Schneier on Security

SEPTEMBER 24, 2020

The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group: The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging to the targets, overcoming obstacles created by encrypted applications such as Telegram and, according to Miaan, even gaining access to information on WhatsApp.

Government 240

Government Hacking Mobile Encryption 240

Krebs on Security

SEPTEMBER 24, 2020

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest.

Antivirus 238

Antivirus Security Intelligence Engineering Authentication 238

Tech Republic Security

SEPTEMBER 24, 2020

The overall Attacker Resistance Score for the IT sector dropped this year due in part to digital transformation work, according to the 2020 Trust Report.

Digital transformation 147

Digital transformation Banking Cybersecurity 147

Threatpost

SEPTEMBER 24, 2020

A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.

Banking 127

Banking Mobile Authentication Malware 127

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Shostack

SEPTEMBER 24, 2020

The reason I hate compliance programs is because they’re lists of things we need to do, and many times, those things don’t seem to make a great deal of sense. In threat modeling, I talk about the interplay between threats, controls, and requirements, and I joke that “a requirement to have a control absent any threat” is why we hate compliance programs (not joking).

100

100

Security Affairs

SEPTEMBER 24, 2020

Microsoft is warning of threat actors that are actively using the Windows Server Zerologon exploits in attacks in the wild. Microsoft has published a series of Tweets to warn of attackers that are actively exploiting the Windows Server Zerologon in attacks in the wild. The IT giant is urging Windows administrators to install the released security updates as soon as possible.

Security Intelligence 122

Security Intelligence Authentication Advertising Passwords 122

Security Affairs

SEPTEMBER 24, 2020

Experts worldwide warn about a surge in the Emotet activity, this time the alerts are from Microsoft, Italy and the Netherlands agencies. Two weeks ago, cybersecurity agencies across Asia and Europe warned of Emotet spam campaigns targeting businesses in France, Japan, and New Zealand. The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France.

Malware 117

Malware Passwords Advertising Cybercrime 117

WIRED Threat Level

SEPTEMBER 24, 2020

After a girl reported a suspicious TikTok profile, researchers detected aggressive adware in apps that had been downloaded 2.4 million times.

Adware 103

Adware Scams 103

Security Affairs

SEPTEMBER 24, 2020

Facebook has addressed a critical vulnerability in Instagram that could lead to remote code execution and turn the smartphone into a spying device. Facebook has fixed a critical remote code execution vulnerability in Instagram that could lead to the hijack of smartphone cameras, microphones, and more. . The vulnerability, tracked as CVE-2020-1895 , was discovered by Check Point, it is a heap overflow issue that resides in Instagram’s image processing and received a CVSS score of 7.8. R

Advertising 108

Advertising Media Hacking Accountability 108

Dark Reading

SEPTEMBER 24, 2020

A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.

107

107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureWorld News

SEPTEMBER 24, 2020

In a world full of Penguins, Jokers, and Riddlers, there is one name above the rest: Batman. That's the way it is in Gotham City. If you carry that story line over into the real world, you could write it like this: On a planet full of hackers, cybercriminals, and ransomware operators, there is one profession above the rest: cybersecurity. New research reveals cybersecurity professionals are riding a wave of popularity from those outside of the security community.

Cybersecurity 87

Cybersecurity Digital transformation Education Information Security 87

WIRED Threat Level

SEPTEMBER 24, 2020

On July 15, Twitter melted down. On Election Day, that's not an option.

Hacking 126

Hacking 126

Dark Reading

SEPTEMBER 24, 2020

Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says.

Malware 104

Malware 104

WIRED Threat Level

SEPTEMBER 24, 2020

The campaigns primarily targeted countries outside the US. But the same mechanisms could be used in “hack and leak” operations like those that roiled the 2016 campaign.

Hacking 80

Hacking 80

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

SEPTEMBER 24, 2020

More explicit threat models can make security better and open the door to real and needed innovation.

107

107

Security Affairs

SEPTEMBER 24, 2020

Security researchers spotted a new strain of Android malware, dubbed Alien, that implements multiple features allowing it to steal credentials from 226 apps. Researchers from ThreatFabric have discovered and analyzed a new strain of Android malware, tracked as Alien, that implements multiple features allowing it to steal credentials from 226 applications.

Banking 80

Banking Malware Advertising Architecture 80

Threatpost

SEPTEMBER 24, 2020

The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.

VPN 109

VPN Malware Government Hacking 109

eSecurity Planet

SEPTEMBER 24, 2020

With solutions targeting access control and microsegmentation, security vendors are turning zero trust from a concept into products.

89

89

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

SEPTEMBER 24, 2020

Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.

Wireless 90

Wireless Architecture 90

Tech Republic Security

SEPTEMBER 24, 2020

Combing through logs on numerous servers can be a chore. Learn how to simplify that with the Graylog monitoring server.

81

81

Threatpost

SEPTEMBER 24, 2020

Convincing SMS messages tell victims that they've been selected for a pre-release trial for the soon-to-be-launched device.

Scams 87

Scams Mobile Phishing 87

Dark Reading

SEPTEMBER 24, 2020

The Security Intelligence team at Microsoft is tracking newly waged exploits in the wild.

Security Intelligence 100

Security Intelligence 100

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Veracode Security

SEPTEMBER 24, 2020

Maximizing the value of your application security (AppSec) analytics not only provides a window into whether or not you???re meeting security requirements but also it helps you prove your ROI. That can be a challenge for a lot of organizations ??? when stakeholders are not close to the data, they may miss milestones like hitting goals for reducing security debt or even how much AppSec program has matured by data.

52

52

Dark Reading

SEPTEMBER 24, 2020

These three steps will help organizations reduce long-term work-from-home security risks.

Risk 90

Risk 90

Threatpost

SEPTEMBER 24, 2020

Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software.

Software 71

Software DNS 71

Dark Reading

SEPTEMBER 24, 2020

CrowdStrike plans to use Preemptive Security's conditional access technology to strengthen its Falcon platform.

Technology 75

Technology 75

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Architect Security

SEPTEMBER 24, 2020

If I Go to a Protest, What Kinds of Personal Information Might Police Collect About Me? (And how long can it stick around?). By: Lauren Kirchner. On the evening of May 29, New Yorkers went out by the thousands for the first big day of protests following the murder of George Floyd. If they were checking Twitter as they headed out the door, they may have seen a surprising warning issued by Terri Rosenblatt, supervising attorney of the DNA Unit at The Legal Aid Society in New York City: Then, when

Surveillance 40

Surveillance Data collection Media Software 40

Dark Reading

SEPTEMBER 24, 2020

CrowdStrike plans to use Preempt Security's conditional access technology to strengthen its Falcon platform.

Technology 73

Technology 73

SecureWorld News

SEPTEMBER 24, 2020

A key member of The Dark Overlord hacking group will spend five years in jail. And its possible no one is more surprised than the hacker, himself. Security researcher Vinny Troia loves to communicate with criminal hackers on the dark web. He uses several aliases to do so. The Dark Overlord: 'too smart to get caught'. And at a recent SecureWorld conference, he revealed that he's spent hours messaging and even speaking with The Dark Overlord hacking group.

Hacking 68

Hacking Accountability Healthcare Cybercrime 68

Architect Security

SEPTEMBER 24, 2020

What Are My Photos Revealing About Me? You may be accidentally sharing personal information in your photos. By: Jon Keegan. For years, tech savvy people have known that photos shot on your phone contain lots of information that you may not want revealed. The specific model of phone you use and the precise time and location of where the photo was shot are all saved in the photo’s metadata.

Technology 49

Technology Artificial Intelligence Media Engineering 49

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.