Schneier on Security

DECEMBER 22, 2020

The microphones on voice assistants are very sensitive, and can snoop on all sorts of data : In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.

Risk 327

Risk Surveillance 327

Anton on Security

DECEMBER 22, 2020

New Paper: “Future of the SOC: SOC People?—?Skills, Not Tiers” Back in August , we released our first Google/Chronicle?—?Deloitte Security Operations Center (SOC) paper titled “Future of the SOC: Forces shaping modern security operations” ( launch blog , paper PDF ) and promised a series of three more papers covering SOC people, process and technology.

Technology 246

Technology 246

Tech Republic Security

DECEMBER 22, 2020

Experts offer insights about the legal and financial hits, as well as the devastating loss of reputation, your business might suffer if it is the victim of a data breach.

Data breaches 183

Data breaches 183

CompTIA on Cybersecurity

DECEMBER 22, 2020

As the dust settles on the Solar Winds Orion cyberattack, it's clear that the IT industry needs to take the next step and band together, sharing threat intelligence and cyber best practices to avoid similar hacks in the future.

Hacking 137

Hacking Cybersecurity 137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 22, 2020

The legislation would both ban the resale of goods acquired using bots and the resale of tech products above the manufacturers' price.

Retail 186

Retail Manufacturing 186

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. sparsh. Tue, 12/22/2020 - 10:08. New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. Traditionally, privacy has taken the form of a policy document created, housed, and referenced by the offices of general counsel and compliance at most organizations.

Data privacy 118

Data privacy Encryption Risk Digital transformation 118

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. A joint operation conducted by law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands resulted in the seizure of the infrastructure used by three VPN bulletproof services. VPN bulletproof services are widely adopted by cybercrime organizations to carry out malicious activities, including ransomware and malware attacks,

VPN 126

VPN Cybercrime Advertising Accountability 126

Tech Republic Security

DECEMBER 22, 2020

How can and should governments respond to and better protect themselves from serious cyberattacks from hostile nations?

Government 188

Government 188

Dark Reading

DECEMBER 22, 2020

As domains get cheaper, account takeovers get easier, and cloud computing usage expands, email-borne attacks will take advantage.

Accountability 122

Accountability 122

Tech Republic Security

DECEMBER 22, 2020

Security fatigue and negative social influences give digital bad guys the advantage. Experts offer tips on how to solve this cybersecurity issue.

Cybersecurity 163

Cybersecurity 163

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

DECEMBER 22, 2020

Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.

Scams 133

Scams 133

SecurityTrails

DECEMBER 22, 2020

Learn what is JARM, its main benefits, and how can it help to detect malicious servers.

124

124

Dark Reading

DECEMBER 22, 2020

Adversaries that successfully execute attack can achieve persistent anytime, anywhere access to a victim network, security researchers say.

Network Security 137

Network Security 137

Threatpost

DECEMBER 22, 2020

Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.

Spyware 86

Spyware Surveillance Mobile Malware 86

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

DECEMBER 22, 2020

Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.

Banking 88

Banking Ransomware Malware 88

Threatpost

DECEMBER 22, 2020

Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.

Adware 85

Adware VPN 85

Dark Reading

DECEMBER 22, 2020

The United States and international partners shut down three bulletproof hosting services used to facilitate criminal activity.

VPN 99

VPN Cybercrime 99

Threatpost

DECEMBER 22, 2020

The underground payment-card data broker saw its blockchain DNS sites taken offline after an apparent law-enforcement effort.

DNS 92

DNS Government 92

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

DECEMBER 22, 2020

Cybercriminals are preparing to use computing performance innovations to launch new types of attacks.

Cyber threats 137

Cyber threats 137

Webroot

DECEMBER 22, 2020

Security awareness training is one of the most straightforward ways to improve a business’ overall resilience against cyberattacks. That is, when you get it just right. Thanks to the disruptions to “normal” work routines that COVID-19 has brought, launching a company-wide training program to teach end users how to avoid phishing scams and online risks is a big challenge.

Security Awareness 61

Security Awareness Social Engineering Phishing Engineering 61

Dark Reading

DECEMBER 22, 2020

The SaC approach lets users codify and enforce a secure state of application configuration deployment that limits risk.

Risk 102

Risk 102

SecureWorld News

DECEMBER 22, 2020

As vaccines for COVID-19 are being distributed around the world, it appears the end of this global pandemic is on the horizon. But cybercriminals are still taking advantage of every moment they can. The U.S. Attorney's Office for the District of Maryland seized two domain names, 'modernatx.com' and ' regeneronmedicals.com,' for spoofing and imitating websites of real biotechnology companies that developed vaccines.

Cybercrime 52

Cybercrime Healthcare Cyber threats Phishing 52

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Security Ledger

DECEMBER 22, 2020

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports that the devices may give the company "back door" access to deployed sets. The post Update: DHS Looking Into Cyber Risk from TCL Smart TVs appeared first on The Security. Read the whole entry. » Related Stories Episode 195: Cyber Monday Super Deals Carry Cyber Risk TV Maker TCL Denies Back Door, Promises Better Pro

Cyber Risk 52

Cyber Risk Risk Surveillance Internet 52

Dark Reading

DECEMBER 22, 2020

A roundup of Microsoft's recent security news and updates that focus on protecting identity.

81

81

The Security Ledger

DECEMBER 22, 2020

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports that the devices may give the company "back door" access to deployed sets. The post DHS Looking Into Cyber Risk from TCL Smart TVs appeared first on The Security Ledger. Related Stories Episode 195: Cyber Monday Super Deals Carry Cyber Risk TV Maker TCL Denies Back Door, Promises Better Process Security Holes Opened Bac

Cyber Risk 52

Cyber Risk Risk Surveillance Internet 52

Security Affairs

DECEMBER 22, 2020

Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst / Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that contains major companies, including Cisco , Deloitte, Intel, Mediatek, and Nvidia.

Hacking 138

Hacking Banking Manufacturing DNS 138

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Vipre

DECEMBER 22, 2020

What Happened. FireEye discovered in early December that their network had been compromised, and that attackers stole some “Red Team” tools – tools that are used in penetration testing exercises with large clients; not actually zero-day threats but useful reconnaissance frameworks for attackers nonetheless. To help prevent malicious use of these tools, FireEye has released the source code of these tools on GitHub so that defenders can understand how they work and monitor for activity gener

Hacking 75

Hacking Software Penetration Testing Malware 75

Security Affairs

DECEMBER 22, 2020

CyberNews Investigation team analyzed the 13 most popular messaging apps to see if the apps are really safe. Source: [link]. In recent research, the CyberNews Investigation team discovered that a chat service, most likely based in China, had leaked more than 130,000 extremely NSFW images, video and audio recordings of their users. While this messaging service was connected to a company that offered a “private social network,” and therefore with a small user base, we wanted to see the security fe

Encryption 128

Encryption Spyware Surveillance Software 128