Krebs on Security

AUGUST 12, 2020

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including ev

Accountability 332

Accountability Mobile Banking Passwords 332

Adam Levin

AUGUST 12, 2020

Cybercriminals are increasingly registering email addresses with legitimate services and using them in the commission of business email compromise (BEC) attacks. A recent study of hacking methods published by Barracuda found that more than 6,000 email accounts using legitimate services had been linked to more than 100,000 BEC attacks on roughly 6,600 organizations this year. .

Accountability 244

Accountability Scams Malware Hacking 244

Tech Republic Security

AUGUST 12, 2020

Moving on from passwords to strong authentication and adaptive access policies is key to improving security without hurting productivity, especially given the increase in remote working.

Authentication 218

Authentication Passwords 218

Schneier on Security

AUGUST 12, 2020

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here.

Encryption 263

Encryption Cryptocurrency 263

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 12, 2020

The breach compromised 28,000 records, exposing such data as names, phone numbers, physical addresses, and email addresses.

Data breaches 218

Data breaches Phishing Cybersecurity 218

Adam Shostack

AUGUST 12, 2020

At Defcon’s biohacking village, there was an interesting talk on Includes No Dirt threat modeling. I thought this slide was particularly interesting. As threat modeling moves from an idea through pilots and deployments, and we develop the organizational disciplines of threat modeling, the question of ‘when do we do this’ comes up. There’s good appsec focused answers like ‘every sprint’, or ‘in line with your waterfall, but those answers aren’t univ

Healthcare 130

Healthcare 130

Security Affairs

AUGUST 12, 2020

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. Researchers from SentinelOne discovered new variants of the popular Agent Tesla Trojan that includes new modules to steal credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.

Passwords 132

Passwords Spyware VPN Malware 132

Tech Republic Security

AUGUST 12, 2020

Most IT leaders say their priorities have shifted since the coronavirus pandemic surfaced around the start of the year, says Hitachi ID.

Cybersecurity 138

Cybersecurity 138

Security Affairs

AUGUST 12, 2020

The City of Lafayette, Colorado, USA, has been forced to pay $45,000 because they were unable to restore necessary files from backup. On July 27th, the systems at the City of Lafayette, Colorado, were infected with ransomware, the malicious code impacted phone services, email, and online payment reservation systems. The City did not immediately disclose the cause of the outage of its systems and invited the citizens to use 911 or an alternate number for emergency services.

Backups 131

Backups Advertising Ransomware Hacking 131

Tech Republic Security

AUGUST 12, 2020

Social media apps put corporate networks at risk and provide raw material for deep fakes.

Risk 155

Risk Media 155

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

AUGUST 12, 2020

Citrix said that it anticipates malicious actors "will move quickly to exploit" two critical flaws in its mobile device management software.

Mobile 118

Mobile Software 118

WIRED Threat Level

AUGUST 12, 2020

Social media platforms repeatedly use so-called dark patterns to nudge you toward giving away more of your data.

Media 132

Media 132

Security Affairs

AUGUST 12, 2020

Citrix addressed multiple vulnerabilities in Citrix Endpoint Management (XenMobile) that can be exploited by an attacker to gain administrative privileges on affected systems. The Citrix Endpoint Management (CEM), formerly XenMobile, is software that provides mobile device management (MDM) and mobile application management (MAM). The vulnerabilities that impacted the Citrix XenMobile were tracked as CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212.

Mobile 102

Mobile Advertising Software Hacking 102

Threatpost

AUGUST 12, 2020

App concealed the practice of gathering device unique identifiers using an added layer of encryption.

Encryption 124

Encryption Data collection Mobile Government 124

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

AUGUST 12, 2020

A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.

Data breaches 111

Data breaches Phishing 111

SecureWorld News

AUGUST 12, 2020

It's like a match made in cybersecurity heaven. And this match came up with $300,000 to get things started in a brand new pilot program. Georgia State University is launching this venture. Georgia State University cybersecurity mentorship program. GSU recently offered a grant to the school's Evidence-based Cybersecurity Research Group (EBCS) to educate students in advanced cybersecurity research schools: "Sixty students from throughout the Southeast will train in the 'Evidence-based Cybersecurit

CISO 80

CISO Cybersecurity Education Technology 80

Dark Reading

AUGUST 12, 2020

By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.

Software 85

Software Risk 85

Security Affairs

AUGUST 12, 2020

Microsoft August 2020 Patch Tuesday updates addressed 120 vulnerabilities, including two zero-days that have been exploited in attacks. Microsoft August 2020 Patch Tuesday updates have addressed 120 flaws, including two zero-day vulnerabilities that have been exploited in attacks in the wild. The two issues are a Windows spoofing bug and a remote code execution flaw in Internet Explorer.

Internet 68

Internet Internet Engineering Advertising 68

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 12, 2020

The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.

109

109

SecureWorld News

AUGUST 12, 2020

Your questions about deception technology in cybersecurity, answered. What exactly is deception technology and how can it play a vital part in your cyber defense? In a recent conversation with Michael Meyer, Chief Risk Officer (CRO) and Chief Security Officer (CSO) at MRS BPO, SecureWorld covered the wide world of deception technology and cybersecurity.

Technology 52

Technology Cybersecurity CSO IoT 52

Dark Reading

AUGUST 12, 2020

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

85

85

Notice Bored

AUGUST 12, 2020

We're seeing a steady stream of 'update your email'-type crude phishers along these lines: I have lightly redacted the URL, but those action buttons are clearly not pointing to an IsecT domain. Firebase Storage is a Google cloud storage/app service: Google promotes Firebase security in terms of high availability and authentication for their customers i.e. web developers using Firebase to host content on the web.

Phishing 52

Phishing Authentication Social Engineering Accountability 52

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

AUGUST 12, 2020

The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.

89

89

NSTIC

AUGUST 12, 2020

In March, we highlighted the work that NIST conducts in usable cybersecurity technology and protection against phishing scams by sharing thoughts from Kristen Greene, a NIST cognitive scientist. Greene provided excellent tips to help full-time telework employees understand and recognize potential phishing scams. In our second blog post in this series, Susanne Furman, also a NIST cognitive scientist, offers her expertise regarding the security and privacy of smart home devices.

Cybersecurity 51

Cybersecurity Scams Phishing Marketing 51

Dark Reading

AUGUST 12, 2020

Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.

Encryption 85

Encryption IoT 85

Spinone

AUGUST 12, 2020

Today’s threats are coming from many different sources. Businesses have long been worried about the threat of ransomware. However, a new breed of ransomware poses a threat to the next infrastructure landscape of your business – the cloud. “Ransomware 2.0” will pose new and alarming threats to your cloud infrastructure. These new variants of ransomware that have evolved from simple on-premises threats will use malicious cloud applications and browser plugins to compromise

Ransomware 52

Ransomware Backups Encryption Accountability 52

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

AUGUST 12, 2020

The SANS Institute suffered a data breach, 28,000 user records containing personally identifiable information (PII) were exposed. On August 6, during a review of email configuration and rules, the staff at the SANS Institute discovered a security breach. 28,000 records of personally identifiable information (PII) have been forwarded to an unknown email address.

Data breaches 129

Data breaches Accountability Advertising Information Security 129

SecureWorld News

AUGUST 12, 2020

Cybersecurity training platform SANS Institute says it suffered a cybersecurity incident last week which revealed 28,000 records of Personally Identifiable Information. Here is what we know about how the data breach started, how it was detected, and some expert opinion on this type of cyber attack strategy. How did the SANS data breach start? In its Data Incident Notice, SANS says the cyberattack started the same way more than 90% of cyberattacks do: " We have identified a single phishing e-mail

Data breaches 90

Data breaches Accountability Cybercrime Banking 90

Security Affairs

AUGUST 12, 2020

A security researcher has discovered that a threat actor controlled roughly 23% of the Tor network’s exit nodes. A security researcher named Nusenu revealed that in May a malicious controlled roughly 23% of the entire Tor network’s exit nodes. Experts warn that this was the first time that a single actor controlled such a large number of Tor exit nodes.

Advertising 99

Advertising Cryptocurrency Hacking Information Security 99

WIRED Threat Level

AUGUST 12, 2020

Scarred by trauma and devoted to Trump, a man began mailing explosives to the president’s critics on the eve of an election. Inside the race to catch him.

117

117

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.