The stolen data includes source code and developer documents and tools, some documents are labeled as “confidential” or “restricted secret.” The hackers shared the documents on the file-sharing site MEGA.

Firmware 61

Firmware Advertising Engineering Hacking 61

Dark Reading

AUGUST 7, 2020

Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.

Engineering 92

Engineering Software Hacking 92

Hacker Combat

AUGUST 7, 2020

It is important for businesses to be aware of what is happening in the industry as they impact companies on a micro level. You cannot reach a wider market without knowing what is happening around you. The best way to be aware is to pay attention to the facts and figures. In this article, we will highlight some payment stats to help you understand the market landscape.

Mobile 52

Mobile Marketing eCommerce Technology 52

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 7, 2020

Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.

74

74

Notice Bored

AUGUST 7, 2020

This morning I've been studying the final draft of the forthcoming second edition of ISO/IEC 27014 "Governance of information security" , partly to update ISO27001security.com but mostly out of my fascination with the topic. Section 8.2.5 of the standard specifies the governance objective to "Foster a security-positive culture": "Governance of information security should be built upon entity culture, including the evolving needs of all the interested parties, since human behaviour is one of the

Government 52

Government InfoSec Information Security Accountability 52

Dark Reading

AUGUST 7, 2020

Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.

Security Awareness 58

Security Awareness Social Engineering Engineering 58

Troy Hunt

AUGUST 7, 2020

Let me just cut straight to it: I'm going to open source the Have I Been Pwned code base. The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the betterment of the project and frankly, for the betterment of everyone who uses it. Let me explain why and how. HIBP is a Community Project I've been giving a great deal of thought to how I want this project to evolve lately, especially in the wake of the M&A proce

Passwords 363

Passwords Architecture Data breaches Internet 363

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Schneier on Security

AUGUST 7, 2020

There's a new SQUID : A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum world and the familiarity of the macroscopic world we experience every day. The atomtronic Superconducting QUantum Interference Device (SQUID) is also potentially useful for ultrasensitive rotation measurements and as a component in quantum computers.

Computers and Electronics 203

Computers and Electronics 203

Security Affairs

AUGUST 7, 2020

Reddit suffered a massive hack, threat actors compromised tens of Reddit channels and defaced them showing messages in support of Donald Trump’s campaign. Reddit suffered a massive hack, threat actors defaced tens of channel to display messages in support of Donald Trump’s reelection campaign. At the time of writing, the massive hack is still ongoing and Reddit’s security team is working to restore the operations.

Hacking 135

Hacking Accountability Passwords Authentication 135

WIRED Threat Level

AUGUST 7, 2020

By apparently compromising moderator accounts, the attackers were able to plaster MAGA materials all over at least 70 popular subreddits.

Accountability 99

Accountability Hacking 99

Dark Reading

AUGUST 7, 2020

The attack has defaced the channels with images and content supporting Donald Trump.

82

82

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity