Schneier on Security

OCTOBER 13, 2020

One of the things we learned from the Snowden documents is that the NSA conducts “about” searches. That is, searches based on activities and not identifiers. A normal search would be on a name, or IP address, or phone number. An about search would something like “show me anyone that has used this particular name in a communications,” or “show me anyone who was at this particular location within this time frame.” These searches are legal when conducted for the

Surveillance 330

Surveillance Wireless Accountability Architecture 330

SecureWorld News

OCTOBER 13, 2020

FBI sting reveals a ransomware gang is bribing employees to help launch cyber attacks against their own employers. Details of a foiled ransomware attack.

Ransomware 271

Ransomware Cyber Attacks 271

Adam Levin

OCTOBER 13, 2020

Microsoft has stepped up its efforts to disrupt the Trickbot malware botnet after receiving permission to take on its network infrastructure. Citing concerns of potential activity to disrupt the upcoming elections, Microsoft was granted approval from the U.S. District Court for the Eastern District of Virginia to disable online servers connected to the botnet. .

Threat Detection 161

Threat Detection Malware Banking Ransomware 161

Tech Republic Security

OCTOBER 13, 2020

Cyberattacks against businesses have spiked since the shift to remote work began in early 2020, says Keeper Security.

Cybersecurity 201

Cybersecurity 201

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Lenny Zeltser

OCTOBER 13, 2020

REMnux ® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro? To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. Each grouping, which you’ll find in the Discover the Tools section of the documentation site, represents the type of actions the analysts might need to take: Exa

Malware 145

Malware Engineering Software Information Security 145

Security Affairs

OCTOBER 13, 2020

Britain’s most senior cyber general declared that the UK has implemented an advanced offensive cyberwar capability that could destroy its enemies. Gen Sir Patrick Sanders, the UK’s strategic command chief, announced that that the UK has implemented an advanced offensive cyberwar capability that could potentially “degrade, disrupt and destroy” the critical infrastructure of its adversaries.

Government 143

Government Advertising Hacking Cyber Attacks 143

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. The market surpassed $100 billion in revenue, and it’s revenue for the 2025 projections tell us that it will hit $1.5 trillion.

IoT 131

IoT Cybersecurity Manufacturing Internet 131

Threatpost

OCTOBER 13, 2020

The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.

Software 126

Software Ransomware Data breaches IoT 126

Tech Republic Security

OCTOBER 13, 2020

Prizes for bad actors can be access to stolen data and tools to make hacks easier, according to new research from Trend Micro.

Hacking 137

Hacking 137

WIRED Threat Level

OCTOBER 13, 2020

Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing.

126

126

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

OCTOBER 13, 2020

Microsoft October 2020 Patch Tuesday security updates address 87 vulnerabilities, including 21 remote code execution (RCE) issues. Microsoft October 2020 Patch Tuesday security updates address 87 vulnerabilities, including 21 remote code execution (RCE) issues. The remote code execution (RCE) flaws fixed by Microsoft affects multiple products, including Excel, Outlook, the Windows Graphics component, and the Windows TCP/IP stack.

Advertising 115

Advertising Software Accountability Hacking 115

Digital Shadows

OCTOBER 13, 2020

Since the start of the COVID-19 pandemic, Digital Shadows has observed a significant increase in the number of SMS-based phishing. The post Clickbait to Checkmate: SMS-based scam targets US smartphones and accesses victim locations first appeared on Digital Shadows.

Scams 98

Scams Phishing Cybercrime 98

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw LLP is an international AmLaw 100 law firm headquartered in Chicago, Illinois, its clients include over 300 of the Fortune 500 companies, and its practice reflects virtually every industry and segment of the economy.

Ransomware 113

Ransomware Advertising Malware Encryption 113

McAfee

OCTOBER 13, 2020

2020 has seen cloud adoption accelerate with Microsoft Teams as one of the fastest growing collaboration apps, McAfee customers use of Teams increased by 300% between January and April 2020. When we looked into Teams use in more detail in June, we found these statistics, on average, in our customer base: Teams Created 367.

Malware 98

Malware Risk Technology Government 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SecureWorld News

OCTOBER 13, 2020

All modern airplanes use what is known as avionics systems and networks for the purpose of sharing a wide range of data, including GPS, weather, and communications. This information is shared with pilots, maintenance crews, other airplanes, and air traffic controllers. In an interview at our own SecureWorld Cincinnati conference, Deneen DeFiore, former VP & CISO at GE Aviation and current CISO at United Airlines, discussed the importance of cybersecurity and aviation.

Cybersecurity 96

Cybersecurity Risk CISO Cyber threats 96

Security Affairs

OCTOBER 13, 2020

Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player that could be easily exploited by hackers. Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player (CVE-2020-9746) that could be exploited by threat actors by tricking the victims into visiting a website.

Advertising 94

Advertising Hacking Risk Information Security 94

Dark Reading

OCTOBER 13, 2020

With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.

Ransomware 108

Ransomware 108

Threatpost

OCTOBER 13, 2020

There were 11 critical bugs and six that were unpatched but publicly known in this month's regularly scheduled Microsoft updates.

Advertising 110

Advertising 110

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

OCTOBER 13, 2020

If data security were a student, its report card would read "Not performing to potential." Here's why.

Marketing 126

Marketing 126

Threatpost

OCTOBER 13, 2020

The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media tokens, passwords, messaging history and more.

Authentication 103

Authentication Media Passwords IoT 103

WIRED Threat Level

OCTOBER 13, 2020

From arrests to surveillance, governments are using the novel coronavirus as cover for a crackdown on digital liberty.

Internet 111

Internet Internet Surveillance Government 111

Threatpost

OCTOBER 13, 2020

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.

107

107

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

OCTOBER 13, 2020

While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.

106

106

Threatpost

OCTOBER 13, 2020

Bad actors are leveraging legitimate services and tools within Microsoft's productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.

Cyber Attacks 91

Cyber Attacks Phishing Software Ransomware 91

Dark Reading

OCTOBER 13, 2020

The October 2020 Patch Tuesday fixed 87 vulnerabilities, including 21 remote code execution flaws, in Microsoft products and services.

105

105

Threatpost

OCTOBER 13, 2020

Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.

Government 73

Government Risk VPN 73

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

OCTOBER 13, 2020

It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

Government 90

Government 90

Security Affairs

OCTOBER 13, 2020

Members of the Five Eyes intelligence alliance once again call for tech firms to engineer backdoors into end-to-end and device encryption. States of the Five Eyes intelligence alliance (US, UK, Canada, Australia, and New Zealand), plus Japan and India, once again call for tech firms to implement backdoors into end-to-end and device encryption. “We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and

Encryption 68

Encryption Data privacy Advertising Technology 68

Dark Reading

OCTOBER 13, 2020

The state of email defenses has a role to play in the US presidential election.

Phishing 101

Phishing 101

Threatpost

OCTOBER 13, 2020

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.

Cryptocurrency 97

Cryptocurrency DNS 97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.