Schneier on Security

JANUARY 14, 2021

Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location. […].

Software 325

Software 325

Tech Republic Security

JANUARY 14, 2021

Such attacks often occur when employees work remotely and use a mixture of personal and business devices to access cloud services.

Government 203

Government 203

Schneier on Security

JANUARY 14, 2021

This is a current list of where and when I am scheduled to speak: I’m speaking (online) as part of Western Washington University’s Internet Studies Lecture Series on January 20, 2021. I’m speaking at ITY Denmark on February 2, 2021. Details to come. I’m being interviewed by Keith Cronin as part of The Center for Innovation, Security, and New Technology’s CSINT Conversations series, February 10, 2021 from 11:00 AM – 11:30 AM CST.

Internet 189

Internet Internet Technology 189

Tech Republic Security

JANUARY 14, 2021

The threat of loss of an entire company from a cyberattack is real. Technology and user education help, but not enough.

Education 140

Education Technology 140

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JANUARY 14, 2021

A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716 , that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Manager is a secure, flexible, high-performance access management proxy solution that delivers unified global access control for your users, devic

Technology 122

Technology Passwords Malware Hacking 122

Threatpost

JANUARY 14, 2021

CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted.

Government 135

Government 135

Security Affairs

JANUARY 14, 2021

Capcom revealed that the recent ransomware attack has potentially impacted 390,000 people, an increase of approximately 40,000 people from the previous report. In November, Japanese game developer Capcom admitted to have suffered a cyberattack that is impacting business operations. The company has developed multiple multi-million-selling game franchises, including Street Fighter, Mega Man, Darkstalkers, Resident Evil, Devil May Cry, Onimusha, Dino Crisis, Dead Rising, Sengoku Basara, Ghosts ‘

Ransomware 108

Ransomware Data privacy Hacking Malware 108

Threatpost

JANUARY 14, 2021

The optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns.

Encryption 110

Encryption Hacking 110

Tech Republic Security

JANUARY 14, 2021

If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal.

102

102

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. The attacks aimed at government institutions and private companies, most of them in the energy and metallurgical sectors.

Malware 102

Malware Surveillance Phishing Government 102

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

JANUARY 14, 2021

Your ‘networked computer on wheels’ has a privacy problem – when it comes to your data, you may not really be in the driver’s seat. The post CES 2021: Car spying – your insurance company is watching you appeared first on WeLiveSecurity.

Insurance 101

Insurance 101

Security Affairs

JANUARY 14, 2021

The US CISA revealed that several recent successful cyberattacks against various organizations’ cloud services. . The Cybersecurity and Infrastructure Security Agency (CISA) announced that several recent successful cyberattacks hit various organizations’ cloud services. According to the agency, the attackers conducted phishing campaigns and exploited poor cyber hygiene practices of the victims in the management of cloud services configuration.

Accountability 101

Accountability Phishing Authentication Passwords 101

Thales Cloud Protection & Licensing

JANUARY 14, 2021

Thales Security Sessions Podcast 3 - The Digital Identity Challenge. madhav. Fri, 01/15/2021 - 05:54. “Do you know who I am?”. Remember the early days of Identity and Access Management (IAM), when you knew who was accessing your network at all times? The pandemic has stressed this security model to a point that is damaging productivity. Due to remote work arrangements, Virtual Private Networks (VPNs) are becoming unexpectedly overloaded, forcing some companies to relax their security requirement

Artificial Intelligence 93

Artificial Intelligence Technology Authentication Risk 93

The State of Security

JANUARY 14, 2021

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks. Read more in my article on the Tripwire State of Security blog.

Authentication 89

Authentication Accountability Cybersecurity Phishing 89

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Digital Shadows

JANUARY 14, 2021

Note: This blog is part of our ongoing coverage of the virus’s impact on the cyber threat intelligence landscape. You. The post Targets and Predictions for the COVID-19 Threat Landscape first appeared on Digital Shadows.

Cyber threats 84

Cyber threats Cybercrime 84

Security Affairs

JANUARY 14, 2021

Cisco addressed tens of high-severity flaws, including some flaws in the AnyConnect Secure Mobility Client and in its small business routers. This week Cisco released security updates to address 67 high-severity vulnerabilities, including issues affecting Cisco’s AnyConnect Secure Mobility Client and small business routers (i.e. Cisco RV110W, RV130, RV130W, and RV215W).

Software 76

Software Small Business Mobile Authentication 76

Threatpost

JANUARY 14, 2021

Facebook has sued two Chrome devs for scraping user profile data - including names, user IDs and more.

99

99

GlobalSign

JANUARY 14, 2021

According to the 2020 State of the Cloud Report from Flexera, 93% of enterprises have a multi-cloud strategy. As the number, complexity, and sophistication of cloud infrastructures has increased, securing them has become a challenge for IT teams.

67

67

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

JANUARY 14, 2021

Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.

Internet 86

Internet Internet Government 86

Dark Reading

JANUARY 14, 2021

Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.

Government 82

Government 82

Threatpost

JANUARY 14, 2021

The cybercriminal service has scammed victims out of $6.5 million and continues to spread on Telegram.

Scams 92

Scams Hacking 92

Dark Reading

JANUARY 14, 2021

Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.

111

111

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

JANUARY 14, 2021

Russian-speaking scammers started targeting users of European marketplaces and classifieds is a criminal scheme dubbed Classiscam. Group-IB , a global threat hunting and and adversary-centric cyber intelligence company, has discovered that Russian-speaking scammers started targeting users of European marketplaces and classifieds. The scheme, dubbed Classiscam by Group-IB, is an automated scam as a service designed to steal money and payment data.

Scams 59

Scams Phishing Risk Accountability 59

SecureWorld News

JANUARY 14, 2021

For most people, the dark web is quite a mysterious place. It is generally hidden from view, users are anonymized and cyber criminals buy and sell an incredible range of illegal things. Recently, one of the world's largest illegal marketplaces on the dark web, called DarkMarket, was taken offline due to an international operation. The countries involved in the operation include the US, the UK, Germany, Australia, Denmark, Moldova, and Ukraine.

Marketing 59

Marketing Cybercrime Malware Cybersecurity 59

Graham Cluley

JANUARY 14, 2021

Graham Cluley Security News is sponsored this week by the folks at Orca Security. Thanks to the great team there for their support! You’re probably familiar with the shared responsibility model. The basic idea is that public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) keep their platforms … Continue reading "Orca Security public cloud security report reveals how most large cloud breaches happen".

59

59

Dark Reading

JANUARY 14, 2021

Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.

103

103

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Graham Cluley

JANUARY 14, 2021

Penile penal problems, identifying rioters in Washington DC, and can a sticker protect you from radiation? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. And don't miss our featured interview with CrowdSec's Philippe Humeau.

Ransomware 55

Ransomware IoT Malware 55

SecureWorld News

JANUARY 14, 2021

The European Medicines Agency (EMA) just shared new details about its December cyberattack. The attack compromised data and documents of companies who were candidates for the Pfizer and BioNTech COVID-19 vaccine. SecureWorld previously reported on this attack , where you can find more information. Now, let's look at what is new. EMA update on cyberattack.

Data breaches 52

Data breaches Internet Internet Cyber Attacks 52

Dark Reading

JANUARY 14, 2021

Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.

DNS 90

DNS 90

Spinone

JANUARY 14, 2021

Understanding Google’s data retention policy helps you to manage your data efficiently and prevent it from being lost. In this article, we’ll take a look at data retention across various Google services and how to use it productively. You’ll also learn about the user’s account data retention and preservation of former employees’ data in Google Workspace.

Accountability 52

Accountability Data preservation Backups 52

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.