Schneier on Security

OCTOBER 6, 2020

Previously I have written about the Swedish-owned Swiss-based cryptographic hardware company: Crypto AG. It was a CIA-owned Cold War operation for decades. Today it is called Crypto International , still based in Switzerland but owned by a Swedish company. It’s back in the news : Late last week, Swedish Foreign Minister Ann Linde said she had canceled a meeting with her Swiss counterpart Ignazio Cassis slated for this month after Switzerland placed an export ban on Crypto International , a

Cybersecurity 336

Cybersecurity 336

Troy Hunt

OCTOBER 6, 2020

Following in the footsteps of many other national governments before them , I'm very happy to welcome the Canadian Centre for Cyber Security to Have I Been Pwned. The Canadian Centre for Cyber Security now has full and free access to query all Canadian federal government domains across both past and future breaches. Canada's inclusion in the service brings the total to 11 federal governments across North America, Europe and Australia.

Government 224

Government 224

Tech Republic Security

OCTOBER 6, 2020

The new suite is composed of four products that cover endpoint protection, endpoint detection and response, mobile threat defense, and user/entity behavior analytics.

Mobile 183

Mobile 183

CompTIA on Cybersecurity

OCTOBER 6, 2020

Interested in a career in cybersecurity? Find out more about the top nine cybersecurity job titles in the United States as told by Cyberseek, and understand what education, certifications and skills you need to start a career in cybersecurity.

Cybersecurity 143

Cybersecurity Education 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 6, 2020

Data breaches occur despite tight security. Arctic Wolf explains how to increase your security effectiveness.

Data breaches 214

Data breaches Cybersecurity 214

Security Affairs

OCTOBER 6, 2020

The CISA agency is warning of a surge in Emotet attacks targeting multiple state and local governments in the US since August. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August. During that time, the agency’s EINSTEIN Intrusion Detection System has detected roughly 16,000 alerts related to Emotet activity.

Government 131

Government Banking Advertising Malware 131

Security Affairs

OCTOBER 6, 2020

The United Nations International Maritime Organization (IMO) disclose a cyber attack that disrupted its IT systems. The United Nations International Maritime Organization (IMO) is a global standard-setting authority for the safety, security and environmental performance of international shipping. The UN Maritime Organization is the United Nations that develops a regulatory framework that is adopted on a global scale to ensure the safety and security of shipping and the prevention of marine and a

Cyber Attacks 124

Cyber Attacks Advertising Malware Hacking 124

Tech Republic Security

OCTOBER 6, 2020

Wi-Fi networks in hotels typically favor guest convenience over strong security practices, says the FBI.

Wireless 210

Wireless Risk 210

WIRED Threat Level

OCTOBER 6, 2020

The Checkm8 vulnerability that exposed years of iPhones to jailbreaking has finally been exploited in Macs as well.

Hacking 131

Hacking 131

Tech Republic Security

OCTOBER 6, 2020

Ransomware attacks doubled in the US over the last three months, says Check Point Research.

Ransomware 160

Ransomware 160

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

OCTOBER 6, 2020

E-mail messages preying on fear have ramped up since the COVID-19 outbreak, raising questions about security's reliance on historical data about past attacks to predict the future

101

101

Security Affairs

OCTOBER 6, 2020

Using a WordPress flaw (File-Manager plugin–CVE-2020-25213) to leverage Zerologon (CVE-2020-1472) and attack companies’ Domain Controllers. Recently, a critical vulnerability called Zerologon – CVE-2020-1472 – has become a trending subject around the globe. This vulnerability would allow a malicious agent with a foothold on your internal network to essentially become Domain Admin with just one click.

Social Engineering 101

Social Engineering Passwords Advertising Accountability 101

Dark Reading

OCTOBER 6, 2020

The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.

Technology 107

Technology 107

Security Affairs

OCTOBER 6, 2020

The legendary cyber security expert John McAfee has been indicted on charges of tax evasion by the DoJ, authorities arrested him in Spain. The popular cyber security expert and cryptocurrency evangelist John McAfee has been indicted on charges of tax evasion by the Department of Justice (DOJ). The expert has been arrested in Spain and is awaiting extradition.

Cryptocurrency 95

Cryptocurrency Banking Advertising Accountability 95

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

OCTOBER 6, 2020

Remote learning has introduced an array of new cyberthreats to American families and schools, but this can be an educational moment for all involved.

Education 103

Education Cybersecurity 103

Threatpost

OCTOBER 6, 2020

Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.

Hacking 107

Hacking 107

Dark Reading

OCTOBER 6, 2020

Products from every vendor had issues that allowed attackers to elevate privileges on a system -- if they already were on it.

Malware 109

Malware 109

Threatpost

OCTOBER 6, 2020

The fileless attack uses a phishing campaign that lures victims with information about a workers' compensation claim.

Malware 97

Malware Phishing 97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

OCTOBER 6, 2020

Chrome 86 will alert users when stored passwords are compromised, and block or warn of insecure downloads, among other security updates.

Passwords 104

Passwords 104

Threatpost

OCTOBER 6, 2020

The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.

Ransomware 74

Ransomware Malware 74

Dark Reading

OCTOBER 6, 2020

MERCURY, the Iranian advanced persistent threat group, is using Zerologon in a new series of attacks detected by Microsoft.

105

105

Google Security

OCTOBER 6, 2020

Posted by AbdelKarim Mardini, Senior Product Manager, Chrome Passwords are often the first line of defense for our digital lives. Today, we’re improving password security on both Android and iOS devices by telling you if the passwords you’ve asked Chrome to remember have been compromised, and if so, how to fix them. To check whether you have any compromised passwords, Chrome sends a copy of your usernames and passwords to Google using a special form of encryption.

Passwords 76

Passwords Phishing Password Management Encryption 76

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

OCTOBER 6, 2020

A senior information security risk engineer explains how Netflix's risk management program helps businesses leaders make key decisions.

Engineering 95

Engineering Risk Information Security 95

WIRED Threat Level

OCTOBER 6, 2020

Mike Postle claims he was the victim of an elaborate online campaign to tar him as a fraud—and he's suing a dozen defendants.

78

78

Dark Reading

OCTOBER 6, 2020

Facebook says SilentFade campaign disabled notifications that could have warned users that their accounts had been compromised.

Malware 123

Malware Accountability 123

Threatpost

OCTOBER 6, 2020

A researcher claims that the issue can be exploited by attackers in order to gain root access.

Mobile 89

Mobile 89

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

OCTOBER 6, 2020

Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.

Software 95

Software Risk 95

ForAllSecure

OCTOBER 6, 2020

In the last post of AST Guide for the Disenchanted , we identified the minimum appsec risks that need to be addressed as a part of your DevSecOps pipeline. The two risks are: known and unknown vulnerabilities. In today’s post, we’ll focus on how software composition analysis can help you address those known vulnerabilities. You are what you eat.

Software 52

Software Risk Cybersecurity 52

Dark Reading

OCTOBER 6, 2020

Too many organizations fail to enact the baseline payment security controls, according to the Verizon 2020 Payment Security Report, and the recent Blackbaud ransomware incident is merely the latest evidence.

Ransomware 64

Ransomware 64

Spinone

OCTOBER 6, 2020

What is data backup? Data backup has two meanings: the process of copying the information stored in your digital ecosystem; the copy of your data stored on-prem or on a remote location. The main goal of data backup is to preserve your information and recover it in case your original data is corrupted or lost. In addition to that, backup is an essential part of data loss prevention and data retention.

Backups 52

Backups Ransomware Mobile Media 52

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.