Schneier on Security

NOVEMBER 4, 2020

Accuracy isn’t great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants. Specifically, they focused on the movement of their shoulders and arms to extrapolate the actions of their fingers as they typed.

Data collection 350

Data collection Software 350

Krebs on Security

NOVEMBER 4, 2020

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data publi

Ransomware 338

Ransomware Backups Data breaches Encryption 338

Adam Levin

NOVEMBER 4, 2020

The infamous Maze ransomware gang has announced they will cease operations, effective immediately. . On November 1, the hacking group behind several high profile ransomware attacks in 2020 issued a rambling press release, riddled with spelling errors, on the dark web announcing, “it is officially closed.”. “All the links to out [sic] project, using of our brand, our work methods should be considered to be a scam,” the announcement stated.

Ransomware 168

Ransomware Scams Hacking Malware 168

Tech Republic Security

NOVEMBER 4, 2020

As Americans anxiously await clarity regarding final voting counts and results of yesterday's election, a new report found 26% of US consumers correlate who will win with how much they'll spend.

159

159

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Shostack

NOVEMBER 4, 2020

I posted this image in 2004. It’s even more relevant now. While we have a country that is clearly divided, the dividing lines are not so neat as the maps showing states going one way or the other.

130

130

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. Someone has transferred almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet to another wallet.

Cryptocurrency 134

Cryptocurrency Passwords Advertising Hacking 134

Security Affairs

NOVEMBER 4, 2020

The source code for the KPot information stealer was put up for auction and the REvil ransomware operators want to acquire it. The authors of KPot information stealer have put its source code up for auction , and the REvil ransomware operators will likely be the only group to bid. #KPOT source code up for sale! pic.twitter.com/fJ3BwlaHsR — ??????

Ransomware 134

Ransomware Malware Advertising Cybercrime 134

Threatpost

NOVEMBER 4, 2020

Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal.

Passwords 127

Passwords Data breaches Phishing 127

Security Affairs

NOVEMBER 4, 2020

Japanese video game developer and publisher Capcom has disclosed a cyberattack that impacted business operations over the weekend. Japanese game developer Capcom has admitted to have suffered a cyberattack over the weekend that is impacting business operations. The company has developed multiple multi-million-selling game franchises, including Street Fighter, Mega Man, Darkstalkers, Resident Evil, Devil May Cry, Onimusha, Dino Crisis, Dead Rising, Sengoku Basara, Ghosts ‘n Goblins, Monster

Advertising 123

Advertising Ransomware Cyber Attacks Malware 123

WIRED Threat Level

NOVEMBER 4, 2020

Ballot measures were approved in California to restrict commercial use of user data and in Michigan to require warrants for searches of electronic information.

110

110

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

NOVEMBER 4, 2020

Cisco disclosed a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software and the availability of PoC exploit code. Cisco has disclosed a zero-day vulnerability, tracked as CVE-2020-3556, in the Cisco AnyConnect Secure Mobility Client software with the public availability of a proof-of-concept exploit code. The CVE-2020-3556 flaw resided in the interprocess communication (IPC) channel of Cisco AnyConnect Client, it can be exploited by authenticated and local attackers to e

Mobile 118

Mobile Authentication Advertising Software 118

Threatpost

NOVEMBER 4, 2020

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.

Phishing 115

Phishing Mobile 115

Security Affairs

NOVEMBER 4, 2020

Cyber Defense Magazine November 2020 Edition has arrived. We hope you enjoy this month’s edition…packed with over 150 pages of excellent content. 150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.

InfoSec 112

InfoSec DNS Advertising Marketing 112

Threatpost

NOVEMBER 4, 2020

Pilot program again sparks privacy fears from ACLU as Amazon takes its partnership with law enforcement to the next level.

Surveillance 120

Surveillance 120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

NOVEMBER 4, 2020

Toymaker giant Mattel disclosed a ransomware attack, the incident took place in July and impacted some of its business operations. Toy industry giant Mattel announced that it has suffered a ransomware attack that took place on July 28th, 2020, and impacted some of its business operations. The good news that the company excluded the theft of internal information.

Ransomware 102

Ransomware Retail Advertising Malware 102

Dark Reading

NOVEMBER 4, 2020

Organizations that update business models to include cybersecurity as part of a strategic planning process may be able to better withstand unexpected disruptions.

Cybersecurity 106

Cybersecurity 106

Threatpost

NOVEMBER 4, 2020

A previous fix for the critical remote code execution bug was "incomplete," according to VMware.

126

126

Dark Reading

NOVEMBER 4, 2020

Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say.

Software 140

Software 140

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

NOVEMBER 4, 2020

APT cloaks identity using script-kiddie messages and advanced deployment and targeting techniques.

Government 123

Government Malware Hacking 123

Dark Reading

NOVEMBER 4, 2020

The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.

103

103

Threatpost

NOVEMBER 4, 2020

Financial disclosure filings describe a ransomware attack that delivered a weak punch.

Ransomware 128

Ransomware Malware Hacking 128

SecureWorld News

NOVEMBER 4, 2020

Planning and supporting identity management growth with reliable and sustainable infrastructure is in some ways like working with an iceberg. What you see above the water line is the level of systems integrated into the identity and access management, or IAM, which drives your business. Underneath the water are all the systems and applications, manual tasks, configurations, and processes that can put organizations at risk.

Risk 85

Risk Accountability Government Cybersecurity 85

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

NOVEMBER 4, 2020

After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.

Hacking 107

Hacking 107

WIRED Threat Level

NOVEMBER 4, 2020

Take a deep breath and enjoy democracy at work.

128

128

Dark Reading

NOVEMBER 4, 2020

The Houston-based PAS Global will operate as part of Hexagon's PPM (formerly Intergraph Process, Power & Marine) division.

93

93

Thales Cloud Protection & Licensing

NOVEMBER 4, 2020

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment. sparsh. Thu, 11/05/2020 - 06:52. Companies and organizations, whether in the public or in the private sector, are re-establishing their business in the era of information and data revolution. Labelled Industry 4.0, businesses are taking advantage of digital technologies like cloud, mobile, and IoT to digitally transform their operations.

Financial Services 62

Financial Services Mobile Digital transformation Encryption 62

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

NOVEMBER 4, 2020

According to Code42’s Data Exposure Report, 63% of employees say they brought data with them from their previous employer to their current employer.

Risk 74

Risk 74

Dark Reading

NOVEMBER 4, 2020

Several organizations that paid a ransom to keep attackers from releasing stolen data saw it leaked anyway, according to Coveware.

85

85

InfoWorld on Security

NOVEMBER 4, 2020

Looking to bring security and compliance analytics to devops , IBM has added its Code Risk Analyzer capability to its IBM Cloud Continuous Delivery service. Code Risk Analyzer is described by IBM as a security measure that can be configured to run at the start of a developer’s code pipeline, analyzing and reviewing Git repositories to discover issues with open source code.

Risk 64

Risk Software Cybersecurity 64

IT Security Central

NOVEMBER 4, 2020

The COVID-19 pandemic has increased the already-robust adoption rates for employee monitoring software. Prominent publications, including The Washington Post and The New York Times, have reported on this trend, and they have documented employees’ general unease about the practice. Indeed, even before employees were relegated to their homes, many were uncomfortable with the idea of invasive and unbridled […].

Software 69

Software Threat Detection Data privacy 69

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.