Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. (2021-2030) A Surge in Demand for InfoSec people will result in many more professionals being trained and placed within companies, likely using more of a trade/certification model than a 4-year university model. (2026-) Cyberinsurance will ascend as the primary mechanism for making cybersecurity-related product and service decisions within companies. (2030-) Automation & AI will s

InfoSec 255

InfoSec Insurance Artificial Intelligence Cybersecurity 255

Schneier on Security

NOVEMBER 6, 2020

Research paper: Rick Wash, “ How Experts Detect Phishing Scam Emails “: Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails received, they are not perfect and phishing remains one of the largest sources of security risk in technology and communication systems.

Phishing 224

Phishing Scams Technology Risk 224

Adam Levin

NOVEMBER 6, 2020

Network access to over 7,000 organizations in the U.S., Canada, and Australia is allegedly available for auction on Russian hacking forums. An unidentified hacker is advertising an archive of remote desktop protocol (RDP) credentials to several thousand organizations with bids starting at 25 bitcoins (roughly $390,000). . “I sell everything at once, without samples, convenient access via rdp to each network,” states the advertisement , promising administrative access to each compromised network.

Advertising 182

Advertising Hacking Ransomware Malware 182

Tech Republic Security

NOVEMBER 6, 2020

If you're not sure how to view your SSH certificates, Jack Wallen walks you through the steps on Linux, macOS, and Windows.

152

152

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Levin

NOVEMBER 6, 2020

Healthcare facilities are under an increased threat of cyberattack, according to the FBI. In a joint cybersecurity advisory with the Cybersecurity and Infrastructure Agency (CISA) and the Department of Health and Human Services (HHS), the FBI warned of an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”. While there are currently several strains of malware actively targeting healthcare facilities, the advisory primarily focused on TrickBot, a program with a

Healthcare 175

Healthcare Antivirus Backups Cybercrime 175

Anton on Security

NOVEMBER 6, 2020

Security continues to be a top concern for cloud customers, and therefore continues to be a driver of our business at Google Cloud. However, specific security priorities vary wildly by vertical, by organization size, and by many other factors. In fact, many “CISO priorities lists” are floating out there online and many people claim to know “what CISOs want.

CISO 100

CISO Cloud Migration CSO Information Security 100

InfoWorld on Security

NOVEMBER 6, 2020

Gartner states through 2020, public IaaS workloads will suffer at least 60 percent fewer security incidents than workloads in traditional data centers. When I pointed this out several years ago, many scoffed at the claim. Both the hyperscalers and third-party security providers are spending about 70 to 80 percent of their R&D budgets on supporting public clouds.

Technology 98

Technology 98

Security Affairs

NOVEMBER 6, 2020

Campari Group, the Italian beverage giant has been hit by a ransomware attack that forced the company to shut down a large part of its IT network. Campari Group , the Italian beverage giant has been hit by a ransomware attack that forced the company to shut down a large part of its IT network. The Italian company is active since 1860, it produces spirits, wines, and soft drinks.

Ransomware 99

Ransomware Advertising Encryption Backups 99

Threatpost

NOVEMBER 6, 2020

The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.

IoT 104

IoT Malware Cryptocurrency Hacking 104

Security Affairs

NOVEMBER 6, 2020

The RansomExx Ransomware gang is expanding its operations by creating a new version that is able to infect Linux machines. RansomExx ransomware operators are expanding their operations by developing a Linux version of their malware. Kaspersky researchers have analyzed the Linux version of the RansomExx ransomware, also tracked as Defray777. This week the RansomExx ransomware has been involved in the attacks against Brazil’s Superior Court of Justice.

Ransomware 96

Ransomware Encryption Malware Technology 96

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

NOVEMBER 6, 2020

Researchers discover a new worm and botnet dubbed Gitpaste-12 for its ability to spread via GitHub and Pastebin.

105

105

Threatpost

NOVEMBER 6, 2020

The Ragnar Locker operators released a stolen contract between Wild Turkey and actor Matthew McConaughey, as proof of compromise.

Ransomware 96

Ransomware Malware 96

Dark Reading

NOVEMBER 6, 2020

The vulnerabilities include three for which exploits have already been seen in the wild.

109

109

Security Weekly

NOVEMBER 6, 2020

The post Why Network Data Should be the Foundation of Your Security Strategy appeared first on Security Weekly.

Encryption 128

Encryption 128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

NOVEMBER 6, 2020

The social media deal raises issues involving data custodianship and trusted tech partnerships.

Media 102

Media 102

Adam Shostack

NOVEMBER 6, 2020

A little something to make you smile today:

100

100

Dark Reading

NOVEMBER 6, 2020

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

85

85

Threatpost

NOVEMBER 6, 2020

The illegal marketplace was hacked prior to it's takedown -- the IRS has now tracked down those stolen funds, it said.

Hacking 86

Hacking Government 86

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

NOVEMBER 6, 2020

What trends can startups and investors expect to see going forward?

Cybersecurity 99

Cybersecurity 99

Threatpost

NOVEMBER 6, 2020

The actively exploited vulnerabilities discovered by Project Zero exist across iPhone, iPad and iPod devices.

Mobile 88

Mobile 88

Security Affairs

NOVEMBER 6, 2020

The United States announced the seizure of $1 billion worth of Bitcoin stolen by an individual from the Silk Road marketplace. On November 3, The United States this week announced that it has seized $1 billion worth of Bitcoin stolen by an individual from the Silk Road marketplace over half a decade ago. “The United States filed a civil complaint today to forfeit thousands of Bitcoins, valued at over $1 billion dollars, seized by law enforcement on November 3, 2020, announced United States

Cryptocurrency 60

Cryptocurrency Advertising Marketing Government 60

Threatpost

NOVEMBER 6, 2020

The shopping cart application contains a PHP object-injection bug.

103

103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Spinone

NOVEMBER 6, 2020

No matter if you are a business owner or work in any other sector like healthcare, education, or finance – in 2020, ransomware is officially after your cloud data. This new, more malicious type of ransomware is called ransomware 2.0. So, how do your files in the cloud get compromised during the ransomware attack? The first and more traditional way is through the file synching application: ransomware infects the device that runs a synch program, so the synched files in the cloud get encrypt

Ransomware 52

Ransomware Backups Antivirus Encryption 52

Security Affairs

NOVEMBER 6, 2020

Pwn2Own Tokyo 2020 hacking competition is started, bug bounty hunters already hacked a NETGEAR router and a Western Digital NAS devices. The popular Pwn2Own Tokyo hacking competition is started and due to the COVID-19 pandemic, the competition has been arranged as a virtual event. The Pwn2Own Tokyo is actually coordinated by Zero Day Initiative from Toronto, Canada, and white hat hackers taking part in the competition have to demonstrate their ability to find and exploit vulnerabilities in a bro

Hacking 56

Hacking Advertising Authentication Cybersecurity 56

Spinone

NOVEMBER 6, 2020

What is ransomware? Ransomware is a type of malware that prevents users from accessing their data or using their device. In most cases, it encrypts the files and offers a decryption key in return for a ransom. Types of ransomware: By the effect on system: Scareware makes users believe that there’s a virus on their computer and they need to purchase special software to remove it.

Ransomware 52

Ransomware Backups Encryption Social Engineering 52

eSecurity Planet

NOVEMBER 6, 2020

Protecting privileged accounts is one of the top security challenges for any organization.

Software 73

Software Accountability 73

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Schneier on Security

NOVEMBER 6, 2020

Squid geopolitics. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

193

193

eSecurity Planet

NOVEMBER 6, 2020

Ideally you'd use both full-disk and file encryption to protect data at rest and data in motion. The good news is some vendors offer both.

Encryption 56

Encryption 56

Security Affairs

NOVEMBER 6, 2020

Threat Report Portugal Q3 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from the community.

Threat Reports 82

Threat Reports Phishing Malware Banking 82