Schneier on Security

AUGUST 10, 2020

Yet another Internet-connected door lock is insecure : Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Users can share temporary codes and 'Ekeys' to friends and guests for scheduled access, but according to Tripwire researcher Craig Young, a hacker able to sniff out the device's MAC address can help themselves to an access key, to

Retail 334

Retail Marketing Internet Internet 334

Tech Republic Security

AUGUST 10, 2020

Such attacks have tried to capitalize on the loans provided by the SBA in the wake of the coronavirus pandemic.

Small Business 217

Small Business Phishing 217

Dark Reading

AUGUST 10, 2020

Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.

Risk 144

Risk 144

Threatpost

AUGUST 10, 2020

The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.

143

143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

AUGUST 10, 2020

Qualcomm has released a fix for the flaws in its Snapdragon chip, which attackers might exploit to monitor location or render the phone unresponsive.

Risk 122

Risk Hacking 122

Security Affairs

AUGUST 10, 2020

Nefilim ransomware operators allegedly targeted the SPIE group, an independent European leader in multi-technical services. Researchers from threat intelligence firm Cyble reported that Nefilim ransomware operators allegedly hacked The SPIE Group , an independent European leader in multi-technical services. The number of ransomware attacks continues to increase, hackers also steal victims’ data and threaten them to release the stolen info if they don’t pay the ransom.

Ransomware 100

Ransomware Hacking Advertising Backups 100

Dark Reading

AUGUST 10, 2020

When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.

Passwords 144

Passwords 144

Threatpost

AUGUST 10, 2020

Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims' passwords.

Passwords 119

Passwords 119

Dark Reading

AUGUST 10, 2020

A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives.

CISO 101

CISO InfoSec Hacking Risk 101

Threatpost

AUGUST 10, 2020

Google Home devices reportedly recorded noises even without the "Hey Google" prompt due to the inadvertent rollout of a home security system feature.

IoT 103

IoT 103

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception. Attackers could use cheap equipment like a basic home-television gear that goes from $300 to spy on the internet traffic for high-value targets.

Internet 83

Internet Internet Advertising Encryption 83

Threatpost

AUGUST 10, 2020

Attacks were way up year-over-year in the second quarter as people continue to work from home.

DDOS 116

DDOS Cybercrime 116

WIRED Threat Level

AUGUST 10, 2020

Human rights organizations have blamed the Belarusian government for widespread outages.

Internet 115

Internet Internet Government 115

Dark Reading

AUGUST 10, 2020

Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19.

DDOS 85

DDOS 85

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Google Security

AUGUST 10, 2020

Posted by Eugene Liderman and Xevi Miro Bruix, Android Security and Privacy Team Trust is very important when it comes to the relationship between a user and their smartphone. While phone functionality and design can enhance the user experience, security is fundamental and foundational to our relationship with our phones.There are multiple ways to build trust around the security capabilities that a device provides and we continue to invest in verifiable ways to do just that.

Manufacturing 75

Manufacturing Risk Mobile Marketing 75

Security Affairs

AUGUST 10, 2020

The list of sites blocked in MYANMAR includes many websites that did not fall under the categories adult content or fake news. Original post at: [link]. In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news.

Internet 69

Internet Internet Telecommunications DNS 69

SecureWorld News

AUGUST 10, 2020

When technology companies close the support door on their old systems and software, it opens the gates for cybercriminals. The most recent example of this is for organizations using Windows 7. According to law enforcement, hackers are taking advantage of those still using the software. Windows 7 'End of Life' is a cybercrime opportunity. A recent Private Industry Notification (PIN) from the FBI warns against the system's "End of Life" status, which it reached earlier this year: "On 14 January 20

Technology 64

Technology Healthcare Engineering Cybercrime 64

Dark Reading

AUGUST 10, 2020

Teaching the hardware hacker the skill of picking locks is evolving because of the pandemic's lockdown.

88

88

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Security Ledger

AUGUST 10, 2020

The sudden shift to 100% remote work has been jarring. How can businesses ensure remote workers are productive, while protecting sensitive data and minimizing cyberthreats? Rachael Stockton of LogMeIn and LastPass provides some tips. The post The Essential Role of IAM in Remote Work appeared first on The Security Ledger. Related Stories What’s Good IAM?

Small Business 52

Small Business Authentication Cyber Attacks Technology 52

Dark Reading

AUGUST 10, 2020

Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.

Scams 79

Scams 79

Security Affairs

AUGUST 10, 2020

The Director of the U.S. National Counterintelligence and Security Center (NCSC) shared info on attempts of influence 2020 U.S. elections. The Director of the U.S. National Counterintelligence and Security Center (NCSC) William Evanina shared information on ongoing operations aimed at influencing the 2020 U.S. elections. “Many foreign actors have a preference for who wins the election, which they express through a range of overt and private statements; covert influence efforts are rarer.

Media 95

Media Advertising Marketing Hacking 95

Dark Reading

AUGUST 10, 2020

You can quit worrying about IT tools in the OT environment.

89

89

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft