Krebs on Security

AUGUST 26, 2020

At the height of his cybercriminal career, the hacker known as “ Hieupc ” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer sk

Identity Theft 328

Identity Theft Computers and Electronics Accountability Hacking 328

Adam Levin

AUGUST 26, 2020

Zoom’s service outage on August 24 caused a ripple effect felt in schools and companies across the world. Students were unable to attend classes via remote learning, meetings were cancelled and for roughly three hours users were wondered if the now-ubiquitous platform had been brought down by hackers. Although the company later released an announcement attributing the outage to an “application-level bug,” it made clear that most of us are not prepared for an interruption to a service we’ve grown

Education 246

Education Backups Social Engineering Engineering 246

Security Affairs

AUGUST 26, 2020

FBI authorities arrested a Russian national in the U.S. after attempting to recruit an employee at a targeted company to plant a malware. US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. The man was arrested on August 22 and appeared in court on August 24.

Malware 135

Malware DDOS Advertising Hacking 135

Adam Shostack

AUGUST 26, 2020

This is a really interesting podcast interview with Sidney Dekker, who’s one of the most important thinkers in safety. The Jay Allen Show on Safety. (Fast forward through the first 3 minutes, the content is quite interesting.). Particularly interesting is his discussion of some ‘best practices’ which come out of a poorly supported chain of work by an insurance analyst. “It turns out, the deeper you dig, he made it up.

Insurance 100

Insurance Risk 100

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 26, 2020

If you're looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool.

Malware 108

Malware Cybersecurity 108

Threatpost

AUGUST 26, 2020

Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.

Data breaches 134

Data breaches 134

SecureWorld News

AUGUST 26, 2020

The IRS has audited plenty of taxpayers and organizations. But this time, it is the Treasury Inspector General for Tax Administration auditing the IRS, the agency's legacy IT environment and its cybersecurity. The Audit's conclusion? These numbers don't add up. How do you define a legacy system? We all know asset management is hard for organizations.

Risk 94

Risk Cybersecurity CSO Technology 94

Dark Reading

AUGUST 26, 2020

Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.

Social Engineering 118

Social Engineering Engineering 118

Security Affairs

AUGUST 26, 2020

Experts discovered a new hacker hacker-for-hire group that is targeting organizations worldwide with malware hidden inside malicious 3Ds Max plugins. Security researchers from Bitdefender discovered a new hacker group that is currently targeting companies across the world with malware hidden inside malicious 3Ds Max plugins. Autodesk 3ds Max , formerly 3D Studio and 3D Studio Max, is a professional 3D computer graphics program for making 3D animations, models, games and images.

Architecture 94

Architecture Malware Advertising Software 94

Threatpost

AUGUST 26, 2020

Threat actors are becoming increasingly sophisticated in launching disinformation campaigns - and staying under the radar to avoid detection from Facebook, Twitter and other platforms.

Government 85

Government Hacking 85

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

AUGUST 26, 2020

Under the "shared responsibility model," the security management of cloud offerings is split equally between the vendor and the customer. Easy enough, right?

89

89

Threatpost

AUGUST 26, 2020

The popular Autodesk software was exploited in a recent cyberespionage campaign against an international architectural company.

Architecture 95

Architecture Software 95

Dark Reading

AUGUST 26, 2020

Slow patching provides vulnerabilities to exploit. A lack of network segmentation allows unrestricted lateral movement. Yet a report surveying a year of penetration tests finds that passwords still top the list of what attackers use to compromise systems.

Passwords 86

Passwords Penetration Testing 86

Threatpost

AUGUST 26, 2020

IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on.

Cybersecurity 99

Cybersecurity InfoSec Mobile Malware 99

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

AUGUST 26, 2020

The group, which has been around since at least 2013, has impacted thousands of organizations, mostly in India.

Spyware 102

Spyware 102

Threatpost

AUGUST 26, 2020

Nine bugs were patched, eight of which are rated ‘high’ severity.

VPN 110

VPN Software 110

Dark Reading

AUGUST 26, 2020

Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.

Education 88

Education CISO 88

Veracode Security

AUGUST 26, 2020

My name is Seb and I???m an application security (AppSec) engineer, part of the Application Security Consultant (ASC) team here at Veracode. My role is to help remediate flaws at scale and at pace, and to help you get the most out of the Veracode toolset. With a background as an engineering lead, I???ve run AppSec initiatives for government and global retailers.

Engineering 52

Engineering Software Retail Marketing 52

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 26, 2020

The North Korean operatives have attempted to steal more than $2 billion since 2015 in a series of ongoing campaigns.

Banking 94

Banking 94

Notice Bored

AUGUST 26, 2020

A couple of days ago I blogged about MURAL , just one of many creative tools supporting collaborative working. If you missed it, please catch up and contemplate about how you might use tools such as that right now for teamworking during the COVID19 lockdowns. Today I've been thinking about 'the new normal' as the world emerges from the pandemic, inspired by the intersection of two threads.

Manufacturing 52

Manufacturing Artificial Intelligence Risk IoT 52

Dark Reading

AUGUST 26, 2020

Risk levels are not steady states. Here are six indications that the danger posed by your supply chain is headed in the wrong direction.

Risk 79

Risk 79

McAfee

AUGUST 26, 2020

Ransomware Evolution to Most Promising Victim (MPV) Attacks. Ransomware cost businesses over $11.5 B with a 500% increase in attacks in 2019 according to Forrester Research. It’s your persistent threat. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it and their data until a ransom is paid to unlock it.

Artificial Intelligence 97

Artificial Intelligence Ransomware Social Engineering Internet 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

AUGUST 26, 2020

The defendant allegedly planned to pay an employee $1 million to infect the company network with malware.

Hacking 89

Hacking Malware 89

Schneier on Security

AUGUST 26, 2020

Interesting story of an Amazon supplier fraud: According to the indictment, the brothers swapped ASINs for items Amazon ordered to send large quantities of different goods instead. In one instance, Amazon ordered 12 canisters of disinfectant spray costing $94.03. The defendants allegedly shipped 7,000 toothbrushes costing $94.03 each, using the code for the disinfectant spray, and later billed Amazon for over $650,000.

Accountability 265

Accountability Cybercrime 265

Security Affairs

AUGUST 26, 2020

A hack-for-hire group, tracked as DeathStalker, has been targeting organizations in the financial sector since 2012 Kaspersky researchers say. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. Victim organizations are small and medium-sized businesses located in Argentina, China, Cyprus, India, Israel, Lebanon, Switzerland, Russia, Taiwan, Turkey, the United Kingdom and the United Ara

Malware 69

Malware Hacking Advertising Cybercrime 69