Krebs on Security

SEPTEMBER 14, 2020

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here’s the story of how companies searching for investors to believe in their ideas can run into trouble. Nick is an investment banker who runs a firm that helps raise capital for its clients (Nick is not his real name, and like other investment brokers interviewed in this stor

Scams 302

Scams Cryptocurrency Accountability Technology 302

Schneier on Security

SEPTEMBER 14, 2020

It’s complicated , but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.

Mobile 281

Mobile Banking Advertising 281

Security Affairs

SEPTEMBER 14, 2020

Giant office retail company Staples disclosed a data breach, threat actors accessed some of its customers’ order data. Staples, the office retail giant, disclosed a data breach, it notified its customers that their order data have been accessed by threat actors without authorization. The office retail giant sent out a data breach notification letter to the impacted customers, the incident took place around September 2.

Data breaches 138

Data breaches Retail Identity Theft Advertising 138

Tech Republic Security

SEPTEMBER 14, 2020

If you want to lock down your Nextcloud instance so only certain computers can log in, follow these steps.

127

127

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

SEPTEMBER 14, 2020

Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world. A team of researchers at Temple University in Philadelphia has presented a project named CIRWA (repository of critical infrastructure ransomware attacks) that aims at tracking ransomware attacks on critical infrastructure worldwide.

Ransomware 111

Ransomware Advertising Data collection Healthcare 111

Tech Republic Security

SEPTEMBER 14, 2020

Have you tested your network using a breach and attack simulator? If not, Jack Wallen shows you how with Infection Monkey.

110

110

Threatpost

SEPTEMBER 14, 2020

A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.

InfoSec 108

InfoSec 108

Dark Reading

SEPTEMBER 14, 2020

Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.

105

105

Threatpost

SEPTEMBER 14, 2020

Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Hacking 112

Hacking Malware 112

Security Affairs

SEPTEMBER 14, 2020

Personal details of hundreds of users of dating sites were exposed online earlier this month. An Elasticsearch server containing personal details of hundreds of thousands of dating site users were exposed online without authentication. The unsecured database was discovered by security researchers from vpnMentor at the end of August. “ vpnMentor’s research team recently received a report from an anonymous ethical hacker about a massive data leak exposing users of over 70 adult dating and

Marketing 90

Marketing Identity Theft Advertising Authentication 90

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

SEPTEMBER 14, 2020

In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.

Mobile 120

Mobile 120

Security Affairs

SEPTEMBER 14, 2020

Zerologon attack allows threat actors to take over enterprise networks by exploiting the CVE-2020-1472 patched in the August 2020 Patch Tuesday. Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday as soon as possible to protect their systems from Zerologon attack that exploits the CVE-2020-1472. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

Authentication 90

Authentication Passwords Advertising Architecture 90

Trend Micro

SEPTEMBER 14, 2020

A closer look at ransomware: Their changing techniques, targets, best practices, and solutions to defend and mitigate against them.

Ransomware 97

Ransomware 97

Threatpost

SEPTEMBER 14, 2020

The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.

Mobile 104

Mobile 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

SEPTEMBER 14, 2020

Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.

Ransomware 134

Ransomware Technology 134

Threatpost

SEPTEMBER 14, 2020

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.

VPN 76

VPN Government Hacking 76

Dark Reading

SEPTEMBER 14, 2020

The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.

Software 131

Software 131

Veracode Security

SEPTEMBER 14, 2020

It???s no secret that the rapid speed of modern software development means an increased likelihood of risky flaws and vulnerabilities in your code. Developers are working fast to hit tight deadlines and create innovative applications, but without the right security solutions integrated into your processes, it???s easy to hit security roadblocks or let flaws slip through the cracks.

Penetration Testing 64

Penetration Testing Software Education Risk 64

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

SEPTEMBER 14, 2020

With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.

Risk 125

Risk 125

Trend Micro

SEPTEMBER 14, 2020

Malicious actors have always taken advantage of big news to use as lures for socially engineered threats, but these events tend to be fairly short news cycles. When Covid-19 started making headlines in early 2020, we started seeing new threats using this in the attacks.

Social Engineering 52

Social Engineering Engineering Ransomware Malware 52

Dark Reading

SEPTEMBER 14, 2020

Pen-test results also show a majority of organizations have few protections against attackers already on the network.

98

98

NSTIC

SEPTEMBER 14, 2020

In July, NIST announced the third-round candidates for the Post Quantum Cryptography (PQC) Standardization Project, intended to determine the best algorithms to help form the first post-quantum cryptography standard. For decades, NIST has been actively involved in cryptography, and NIST mathematicians like Dr. Angela Robinson predict future quantum computers could break the current public-key cryptography tools.

41

41

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

SEPTEMBER 14, 2020

An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.

InfoSec 77

InfoSec CISO Cybersecurity 77

Security Affairs

SEPTEMBER 14, 2020

Thousands of Magento online stores have been hacked over the past few days as part of the largest ever skimming campaign. Security experts from cybersecurity firm Sansec reported that nearly 2,000 Magento online stores have been hacked over the past few days as part of the largest ever Magecart-style campaign. Most of the hacked sites were running Magento 1 version, but in some cases, the compromised stores were running Magento 2.

Hacking 97

Hacking Advertising Malware Software 97