Mon.Sep 21, 2020

article thumbnail

No, Moving Your SSH Port Isn’t Security by Obscurity

Daniel Miessler

I just came across another post on Hacker News talking about why you shouldn’t move your SSH port off of 22 because it’s Security by Obscurity. There are some good reasons not to move SSH ports in certain environments, such as usability. People absolutely love to invoke the “Security by Obscurity” boogeyman, and it makes them feel super smart when they do.

article thumbnail

Capital One Fined $80M, 'Failed Appropriate Risk Management for the Cloud'

SecureWorld News

Major fines and major findings in the Capitol One data breach investigation. Here is what a U.S. regulatory agency revealed about the bank data breach.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Former NSA Director Keith Alexander Joins Amazon’s Board of Directors

Schneier on Security

This sounds like a bad idea.

article thumbnail

Windows Server: Patch this critical flaw now says Homeland Security in emergency warning

Tech Republic Security

Government agencies in the US have until today to patch a Windows Server vulnerability that could give hackers control over federal networks.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

US House Passes IoT Cybersecurity Improvement Act

Security Affairs

The U.S. House of Representatives passed the IoT Cybersecurity Improvement Act, a bill that aims at improving the security of IoT devices. The U.S. House of Representatives last week passed the IoT Cybersecurity Improvement Act, a bill designed to improve the security of IoT devices. The IoT Cybersecurity Improvement Act First was first introduced in 2017, and later in 2019, a new version was introduced.

IoT 126
article thumbnail

Mozilla's VPN service works across mobile and desktop platforms

Tech Republic Security

Mozilla now offers a VPN service that protects Windows and mobile devices, and soon your Linux and macOS desktops. Jack Wallen shows you how to use the new offering.

VPN 143

More Trending

article thumbnail

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. According to Dexerto, the login for Activision accounts been publicly leaked and threat actors also changed accounts’ details to prevent easy recovery by the legitimate owners.

Hacking 106
article thumbnail

Cybercriminals Distribute Backdoor With VPN Installer

Trend Micro

In this entry, we share how threat actors are bundling legitimate Windscribe VPN installers with backdoors. Backdoors allow cybercriminals to gain access and control of computers remotely without the need for proper authentication.

VPN 99
article thumbnail

The Cheating Scandal That Ripped the Poker World Apart

WIRED Threat Level

Mike Postle was on an epic winning streak at a California casino. Veronica Brill thought he had to be playing dirty. Let the chips fall where they may.

108
108
article thumbnail

Remote Work Exacerbating Data Sprawl

Dark Reading

More than three-quarters of IT executives worry that data sprawl puts their data at risk, especially with employees working from insecure home networks, survey finds.

Risk 135
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Fileless Malware Tops Critical Endpoint Threats for 1H 2020

Threatpost

When it comes to endpoint security, a handful of threats make up the bulk of the most serious attack tools and tactics.

Malware 117
article thumbnail

FERC, NERC joint report on cyber incident response at electric utilities

Security Affairs

The US FERC and NERC published a study on cyber incident response at electric utilities that also includes recovery best practices. The U.S. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) released a study on cyber incident response and recovery best practices for electric utilities. The report is based on information shared by experts at eight U.S. electric utilities.

article thumbnail

5 Steps to Greater Cyber Resiliency

Dark Reading

Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.

104
104
article thumbnail

Discount Rules for WooCommerce WordPress plugin gets patch once again

Security Affairs

It has happened again, users of the Discount Rules for WooCommerce WordPress plugin have to install a third patch to fix 2 high-severity XSS flaws. Developers of the Discount Rules for WooCommerce WordPress plugin have revealed for the third time a security patch to address two high-severity cross-site scripting (XSS) flaws that could be exploited by an attacker to hijack a targeted site.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Was This the World's First Fatal Cyberattack?

SecureWorld News

I heard a speaker at the SecureWorld Twin Cities conference give this chilling warning: "We're entering a time where cybersecurity is no longer about data security. it is about life security. ". A recent ransomware attack against a German hospital appears to have made this prediction a reality. Patient dies following ransomware attack on German hospital.

article thumbnail

Unsecured Microsoft Bing Server Leaks Search Queries, Location Data

Threatpost

Data exposed included search terms, location coordinates, and device information - but no personal data.

Scams 103
article thumbnail

Hacking Yourself: Marie Moe and Pacemaker Security

Dark Reading

Future consumer devices, including pacemakers, should be built with security from the start.

Hacking 110
article thumbnail

Firefox for Android Bug Allows ‘Epic Rick-Rolling’

Threatpost

Anyone on the same Wi-Fi network can force websites to launch, with no user interaction.

Mobile 99
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw

Dark Reading

The directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.

86
article thumbnail

DHS Issues Dire Patch Warning for ‘Zerologon’

Threatpost

The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive for federal agencies to patch against the so-called ‘Zerologon’ vulnerability.

article thumbnail

'Dark Overlord' Cyber Extortionist Pleads Guilty

Dark Reading

Nathan Wyatt was sentenced to five years in prison after changing a previously not guilty plea.

89
article thumbnail

Exploitable Flaws Found in Facial Recognition Devices

Trend Micro

To gain a more nuanced understanding of the security issues present in facial recognition devices, we analyzed the security of four different models. Our case studies show how these devices can be misused by malicious attackers.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Focus on Fixing, Not Just Finding, Vulnerabilities

Veracode Security

When investing in an application security (AppSec) program, you expect to see a return on your investment. But in order to recognize a return, your organization needs to determine what success looks like and find a way to measure and prove that the program is meeting your definition of success. For those just starting on their AppSec journey, success might be eliminating OWASP Top 10 vulnerabilities or lowering flaw density.

article thumbnail

Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere

WIRED Threat Level

So-called single sign-on options offer a lot of convenience. But they have downsides that a good old fashioned password manager doesn't.