Thu.Nov 19, 2020

article thumbnail

The US Military Buys Commercial Location Data

Schneier on Security

Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide.

article thumbnail

Japanese Gaming Company Capcom Confirms Ransomware Attack, Compromised User Data

Adam Levin

Capcom Co., Ltd., the Japanese video game company known for Street Fighter and Resident Evil, has confirmed the compromise of personally identifiable information (PII) associated with over 350,000 customers, business partners, and employees of the gaming giant. The data was exfiltrated in a ransomware attack. . In a press release, Capcom announced that it was successfully breached in “a customized ransomware attack following unauthorized access” and that “some personal information maintained by

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 218

Troy Hunt

This week, I've finally got a workable mobile setup with sufficient quality audio and video. As I explain in the video, this is ultimately achieved by the Sigma lens feeding into the Sony DSLR then via micro HDMI to the Elgato Cam Link 4K into my laptop via USB which then wifis over to my boat shed access point connected via ethernet over power to the server room and into the network.

Mobile 205
article thumbnail

How phishing attacks are exploiting Google's own tools and services

Tech Republic Security

Cybercriminals are taking advantage of Google's open and accessible online tools to skirt past the usual security filters, says Armorblox.

Phishing 211
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The NCSAM Campaign

Javvad Malik

For October’s National Cyber Security Awareness month, I put together a few videos and blogs. In my mind it formed a campaign, but for various reasons, the timings were a bit inconsistent and the different resources ended up on different places. So as a recap – I put everything from this year into this one blog post. Hey just because the month is over doesn’t mean we pack up and go home right. 5 Cyber Security Awareness Month Tips for Cybersecurity Professionals.

article thumbnail

Microsoft gives Linux a security boost with these new attack detection tools

Tech Republic Security

Linux endpoint detection and response will help Microsoft Defender customers secure Linux servers and networks against security nasties.

206
206

More Trending

article thumbnail

How to use Mozilla's VPN service across mobile and desktop platforms

Tech Republic Security

Mozilla now offers a VPN service that protects Windows and mobile devices, and soon your Linux and macOS desktops. Jack Wallen shows you how to use the new offering.

VPN 155
article thumbnail

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Threatpost

Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.

Hacking 131
article thumbnail

Remote working: This new Microsoft VPN aims to make your mobile devices more secure

Tech Republic Security

Microsoft has delivered a managed VPN for mobile devices -- using a Linux container.

VPN 209
article thumbnail

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

Threatpost

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How to use the built-in GPG feature for Thunderbird

Tech Republic Security

As of release 78, Thunderbird no longer requires a third-party extension to work with encryption. Learn how this new feature works.

article thumbnail

REvil ransomware demands 500K ransom to Managed.com hosting provider

Security Affairs

Managed web hosting provider Managed.com was hit with REvil ransomware that forced it to take down their servers and web hosting systems. Managed web hosting provider Managed.com was hit by a REvil ransomware attack over the weekend that took their servers and web hosting systems offline. At the time of writing this post, Managed.com hosting systems continue to be unavailable.

article thumbnail

Thunderbird: How to use the built-in GPG feature

Tech Republic Security

As of release 78, Thunderbird no longer requires a third-party extension to work with encryption. Learn how this new feature works.

article thumbnail

Nation-state actors from Russia, China, Iran, and North Korea target Canada

Security Affairs

Canada Centre for Cyber Security warns of risks related to state-sponsored programs from China, Russia, Iran, and North Korea. A report published by the Canadian Centre for Cyber Security, titled “ National Cyber Threat Assessment 2020 ,” warns of risks associated with state-sponsored operations from China, Russia, Iran, and North Korea.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Brave Rewards: How to disable the feature

Tech Republic Security

Brave is a browser that should be on your radar. However, it does include the Brave Rewards feature that some users might want to disable. Learn how to turn off this option.

117
117
article thumbnail

Drupal addressed CVE-2020-13671 Remote Code Execution flaw

Security Affairs

Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671. The Drupal development team has released security updates to fix a remote code execution vulnerability related caused by the failure to properly sanitize the names of uploaded files. The vulnerability, tracked as CVE-2020-13671, has been classified as critical according to the NIST Common Misuse Scoring System.

Hacking 108
article thumbnail

Linux servers: How to encrypt files with gocryptfs

Tech Republic Security

Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose.

article thumbnail

ISP Security: Do We Expect Too Much?

Dark Reading

With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need?

142
142
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Consumers share their top frustrations about online retail purchasing

Tech Republic Security

People say they've abandoned purchases at online retail stores because of the hassle of dealing with passwords, according to the FIDO Alliance.

Retail 111
article thumbnail

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks

Threatpost

While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks - from phishing to ransomware.

article thumbnail

A flaw in GO SMS Pro App allows accessing media messages

Security Affairs

An unpatched security flaw in GO SMS Pro, a popular messaging app for Android with over 100 million installs, exposes media messages. GO SMS Pro is a popular Android messaging app with over 100 million installs, that has been found to be affected by an unpatched security flaw that publicly exposes media transferred between users. An unauthenticated attacker could exploit the flaw to access any sensitive media shared between users of the app, including private voice messages, photos, and videos.

Media 101
article thumbnail

Weaponizing Open Source Software for Targeted Attacks

Trend Micro

How are open-source software trojanized? How can we detect them? To answer these questions, let us walk through a recent investigation we conducted that involved this file type.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk

Threatpost

Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices.

IoT 120
article thumbnail

Anti-adversarial machine learning defenses start to take root

InfoWorld on Security

Much of the anti-adversarial research has been on the potential for minute, largely undetectable alterations to images (researchers generally refer to these as “noise perturbations”) that cause AI’s machine learning (ML) algorithms to misidentify or misclassify the images. Adversarial tampering can be extremely subtle and hard to detect, even all the way down to pixel-level subliminals.

article thumbnail

Is Your iPhone Secretly Tracking You?

SecureWorld News

Apple has recently been running an ad campaign about its new iPhone and the privacy protection built right in. The company says, " Some things shouldn't be shared. That's why iPhone is designed to help give you control over your information and protect your privacy.". But is your sensitive information as private as Apple claims? A new complaint filed in the EU says the answer to that question is no.

article thumbnail

Food-Supply Giant Americold Admits Cyberattack

Threatpost

A reported ransomware attack took down operations at the company, which in talks for COVID-19 vaccine-distribution contracts.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Holiday Cybercrime: Retail Risks and Dark Web Kicks

Digital Shadows

The holidays are right around the corner, and you know what that means – more calories and significant price drops. The post Holiday Cybercrime: Retail Risks and Dark Web Kicks first appeared on Digital Shadows.

Retail 92
article thumbnail

New Proposed DNS Security Features Released

Dark Reading

Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.

DNS 107
article thumbnail

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

Threatpost

Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.

article thumbnail

Telos Goes Public

Dark Reading

Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.

Marketing 107
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.