Krebs on Security

OCTOBER 22, 2020

Some of the world’s largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Nevada-based web hosting company owned by 8chan’s current figurehead and the California firm that provides its sole connection to the Inte

Internet 262

Internet Internet Technology DDOS 262

Threatpost

OCTOBER 22, 2020

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.

Phishing 141

Phishing Hacking 141

Tech Republic Security

OCTOBER 22, 2020

Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.

154

154

Dark Reading

OCTOBER 22, 2020

While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.

Cybersecurity 122

Cybersecurity Marketing 122

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

OCTOBER 22, 2020

VMware patched several flaws in its ESXi, Workstation, Fusion and NSX-T products, including a critical code execution vulnerability. VMware has fixed several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution. The critical vulnerability, tracked as CVE-2020-3992, is a use-after-free issue that affects the OpenSLP service in ESXi.

Advertising 105

Advertising Hacking Technology Information Security 105

Dark Reading

OCTOBER 22, 2020

With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.

98

98

Dark Reading

OCTOBER 22, 2020

KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.

133

133

WIRED Threat Level

OCTOBER 22, 2020

In an interview with WIRED, Facebook's chief privacy officers argue that the company has turned a corner. Again.

114

114

Security Affairs

OCTOBER 22, 2020

Taiwanese vendor QNAP published an advisory to warn customers that certain versions of its NAS OS (QTS) are affected by the Zerologon vulnerability. The Taiwanese vendor QNAP has published an advisory to warn customers that certain versions of the operating system for its network-attached storage (NAS) devices, also known as of QTS, are affected by the Zerologon vulnerability ( CVE-2020-1472 ).

Authentication 82

Authentication Advertising Architecture Cybercrime 82

WIRED Threat Level

OCTOBER 22, 2020

From targeted misinformation to manipulated data, these are the cybersecurity concerns election officials worry about most.

Cyber threats 99

Cyber threats Cybersecurity 99

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

OCTOBER 22, 2020

Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says

Mobile 114

Mobile 114

Security Affairs

OCTOBER 22, 2020

The Council of the European Union announced sanctions imposed on Russian military intelligence officers for 2015 Bundestag hack. The Council of the European Union announced sanctions imposed on Russian military intelligence officers, belonging to the 85th Main Centre for Special Services (GTsSS), for their role in the 2015 attack on the German Federal Parliament (Deutscher Bundestag).

Hacking 74

Hacking Cyber Attacks Identity Theft Government 74

Threatpost

OCTOBER 22, 2020

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam.

Scams 101

Scams 101

Tech Republic Security

OCTOBER 22, 2020

A full Linux version of the popular password manager is expected early next year.

Password Management 96

Password Management Passwords 96

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SecureWorld News

OCTOBER 22, 2020

If you have an email inbox, you've seen them. Emails claiming to come from a brand you know, but in reality, they are a "spoof" or copycat of an email from that company. These brand phishing attacks often involve sending you a branded email or text message with a link. Click the link and you go to a webpage or login portal that looks legitimate but is actually an imitation of the real thing.

Phishing 58

Phishing Cyber threats Passwords Accountability 58

Dark Reading

OCTOBER 22, 2020

The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.

69

69

Threatpost

OCTOBER 22, 2020

Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.

Phishing 75

Phishing Malware 75

Dark Reading

OCTOBER 22, 2020

But that's not the only type of web attack cybercriminals have been profiting from.

87

87

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Trend Micro

OCTOBER 22, 2020

This week, learn about a watering hole campaign Trend Micro dubbed ‘Operation Earth Kitsune’ that is spying on users’ systems through compromised websites. Also, read about how APT groups are threatening DDoS attacks against victims if they don’t send them bitcoin.

DDOS 40

DDOS Hacking Ransomware Malware 40

Dark Reading

OCTOBER 22, 2020

Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.

Technology 77

Technology 77

Architect Security

OCTOBER 22, 2020

Security Awareness 40

Security Awareness Software 40

Dark Reading

OCTOBER 22, 2020

The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.

73

73

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

OCTOBER 22, 2020

According to the ENISA Threat Landscape Report 2020, cyberattacks are becoming more sophisticated, targeted, and in many cases undetected. I’m proud to present the ENISA Threat Landscape Report 2020 , the annual report published by the ENISA that provides insights on the evolution of cyber threats for the period January 2019-April 2020. The 8th annual ENISA Threat Landscape (ETL) report was compiled by the European Union Agency for Cybersecurity (ENISA), with the support of the European Commiss

Cyber threats 104

Cyber threats Digital transformation Advertising IoT 104

Dark Reading

OCTOBER 22, 2020

The security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.

Software 61

Software 61

Tech Republic Security

OCTOBER 22, 2020

The New York State Department of Financial Services said platforms like Twitter and Facebook are now "systemically important" and need cybersecurity oversight.

Financial Services 130

Financial Services Media Cybersecurity Accountability 130

Threatpost

OCTOBER 22, 2020

Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported. .

Passwords 120

Passwords Hacking Authentication Accountability 120

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

OCTOBER 22, 2020

Messages that threaten people to ‘vote for Trump or else’ are part of foreign adversaries’ attempts to interfere with the Nov. 3 election, according to feds.

Government 76

Government 76