Adam Levin

OCTOBER 16, 2020

Barnes & Noble has confirmed a data breach following a cyberattack that took many of their services offline. . The bookseller sent an email to customers notifying them that their personal information had been exposed, but that their financial information had not been compromised. . “While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if yo

Data breaches 286

Data breaches VPN Passwords Accountability 286

Troy Hunt

OCTOBER 16, 2020

The week's update comes on the back of a very long week for me, but it's good to be "out there" speaking at events even if they are just from the comfort of my own home. There's also more adventures in IoT, Chrome's experiment with URL paths in their omnibox and Apple messing around with MAC addresses on my phone and watch. Oh - and I did manage to track down what my favourite Norwegian beer is following a question from the audience: I was asked about my favourite Norwegian beer during my live s

Wireless 171

Wireless IoT 171

Tech Republic Security

OCTOBER 16, 2020

If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.

200

200

Dark Reading

OCTOBER 16, 2020

Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).

131

131

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 16, 2020

Teaching via Zoom has had some unexpected benefits, college professor says, though robotics class is still a challenge. Her real passion is inspiring young women and girls to go into computer science.

Cybersecurity 188

Cybersecurity 188

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. “A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious reque

VPN 123

VPN Firewall Advertising Internet 123

Security Affairs

OCTOBER 16, 2020

Dickey’s Barbecue Pit, the largest barbecue restaurant chain in the US, suffered a POS breach, card details for 3 Million customers were posted online. Dickey’s Barbecue Pit is a family-owned American barbecue restaurant chain, the company suffered a POS breach and card details of more than three million customers have been posted on the carding portal Joker’s Stash.

Advertising 113

Advertising Banking Authentication Malware 113

Tech Republic Security

OCTOBER 16, 2020

Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.

139

139

Security Affairs

OCTOBER 16, 2020

Britain’s information commissioner has fined British Airways 20 million pounds for the 2018 hack that exposed data of 400,000 customers. In September 2018, British Airways suffered a data breach that exposed the personal information of 400,000 customers. The hackers potentially accessed the personal data of approximately 429,612 customers and staff.

Hacking 112

Hacking Data breaches Advertising Information Security 112

Tech Republic Security

OCTOBER 16, 2020

Analysts point to specific clues from the company's response that show it may have been a ransomware attack.

Ransomware 181

Ransomware 181

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

OCTOBER 16, 2020

Adobe released a series of out-of-band security fixes to address multiple Magento vulnerabilities that lead to code execution, customer list tampering. Adobe has released a series of out-of-band security fixes to address multiple Magento vulnerabilities that lead to code execution, customer list tampering. Eight of the vulnerabilities are considered either critical or important, only one is considered a moderate-severity flaw.

Advertising 104

Advertising Hacking Information Security Malware 104

Tech Republic Security

OCTOBER 16, 2020

Dr. David Brumley, a professor at Carnegie Mellon University and CEO of ForAllSecure, explains what Fuzzing is and how companies can use it to improve application security and speed up their software development life cycle.

Software 132

Software 132

Dark Reading

OCTOBER 16, 2020

Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).

104

104

Tech Republic Security

OCTOBER 16, 2020

Learn how to use Apple's Privacy Report in Safari so you can see which websites attempted to track you on your iPhone or iPad.

Mobile 145

Mobile 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

OCTOBER 16, 2020

The Google Cloud team revealed that in September 2017 it has mitigated DDoS attack that reached 2.54 Tbps, the largest DDoS attack of ever. The Google Cloud team revealed that back in September 2017 it has mitigated a powerful DDoS attack that clocked at 2.54 Tbps. This attack is the largest distributed denial of service attack recorded to date. “Our infrastructure absorbed a 2.5 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilized multiple methods of attac

DDOS 100

DDOS DNS Advertising Engineering 100

Tech Republic Security

OCTOBER 16, 2020

Teaching students around the world has become easier, thanks to Zoom classes, one college professor says. She's still trying to find a way to teach robotics, though.

Cybersecurity 97

Cybersecurity 97

Threatpost

OCTOBER 16, 2020

The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.

Hacking 118

Hacking 118

Tech Republic Security

OCTOBER 16, 2020

Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuss testing, is and how you can use it to improve application security and speed up your software development.

Software 89

Software 89

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Approachable Cyber Threats

OCTOBER 16, 2020

Category Awareness, Vulnerabilities. Risk Level. Back in June, the Department of Homeland Security (DHS) issued an advisory that married together two of today’s major cybersecurity concerns: remote access technology and ransomware. While we talked about the possibility of this in another ACT post , DHS has now confirmed that they are seeing this unholy union occurring in the wild.

Ransomware 98

Ransomware VPN Internet Internet 98

SecureWorld News

OCTOBER 16, 2020

This week, the U.K.'s Information Commissioner's Office (ICO) made the decision to fine British Airways £20 million for failing to protect the personal and financial details of more than 400,000 customers. British Airways fails in cybersecurity. An investigation conducted by the ICO concluded that British Airways (BA) was processing a very large amount of personal data without proper security measures in place.

Cyber Attacks 98

Cyber Attacks Cybersecurity Authentication Accountability 98

Threatpost

OCTOBER 16, 2020

After cybercriminals smoked out 3 million compromised payment cards on the Joker’s Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.

Retail 95

Retail Data breaches Hacking 95

Dark Reading

OCTOBER 16, 2020

Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.

Cybercrime 118

Cybercrime 118

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

OCTOBER 16, 2020

Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.

Phishing 93

Phishing Malware 93

WIRED Threat Level

OCTOBER 16, 2020

Nice looking website you've got there. It'd be a shame if someone DDoS'd it.

Hacking 121

Hacking 121

Dark Reading

OCTOBER 16, 2020

Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.

Cybersecurity 116

Cybersecurity 116

WIRED Threat Level

OCTOBER 16, 2020

The company’s flip-flopping on the policy after banning a shady New York Post story highlights the challenges facing social media in 2020.

Hacking 89

Hacking Media 89

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

OCTOBER 16, 2020

The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.

92

92

Threatpost

OCTOBER 16, 2020

The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.

87

87

Security Affairs

OCTOBER 16, 2020

Juniper Networks has addressed tens of vulnerabilities, including serious flaws that can be exploited to take over vulnerable systems. Juniper Networks has addressed tens of vulnerabilities, including serious issues that can be exploited to take control of vulnerable systems. The vendor has published 40 security advisories related to security vulnerabilities in the Junos OS operating system that runs on Juniper’s firewalls and other third-party components.

Authentication 69

Authentication Advertising Firewall Hacking 69

Dark Reading

OCTOBER 16, 2020

At least three campaigns are now underway.

Phishing 122

Phishing 122

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.