Mon.Nov 23, 2020

article thumbnail

More on the Security of the 2020 US Election

Schneier on Security

Last week I signed on to two joint letters about the security of the 2020 election. The first was as one of 59 election security experts, basically saying that while the election seems to have been both secure and accurate (voter suppression notwithstanding), we still need to work to secure our election systems: We are aware of alarming assertions being made that the 2020 election was “rigged” by exploiting technical vulnerabilities.

article thumbnail

8 Ways to Protect Yourself against Scams on Black Friday and Cyber Monday

Adam Levin

The holidays are the most wonderful time of the year, especially for scammers. Consumers are typically spending more, doing it quickly and not paying as much attention to who they’re buying it from because of the rush. With the COVID-19 pandemic, many shoppers will make the bulk of their purchases online, which means this year’s Black Friday and Cyber Monday shopping frenzy could be riskier than usual.

Scams 239
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Indistinguishability Obfuscation

Schneier on Security

Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it had finally been achieved, based on a recently published paper. I want to add some caveats to the discussion. Basically, obfuscation makes a computer program “unintelligible” by performing its functionality.

article thumbnail

Malicious Google Play apps caught masquerading as Minecraft mods

Tech Republic Security

The Android apps promised Minecraft modifications but instead delivered intrusive ads aimed at kids and teenagers, says Kaspersky.

189
189
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Stencils and Sketch Books

Adam Shostack

We get many things from whiteboards. One of those is a sense of impermanence – that the work on them is a work in progress. That it’s a sketch, rather than a final product. And I missed whiteboards, so working with my partners at Agile Stationery, we created not only whiteboards, but also stencils to help you neaten up your threat models as you iterate through them.

article thumbnail

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

The U.S. FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

More Trending

article thumbnail

VMware discloses critical zero-day CVE-2020-4006 in Workspace One

Security Affairs

VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it. VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.

Hacking 130
article thumbnail

What Is an Incident Response Plan and How to Create One

CompTIA on Cybersecurity

Everyone should be prepared for a cyberattack. Developing an incident response plan and running a war gaming exercise gives employees the tools they need to respond quickly, mitigate the situation and return to business as usual.

123
123
article thumbnail

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

Threatpost

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.

130
130
article thumbnail

Hedge Fund Closes Down After Cyber Attack

SecureWorld News

We hear it all the time from the virtual stage of regional SecureWorld conferences: Cyber risk is business risk. Here is more evidence that a view like that is accurate. Hedge fund firm: profits way up before the cyberattack. Levitas Capital was making a killing. The firm's key hedge fund was up 20% in 2020 thanks to economic chaos happening around the globe.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

TikTok fixed security issues that could have led one-click account takeover

Security Affairs

TikTok has addressed a couple of security issues that could have been chained to led account takeover. . The first issue addressed by the social media platform is a reflected XSS security flaw that has been reported by the bug bounty hunter Muhammed “ milly ” Taskiran via the bug bounty platform HackerOne. The Cross-Site-Scripting flaw affected the company domains www.tiktok.com and m.tiktok.com and its exploitation could have lead to data exfiltration. “The researcher discover

article thumbnail

Analysis of Kinsing Malware's Use of Rootkit

Trend Micro

Several shell scripts accompany Kinsing. These shell scripts are responsible for downloading and installing, removing, and uninstalling various resource-intensive services and processes. This blog post focuses on the role of the rootkit component.

Malware 102
article thumbnail

Researchers show how to steal a Tesla Model X in a few minutes

Security Affairs

Boffins have demonstrated how to steal a Tesla Model X in a few minutes by exploiting vulnerabilities in the car’s keyless entry system. A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group at the KU Leuven University in Belgium has demonstrated how to steal a Tesla Model X in minutes by exploiting vulnerabilities in the car’s keyless entry system.

article thumbnail

As 'Anywhere Work' Evolves, Security Will Be Key Challenge

Dark Reading

Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Computer Security and Data Privacy, the perfect alliance

Security Affairs

Computer security and data privacy are often poorly considered issues, experts urge more awareness of cyber threats. Computer security and data privacy are often poorly considered issues until incidents occur and unfortunately sometimes even the very seriousness of the events, understood as virtual happenings, is not adequately perceived. An injection of digital culture is needed to increase awareness of the cyber threat in all its forms.

article thumbnail

Security flaws in smart doorbells may open the door to hackers

We Live Security

The peace of mind that comes with connected home security gear may be false – your smart doorbell may make an inviting target for unwanted visitors. The post Security flaws in smart doorbells may open the door to hackers appeared first on WeLiveSecurity.

article thumbnail

TA416 APT Rebounds With New PlugX Malware Variant

Threatpost

The TA416 APT has returned in spear phishing attacks against a range of victims - from the Vatican to diplomats in Africa - with a new Golang version of its PlugX malware loader.

Malware 96
article thumbnail

10 Undergraduate Security Degree Programs to Explore

Dark Reading

Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.

InfoSec 105
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

GoDaddy Employees Tricked into Compromising Cryptocurrency Sites

Threatpost

‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.

article thumbnail

Manchester United Suffers Cyberattack

Dark Reading

Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either.

102
102
article thumbnail

Spotify Users Hit with Rash of Account Takeovers

Threatpost

Users of the music streaming service were targeted by attackers using credential-stuffing approaches.

article thumbnail

Ransomware Grows Easier to Spread, Harder to Block

Dark Reading

Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

VMware fixed SD-WAN flaws that could allow hackers to target enterprise networks

Security Affairs

VMware addressed six vulnerabilities in its SD-WAN Orchestrator product that can potentially expose enterprise networks to hack. VMware last week addressed six vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002, CVE-2020-4003) in its SD-WAN Orchestrator product, including some issues that can be chained by an attacker to hijack traffic or shut down an enterprise network.

article thumbnail

Vote Now for 2020 Special Interest Group Projects

PCI perspectives

From now through 21 December 2020, PCI SSC Participating Organizations?are invited to vote on proposals for 2021 Special Interest Group (SIG) projects.??.

87
article thumbnail

Security Researchers Sound Alarm on Smart Doorbells

Dark Reading

A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.

Risk 138
article thumbnail

Manchester United: IT Systems Disrupted in Cyberattack

Threatpost

The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.

Malware 101
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Evidence-Based Trust Gets Black Hat Europe Spotlight

Dark Reading

An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.

101
101
article thumbnail

DEF CON® Kids: Preparing Them for the Future

Security Through Education

Image — courtesy of Social-Engineer. This year’s DEF CON ® 2020 Social Engineering Capture the Flag for Kids (SECTF4Kids) was a landmark event. With the COVID-19 pandemic, DEF CON ® announced that it would be going completely virtual. This meant we had to tackle the SECTF4Kids in a completely new environment. We would need to apply the same principles and encourage the same ideals, without ever coming face-to-face with our contestants.

article thumbnail

3 Steps CISOs Can Take to Convey Strategy for Budget Presentations

Dark Reading

Answering these questions will help CISOs define a plan and take the organization in a positive direction.

CISO 135
article thumbnail

FEITIAN + Duo Integration Supports the Broadest Range of MFA Options

Duo's Security Blog

Users have left the building, and it's up to your security team to make sure they are protected on any device, wherever and whenever they choose to work. Remote workers need secure access to their applications and critical resources, whether they reside in the public cloud or on-premises behind perimeter security. Did you know that 81% of breaches involve compromised credentials?

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.