Schneier on Security
SEPTEMBER 22, 2020
Amazon drivers — all gig workers who don’t work for the company — are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are: The phones in trees seem to serve as master devices that dispatch routes to multiple nearby drivers in on the plot, according to drivers who have observed the process.
Adam Levin
SEPTEMBER 22, 2020
The personal information of 540,000 sports referees, league officials, and school representatives has been compromised following a ransomware attack targeting a software vendor for the athletics industry. ArbiterSports, a software provider for several sports leagues including the NCAA, announced that it had averted a ransomware attack in July 2020, but despite blocking the attempt to encrypt their systems, the company discovered that a database backup had been accessed prior to the attack.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 22, 2020
No real surprises, but we finally have the story. The story he went on to tell is strikingly straightforward. De Guzman was poor, and internet access was expensive. He felt that getting online was almost akin to a human right (a view that was ahead of its time). Getting access required a password, so his solution was to steal the passwords from those who’d paid for them.
Tech Republic Security
SEPTEMBER 22, 2020
Security is changing rapidly, and the COVID-19 pandemic hasn't helped. A Cisco roundtable of chief information security officer advisers plotted the course for a secure future.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
SEPTEMBER 22, 2020
Understaffed, underfunded, and underequipped, IT teams in the K-12 sector face a slew of challenges amid remote and hybrid learning models. Here's where they can begin to protect their schools against cyberattacks.
Tech Republic Security
SEPTEMBER 22, 2020
Passwords are the most important factor for securing your accounts. But you need to pay attention to your usernames as well, says NordPass.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 22, 2020
Keeping the hackers out remains a top priority but firms are also looking at new areas of investment.
WIRED Threat Level
SEPTEMBER 22, 2020
Operation Disruptor is an unprecedented international law enforcement effort, stemming from last year’s seizure of a popular underground bazaar called Wall Street Market.
Tech Republic Security
SEPTEMBER 22, 2020
Thirty-nine percent of developers said the security team is responsible for securing apps, while 67% of AppSec practitioners said their teams are responsible, according to a new study.
Security Affairs
SEPTEMBER 22, 2020
A global police sting dubbed Operation DisrupTor targeted vendors and buyers of illicit goods on the dark web, Europol announced. A coordinated operation conducted by law enforcement agencies across the world, dubbed Operation DisrupTor, targeted vendors and buyers of illicit goods on the dark web. The operation, led by the German federal criminal police, saw the participation of law agencies from Austria, Britain, Germany, the Netherlands, Sweden, and the United States.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Trend Micro
SEPTEMBER 22, 2020
We take note of the ways shell scripts have changed in the hands of cybercriminals and how it can be employed in the development of malware payloads in malicious routines.
Security Affairs
SEPTEMBER 22, 2020
A United Kingdom national, member of ‘The Dark Overlord’ hacking group was sentenced to five years in federal prison, announced the US DoJ. The United Kingdom national Nathan Wyatt (39), a member of ‘The Dark Overlord’ hacking group, was extradited to the United States in December 2019. The man was charged by U.S. authorities on six counts of aggravated identity theft, threatening to damage a protected computer, and conspiracy.
Dark Reading
SEPTEMBER 22, 2020
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
Security Affairs
SEPTEMBER 22, 2020
The investigation of German authorities on the recent attack on the Dusseldorf hospital reveals the possible involvement of Russian hackers. Last week, German authorities revealed that a cyber attack hit a major hospital in Duesseldorf, the Duesseldorf University Clinic, and a woman who needed urgent admission died after she had to be taken to another city for treatment.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
SEPTEMBER 22, 2020
New research shows how security skills are lacking across multiple IT disciplines as well - including network engineers, sys admins, and cloud developers.
Threatpost
SEPTEMBER 22, 2020
A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows.
Dark Reading
SEPTEMBER 22, 2020
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
Threatpost
SEPTEMBER 22, 2020
Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
SEPTEMBER 22, 2020
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
Threatpost
SEPTEMBER 22, 2020
Microsoft announced a new Security Guide to help cybersecurity professionals more quickly untangle relevant bugs in its monthly security bulletins.
Dark Reading
SEPTEMBER 22, 2020
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right.
Threatpost
SEPTEMBER 22, 2020
Mozilla has fixed three high-severity flaws with the release of Firefox 81 and Firefox ESR 78.3.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
SEPTEMBER 22, 2020
US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning federal agencies and the private sector of a surge in the attacks employing the LokiBot malware since July 2020.
Threatpost
SEPTEMBER 22, 2020
Windows MSI files provide an opening for attackers even though the bug was mostly patched in July.
Dark Reading
SEPTEMBER 22, 2020
Security service JupiterOne spins off from a healthcare service provider's homegrown technology.
Threatpost
SEPTEMBER 22, 2020
The Call of Duty behemoth said that the reports of widespread hacks are false.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
ForAllSecure
SEPTEMBER 22, 2020
In our previous post, we discussed that the key ingredient to a true DevSecOps process is accurate testing. In this post, we’ll share how to implement an accurate application security testing program that effectively manages risk, while protecting developer productivity. Two of Each is All You Need. There are many different types of application security testing tools you can choose from.
Google Security
SEPTEMBER 22, 2020
Posted by Haining Chen, Vishwath Mohan, Kevin Chyn and Liz Louis, Android Security Team [Cross-posted from the Android Developers Blog ] As phones become faster and smarter, they play increasingly important roles in our lives, functioning as our extended memory, our connection to the world at large, and often the primary interface for communication with friends, family, and wider communities.
ForAllSecure
SEPTEMBER 22, 2020
In our previous post, we discussed that the key ingredient to a true DevSecOps process is accurate testing. In this post, we’ll share how to implement an accurate application security testing program that effectively manages risk, while protecting developer productivity. Two of Each is All You Need. There are many different types of application security testing tools you can choose from.
Dark Reading
SEPTEMBER 22, 2020
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
269 
Let's personalize your content