Schneier on Security

DECEMBER 4, 2020

Neat story : German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during World War Two which they believe was thrown overboard from a scuttled submarine. Thinking they had discovered a typewriter entangled in a net on the seabed of Gelting Bay, underwater archaeologist Florian Huber quickly realised the historical significance of the find.

274

274

Troy Hunt

DECEMBER 4, 2020

It's a lighter weekly update this week, kinda feels like I'm still recovering from last week's epic IoT series TBH. It's also the last update from home before I go on my first decent trip since the whole pandemic thing started and as such, the next five updates will all come from other locations, some of them rather, uh, "remote". But there's still an hour of content today including the fact that it's HIBP's birthday ??

Password Management 236

Password Management IoT Passwords 236

Schneier on Security

DECEMBER 4, 2020

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free.

Information Security 202

Information Security 202

Tech Republic Security

DECEMBER 4, 2020

CyberNews analyzed more than 15 billion passwords; if your favorite one is at the top of the list, it's time to change right now.

Passwords 187

Passwords Internet Internet 187

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Javvad Malik

DECEMBER 4, 2020

Following on from last weeks post in which I summed up my top 5 blogs of the year , the sequel that one person asked me for was, what were the most watched videos of mine during 2020? Well, wonder no more, as I give you the top 5 in reverse order, cue the Top of the Pops intro! 5: Social Distance Club. Nothing to do with security and all to do with staying safe during a pandemic. 4: 7 talks I’m planning once the pandemic is over.

Security Awareness 130

Security Awareness 130

Adam Levin

DECEMBER 4, 2020

Retailers around the world are anticipating less foot traffic in their shops this holiday season, with more than 75% of consumers expected to do most of their shopping online due to the pandemic. And if there was any doubt as to this proposition, Black Friday certainly proved the point. While that will certainly keep consumers safer when it comes to Covid-19 infections, it could make them more vulnerable to other ills like cybercrime.

Cybersecurity 130

Cybersecurity Firewall Internet Internet 130

Adam Levin

DECEMBER 4, 2020

The personal information of over 243 million Brazilians was left accessible online for at least six months. The data leak was discovered by the Brazilian newspaper Estadao and has been attributed to web developers leaving the password to a government database in the source code of a publicly accessible website. The potentially exposed data included full names, addresses, telephone numbers, and medical details of anyone who had registered with the country’s national health system, totaling roughl

Passwords 130

Passwords Government Identity Theft Data breaches 130

Security Affairs

DECEMBER 4, 2020

VMware addressed CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has finally released security updates to fix the CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. At the end of November, VMware only has released a workaround to address the critical zero-day vulnerability that affects multiple VMware Workspace One components.

Passwords 105

Passwords Accountability Malware Hacking 105

Quick Heal Antivirus

DECEMBER 4, 2020

A software engineer wanted to sell his washing machine. He placed an advertisement on an e-commerce website and. The post Protect yourself from Fraudulent QR codes appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Advertising 98

Advertising Engineering Software Scams 98

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library. The vulnerability is rated 8.8 out of 10.0 and impacts Android’s Play Core Library versions prior to 1.7.2.

Hacking 99

Hacking Risk Mobile Banking 99

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

DECEMBER 4, 2020

Santa will soon come down the chimney, but there are potential entry points into your home and digital life that you should never leave open. The post Cybersecurity Advent calendar: Let Santa in, keep hackers out! appeared first on WeLiveSecurity.

Cybersecurity 98

Cybersecurity 98

Security Affairs

DECEMBER 4, 2020

A group of Iranian hackers gained access to a un unprotected ICS at an Israeli Water Facility and posted a video as proof of the hack. Researchers from industrial cybersecurity firm OTORIO revealed that a group of Iranian hackers gained access to a un unprotected ICS at the Israeli Water Facility. The threat actors accessed a human-machine interface (HMI) system that was left unsecured online and published a video hack.

Cyber Attacks 96

Cyber Attacks Hacking Authentication Education 96

CompTIA on Cybersecurity

DECEMBER 4, 2020

IT pros should always strive to improve their skills. Research shows that your employer thinks there are cybersecurity skills you should improve on too. Learn about the 9 skills you should improve on.

Cybersecurity 96

Cybersecurity 96

TrustArc

DECEMBER 4, 2020

Technology brings new demands for compliance, especially given the amount of personal data collected through various means and how it is both used and combined. However, technology can also be used to assist compliance professionals by providing the necessary information quickly. In most of the Serious Privacy episodes, co-hosts Paul Breibarth and K Royal have discussed one or more […].

Technology 93

Technology Data collection 93

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

DECEMBER 4, 2020

The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week.

Ransomware 91

Ransomware Encryption IoT Government 91

Dark Reading

DECEMBER 4, 2020

Email accounts are common targets for attack. Understanding how attack types differ is critical for successful defense.

Accountability 93

Accountability 93

Threatpost

DECEMBER 4, 2020

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important.".

Cybersecurity 111

Cybersecurity 111

Google Security

DECEMBER 4, 2020

Posted by Artur Janc and terjanq, Information Security Engineers The web is an ecosystem built on openness and composability. It is an excellent platform for building capable applications, and it powers thousands of services created and maintained by engineers at Google that are depended on by billions of users. However, the web's open design also allows unrelated applications to sometimes interact with each other in ways which may undermine the platform's security guarantees.

Engineering 75

Engineering Information Security 75

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

DECEMBER 4, 2020

Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors.

Network Security 97

Network Security Software InfoSec 97

Dark Reading

DECEMBER 4, 2020

Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again.

Software 106

Software 106

Threatpost

DECEMBER 4, 2020

Desktop versions of the browser received a total of eight fixes, half rated high-severity.

Hacking 108

Hacking 108

Dark Reading

DECEMBER 4, 2020

Gunter Ollman explains the benefits of CPSM technology, how IT security teams have evolved, and how the pandemic has shaped security.

Technology 113

Technology 113

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

DECEMBER 4, 2020

The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images.

Media 94

Media Malware Hacking 94

Security Affairs

DECEMBER 4, 2020

The Egregor ransomware operators hit Metro Vancouver’s transportation agency TransLink disrupting services and payment systems. Egregor ransomware operators made the headlines again, this time they hit Metro Vancouver’s transportation agency TransLink causing the disruption of its services and payment systems. The news was also confirmed by Global News which has obtained the ransom letter sent to TransLink after the company announced to have detected “suspicious network activity” this week that

Ransomware 68

Ransomware Media Hacking Technology 68

Security Weekly

DECEMBER 4, 2020

The post Applying Math to Solve Risk-Based Vulnerability Management appeared first on Security Weekly.

Risk 91

Risk 91

Security Affairs

DECEMBER 4, 2020

The Islamic hacker Ardit Ferizi, who is serving 20 years for giving his support to Islamic State group has been granted compassionate release. Ardit Ferizi , aka Th3Dir3ctorY, is the hacker that supported the ISIS organization by handing over data for 1,351 US government and military personnel. Ferizi is the first man charged with cyber terrorism that was extradited to the US early this year.

Hacking 65

Hacking Government Risk Information Security 65

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

DECEMBER 4, 2020

Homomorphic encryption and federated learning could allow groups to share data and analysis while protecting the actual information.

Technology 101

Technology Encryption 101

We Live Security

DECEMBER 4, 2020

ESET researchers analyze Turla Crutch, Cybersecurity Trends 2021 report is out and how to stay safe when paying with your phone. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Cybersecurity 64

Cybersecurity 64

Security Weekly

DECEMBER 4, 2020

The post Building A Truly Unified Endpoint Data Platform appeared first on Security Weekly.

83

83

SecureWorld News

DECEMBER 4, 2020

Looking back, it has certainly been a wild ride in 2020. And, candidly, all of my predictions at the beginning of the year did not even come close to being accurate. Well, actually, one did: technology, cyber, and privacy are still on the rise and influencing businesses across a wide variety of industries. But, as we head into the final month of 2020, and look forward to hopefully a calmer and safer 2021, it is a good opportunity to take stock of where things stand, and what we can expect around

Data privacy 52

Data privacy Technology Risk Phishing 52

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.