Troy Hunt

OCTOBER 15, 2020

You know how some people are what you'd call "house proud" in that they like everything very neat and organised? You walk in there and everything is in its place, nice and clean without clutter. I'm what you'd call "network proud" and the same principle applies to how I manage my IP things: That's just a slice of my Ubiquiti network map which presently has 91 IP addresses on it between clients and network devices.

IoT 356

IoT Risk 356

Schneier on Security

OCTOBER 15, 2020

Earlier this month, we learned that someone is disrupting the TrickBot botnet network. Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Telecommunications 269

Telecommunications Internet Internet Malware 269

Tech Republic Security

OCTOBER 15, 2020

All the organizations that contacted security provider Radware after receiving an extortion letter were hit by Distributed Denial of Service attacks.

DDOS 167

DDOS Ransomware 167

Security Affairs

OCTOBER 15, 2020

The Egregor ransomware gang has hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft. A previously unknown ransomware gang dubbed Egregor has hit the game developer Crytek and leaked files allegedly stolen from the internal network of another leading gaming firm, Ubisoft. Breaking: new #Sekhmet #Ransomware (spin-off?

Ransomware 133

Ransomware Advertising Phishing Media 133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 15, 2020

Cybersecurity professionals largely embrace automation, but half of younger employees worry that technology could make their roles obsolete, according to a new survey by Exabeam.

Cybersecurity 142

Cybersecurity Technology 142

Dark Reading

OCTOBER 15, 2020

New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.

Financial Services 125

Financial Services Hacking Media Cybersecurity 125

Security Affairs

OCTOBER 15, 2020

Puerto Rico’s firefighting department discloses a security breach, hackers breached its database and demanded $600,000. Puerto Rico’s firefighting department discloses a security breach, hackers breached its database and demanded a $600,000 ransom. According to the department’s director, Alberto Cruz, the ability of the department to respond to emergencies was not impacted by the attack.

Advertising 113

Advertising Encryption Hacking Information Security 113

WIRED Threat Level

OCTOBER 15, 2020

In an interview with WIRED, dean of the Columbia Journalism School Steve Coll says the media has learned some important lessons since 2016 about covering stolen email leaks.

Media 105

Media 105

Security Affairs

OCTOBER 15, 2020

U.S. Bookstore giant Barnes & Noble has disclosed a cyber attack and that the threat actors have exposed the customers’ data. Barnes & Noble, Inc. , is an American bookseller with the largest number of retail outlets in the United States in fifty states. The bookseller also operated the Nook Digital, which is a spin-off division that sells eBook and e-Reader platform.

Cyber Attacks 112

Cyber Attacks VPN Backups Ransomware 112

Threatpost

OCTOBER 15, 2020

Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.

Ransomware 114

Ransomware Malware Hacking 114

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

OCTOBER 15, 2020

Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity.

Accountability 108

Accountability 108

Threatpost

OCTOBER 15, 2020

Customers' lists of book purchases along with email addresses and more could have been exposed -- and that's a problem.

Hacking 125

Hacking Data breaches Phishing 125

SecureWorld News

OCTOBER 15, 2020

At the beginning of the COVID-19 pandemic, Zoom became an essential tool for co-workers and friends alike. As the platform exploded in popularity, questions about the security grew as well. The company claimed to have end to end encryption, when in reality it did not. SecureWorld has previously covered this topic and other security concerns that came to light as the company became both a savior and a suspect in the race to remote work.

Encryption 100

Encryption Mobile Accountability CISO 100

Security Affairs

OCTOBER 15, 2020

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. The new E2EE feature will be made available for both paid and free accounts. “We’re excited to announce that starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means

Encryption 100

Encryption Advertising Accountability Hacking 100

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SecureWorld News

OCTOBER 15, 2020

In our exclusive Behind the Scenes interview series, we take a deeper look at a topic that is relevant to the information security community. Today's conversation answers this question: How can threat intelligence strengthen security awareness? We're speaking with Sherrod DeGrippo, Sr. Director of Threat Research and Detection at Proofpoint, and Robert Shields, CISSP, also of Proofpoint.

Security Awareness 98

Security Awareness Social Engineering CISO Engineering 98

Dark Reading

OCTOBER 15, 2020

Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.

122

122

Threatpost

OCTOBER 15, 2020

After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.

Encryption 103

Encryption Marketing 103

Dark Reading

OCTOBER 15, 2020

Cybercriminal team previously associated with point-of-sale malware and data theft has now moved almost completely into the more lucrative crimes of ransomware and extortion.

Cybercrime 115

Cybercrime Ransomware Malware 115

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

OCTOBER 15, 2020

In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.

Scams 96

Scams Phishing Cybersecurity 96

Dark Reading

OCTOBER 15, 2020

Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.

Technology 94

Technology 94

ImmuniWeb

OCTOBER 15, 2020

The data-driven and risk-based approach prevents insufficient or incomplete testing, and precludes excessive or redundant testing by leveraging award-winning Machine Learning technology.

Penetration Testing 73

Penetration Testing Technology Risk 73

Dark Reading

OCTOBER 15, 2020

We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.

74

74

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

OCTOBER 15, 2020

Companies that use Broadvoice's cloud-based VoIP platform may find their patients, customers, suppliers and partners to be impacted by a massive data exposure.

Data collection 75

Data collection Data breaches 75

Dark Reading

OCTOBER 15, 2020

Famed bookseller says non-financial data was exposed in a new attack.

Data breaches 98

Data breaches 98

Spinone

OCTOBER 15, 2020

What is cybersecurity automation? Cybersecurity automation is the set of software tools that run critical cybersecurity operations of a company with minimal human involvement. They usually use playbooks created by the organization’s security teams. The automated operations include the management of: cyber vulnerabilities: detection assessment removal cyber threats: identification estimation protection cyber incidents: prevention detection […] The post Cybersecurity Automation: Defini

Cybersecurity 52

Cybersecurity Cyber threats Software 52

eSecurity Planet

OCTOBER 15, 2020

An eye-opening exercise at Apple showed the value of human security testers in addition to tools - and the value of bug bounty programs too.

Hacking 55

Hacking 55

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Trend Micro

OCTOBER 15, 2020

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Hacking 40

Hacking Cybersecurity Media Malware 40

Krebs on Security

OCTOBER 15, 2020

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country. An ad on the popular carding site Joker’s Stash for “BlazingSun,” which fraud experts have traced back to a card breach at Dickey’s BBQ.

Data breaches 343

Data breaches Cybercrime Retail Banking 343

Spinone

OCTOBER 15, 2020

What is cybersecurity automation? Cybersecurity automation is the set of software tools that run critical cybersecurity operations of a company with minimal human involvement. They usually use playbooks created by the organization’s security teams. The automated operations include the management of: cyber vulnerabilities: detection assessment removal cyber threats: identification estimation protection cyber incidents: prevention detection investigation analysis elimination recovery Types o

Cybersecurity 52

Cybersecurity Marketing Antivirus Ransomware 52

SecureWorld News

OCTOBER 15, 2020

It was the summer cyberattack that had social media buzzing. A group of teenagers used social engineering to breach Twitter's network and take over the accounts of a whole bunch of A-listers. People like Barack Obama, Bill Gates, Kim Kardashian West, Jeff Bezos, and Elon Musk were suddenly tweeting about a can't miss double your bitcoin opportunity, that was really a scam.

Social Engineering 94

Social Engineering Media Scams Financial Services 94

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.