Krebs on Security

OCTOBER 7, 2020

September featured two stories on a phony tech investor named John Bernard , a pseudonym used by a convicted thief named John Clifton Davies who’s fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips from Davies’ victims that paint a much clearer picture of this serial con man and his cohorts, including allegations of hacking, smuggling, bank fraud and murder.

Banking 235

Banking Scams Government Advertising 235

Tech Republic Security

OCTOBER 7, 2020

A survey of business leaders by PwC finds the pandemic is causing rapid changes in the roles CISOs play, and offers five tips for ensuring that security remains stable as we enter a new normal.

CISO 218

CISO 218

Schneier on Security

OCTOBER 7, 2020

A good rundown.

Engineering 348

Engineering 348

Tech Republic Security

OCTOBER 7, 2020

Freezing your child's credit is one way to stop cybercriminals from stealing their identity. But you have to be careful to keep the key to thaw it later.

Identity Theft 217

Identity Theft Cybersecurity 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Anton on Security

OCTOBER 7, 2020

While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so hard for so many organizations today? We can trace the “cyber” threat detection to 1986 ( “Cuckoo’s Egg” ) and 1987 ( first IDS ) and perhaps even earlier events (like viruses of the early 1980s). This means we are “celebrating” ~35 years of cyber threat detection.

Threat Detection 130

Threat Detection Cyber threats Technology Security Awareness 130

Tech Republic Security

OCTOBER 7, 2020

The phishing page tries to obtain email credentials, Social Security numbers, driver's license numbers, and tax numbers, says Armorblox.

Phishing 218

Phishing 218

Tech Republic Security

OCTOBER 7, 2020

Remote work will lead to more phishing attacks and threats to accounting and marketing departments, according to IT security managers.

Marketing 217

Marketing Phishing Accountability 217

Security Affairs

OCTOBER 7, 2020

An unidentified group of hackers is using a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER). Malwarebytes researchers Hossein Jazi and Jérôme Segura have documented a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER) service. The hacking technique was employed by an unidentified hacking group to avoid detection. “On September 17th, we discovered a new attack called Kraken that injected

Advertising 128

Advertising Hacking Manufacturing Phishing 128

Tech Republic Security

OCTOBER 7, 2020

Bad actors use machine learning to break passwords more quickly and build malware that knows how to hide, experts warn.

Artificial Intelligence 218

Artificial Intelligence Cybersecurity Passwords Malware 218

Security Affairs

OCTOBER 7, 2020

A new botnet, tracked as HEH, discovered botnet implements a disk-wiping feature that allows it to wipe all data from the infected systems. Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected systems, such as routers, IoT devices, and servers.

Architecture 123

Architecture IoT Malware Advertising 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

OCTOBER 7, 2020

Freezing your child's credit is one way to stop cybercriminals from destroying their credit. But you have to be careful to keep the key to thaw it later.

Identity Theft 148

Identity Theft Cybersecurity 148

Security Affairs

OCTOBER 7, 2020

Earlier this year, Indonesia joined the ranks with the first four ASEAN countries including Malaysia, Singapore, Philippines and Thailand to have enacted laws relating to personal data protection. On January 28th, Indonesia’s Ministry of Communication and Information Technology announced that the final draft for the Personal Data Protection Act has been submitted to the president of Indonesia.

Data privacy 104

Data privacy Computers and Electronics Government VPN 104

Threatpost

OCTOBER 7, 2020

The upcoming deadlines for applying for coronavirus relief are the lure for a phish that gets around email security gateways by using a legitimate SharePoint page for data-harvesting.

Phishing 103

Phishing Scams 103

Trend Micro

OCTOBER 7, 2020

In this article, we feature data gathered from our continuous monitoring of C&C servers of botnets such as Mirai and Bashlite. We also share how this data is used to bolster the protection of IoT devices.

IoT 98

IoT Cyber threats 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

OCTOBER 7, 2020

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users.

Passwords 120

Passwords Encryption 120

Dark Reading

OCTOBER 7, 2020

The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

Cybersecurity 96

Cybersecurity 96

Threatpost

OCTOBER 7, 2020

Researchers disclosed the 'WarezTheRemote' attack, affecting Comcast's XR11 voice remote control.

Hacking 126

Hacking Internet Internet IoT 126

Dark Reading

OCTOBER 7, 2020

Cyber-threat intelligence groups need to more often investigate their organization's specific threats and better integrate with other business groups, experts say.

Cyber threats 97

Cyber threats 97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

OCTOBER 7, 2020

The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0215 and CVE-2020-0416).

Media 112

Media 112

Tech Republic Security

OCTOBER 7, 2020

The new platform will allow developers to leverage Okta's SSO technology to build branded biometric authentication for iOS and Android apps.

Authentication 83

Authentication Technology 83

Threatpost

OCTOBER 7, 2020

Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia.

Phishing 98

Phishing Malware Spyware Government 98

Tech Republic Security

OCTOBER 7, 2020

Could your cable TV device spy on you? Vulnerability found and patched in Comcast TV remote.

103

103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

OCTOBER 7, 2020

CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities.

Phishing 98

Phishing Government Mobile Ransomware 98

Dark Reading

OCTOBER 7, 2020

As long as a community is strong, so will be the intelligence it shares on open source feeds. But if that community breaks down.

123

123

Threatpost

OCTOBER 7, 2020

Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns.

Phishing 87

Phishing Hacking 87

Dark Reading

OCTOBER 7, 2020

Researchers say the cyber espionage group was involved in several attacks against government officials and businesses in the Middle East and South Asia.

Government 83

Government 83

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Google Security

OCTOBER 7, 2020

Posted by Yang Lu, Software Engineer, Angana Ghosh, Group Product Manager, and Xu Liu, Director of Engineering, Gboard team Google Keyboard (a.k.a Gboard) has a critical mission to provide frictionless input on Android to empower users to communicate accurately and express themselves effortlessly. In order to accomplish this mission, Gboard must also protect users' private and sensitive data.

Engineering 76

Engineering Encryption Technology Software 76

Dark Reading

OCTOBER 7, 2020

Latest threat is one in a growing list of malware developed in the Go programming language.

Malware 107

Malware 107

WIRED Threat Level

OCTOBER 7, 2020

The latest Gboard feature needs to know as much as possible about your digital life to work—but doesn't share that data with Google.

80

80

Dark Reading

OCTOBER 7, 2020

Second-ever sighting of a firmware exploit in the wild is a grim reminder of the dangers of these mostly invisible attacks.

Firmware 91

Firmware 91

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.