Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. In part 2 , I covered IP addresses and the importance of a decent network to run all this stuff on, followed by Zigbee and the role of low power, low bandwidth devices. I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time.

IoT 358

IoT Firmware Risk Manufacturing 358

Schneier on Security

NOVEMBER 25, 2020

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine.

Cybersecurity 210

Cybersecurity 210

Troy Hunt

NOVEMBER 25, 2020

The first few parts of this series have all been somewhat technical in nature; part 1 was how much of a mess the IoT ecosystem is and how Home Assistant aims to unify it all, part 2 got into the networking layer with both Wi-Fi and Zigbee and in part 3 , I delved into security. Now let's tackle something really tricky - humans. I love the idea of automating stuff in the home, but I love the idea of a usable home even more.

IoT 341

IoT Firmware Media Marketing 341

Adam Levin

NOVEMBER 25, 2020

The holiday season is one of the busiest times of the year for scammers and hackers. Shoppers and philanthropists are both easier targets during the busy holiday season. The Covid-19 pandemic has meant increased virtual visits with loved ones, and of course remote work. The number of people willing to use their personal devices for holiday shopping has also increased as a result of the pandemic.

Cybersecurity 191

Cybersecurity Retail Scams Phishing 191

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 25, 2020

Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.

Ransomware 206

Ransomware 206

Security Affairs

NOVEMBER 25, 2020

Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT. Group-IB , a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB. A cross-border anti-cybercrime effort that involved INTERPOL’s Cybercrime Directorate, Nigerian Police Force, and Group-IB’s APAC Cyber Investigations Team has resulted

Cybercrime 124

Cybercrime Phishing Social Engineering Spyware 124

Adam Shostack

NOVEMBER 25, 2020

As we launched the threat modeling manifesto , we ran into some trouble with TLS. Some of you even reported those troubles, by saying “it’s not working.” Thanks. That’s so helpful. Sarcasm aside, there’s a basic form to a helpful bug report: “I did A, and observed B.” If you want to make it really useful, add “I expected C,” or even “and the impact is D.” Let me compare and contrast with an example: “I clicked on the link I

100

100

Tech Republic Security

NOVEMBER 25, 2020

Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.

Ransomware 122

Ransomware 122

Threatpost

NOVEMBER 25, 2020

The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.

Hacking 138

Hacking Internet Internet IoT 138

Security Affairs

NOVEMBER 25, 2020

Retail giant Home Depot has agreed to a $17.5 million settlement in a multi-state investigation of the data breach that the company suffered in 2014. The US largest home improvement retailer giant Home Depot agrees to $17.5 million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers across the US and Canada.

Retail 119

Retail Data breaches Penetration Testing Password Management 119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

NOVEMBER 25, 2020

Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others.

Healthcare 107

Healthcare Government Hacking 107

Security Affairs

NOVEMBER 25, 2020

Belden, the manufacturer of networking and cable products, disclosed a data breach, threat actors have stolen employee and business information. The manufacturer of networking and cable products Belden disclosed a data breach, the company revealed that attackers gained “unauthorized access and copying of some current and former employee data, as well as limited company information regarding some business partners.”. “Belden was the target of a sophisticated attack by a party outside the co

Data breaches 103

Data breaches Cyber Attacks Manufacturing Banking 103

Dark Reading

NOVEMBER 25, 2020

Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.

104

104

Security Affairs

NOVEMBER 25, 2020

Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. Check Point experts observed the WAPDropper subscribing unaware users to premium services from legitimate telecommunications providers in Malaysia and Thailand.

Malware 95

Malware Telecommunications Mobile Marketing 95

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

eSecurity Planet

NOVEMBER 25, 2020

Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions.

Encryption 93

Encryption Technology 93

CompTIA on Cybersecurity

NOVEMBER 25, 2020

The pandemic has created unexpected challenges, and cybersecurity is no exception. While ransomware had been tapering off, it’s increased since March.

Ransomware 86

Ransomware Cybersecurity 86

Dark Reading

NOVEMBER 25, 2020

A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.

118

118

SiteLock

NOVEMBER 25, 2020

Want to know how to secure a WordPress site? SiteLock gives you four tips to make your WordPress site secure. Learn more about WordPress security with us today! The post How To Secure A WordPress Site With 4 Simple Tips appeared first on The SiteLock Blog.

75

75

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

NOVEMBER 25, 2020

Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.

Scams 108

Scams Phishing Malware Social Engineering 108

Dark Reading

NOVEMBER 25, 2020

Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.

Security Awareness 79

Security Awareness Cybersecurity 79

Javvad Malik

NOVEMBER 25, 2020

When we talk about privacy and surveillance, discussions usually involve talk of Governments keep the population under manners. But unlike the good old days of the eighteenth century, Governments aren’t the only ones with skin in the population monitoring, control, and profiteering business. We now have a whole slew of middle brothers aka big tech wanting a slice of that mind-control pie.

Surveillance 130

Surveillance Marketing Internet Internet 130

Dark Reading

NOVEMBER 25, 2020

The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.

66

66

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

NOVEMBER 25, 2020

Reducing the risks of remote work starts with updating the access policies of yesterday.

Risk 94

Risk Password Management Passwords InfoSec 94

Security Affairs

NOVEMBER 25, 2020

The UK NCSC issued an alert to urge organizations to patch the critical CVE-2020-15505 RCE vulnerability in MobileIron MDM systems. The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MDM platforms allow administrators to remotely manage a fleet of mobile devices in their organization from a central server.

Mobile 110

Mobile Healthcare Hacking Government 110

GlobalSign

NOVEMBER 25, 2020

If we've learned anything from the last year, it's that no business is immune to cyber attacks. But there are steps you can take to minimize the risk and protect your people, data, and information.

Cyber Attacks 55

Cyber Attacks Risk 55

Security Affairs

NOVEMBER 25, 2020

Group-IB , a global threat hunting and intelligence company, has presented its annual Hi-Tech Crime Trends 2020/2021 report. In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The most severe financial damage has occurred as a result of ransomware activity.

Banking 130

Banking Ransomware Phishing Marketing 130

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity