Fri.Sep 25, 2020

article thumbnail

Who is Tech Investor John Bernard?

Krebs on Security

John Bernard , the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups , appears to be a pseudonym for John Clifton Davies , a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.

Scams 191
article thumbnail

CEO of NS8 Charged with Securities Fraud

Schneier on Security

The founder and CEO of the Internet security company NS8 has been arrested and “charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud.” I admit that I’ve never even heard of the company before.

Internet 183
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SpyCloud and CyberDefenses join forces on election security effort

Tech Republic Security

A cybersecurity company providing services to one in five election jurisdictions across the United States has teamed up with another company to beef up digital protections.

article thumbnail

Source Code of Windows XP, Server 2003 leaked

Security Affairs

The source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on bulletin board website 4chan. The source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on the bulletin board website 4chan. This is the first time that the source code of Microsoft’s 19-year-old operating system was leaked online.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Facebook removes a slew of accounts ahead of the US election

Tech Republic Security

These campaigns used tailored messages to target audiences around the globe. As part of the announcement, Facebook also details account followers and advertising spending pertaining to these efforts.

article thumbnail

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes. The configuration of the VPN solutions is important to keep organizations secure and to avoid dangerous surprises.

VPN 111

More Trending

article thumbnail

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Security Affairs

Cisco patched 34 high-severity flaws affecting its IOS and IOS XE software, some of them can be exploited by a remote unauthenticated attacker. Cisco on Thursday released security patches for 34 high-severity vulnerabilities affecting its IOS and IOS XE software. The IT giant issued 25 advisories as part of the September 2020 semiannual IOS and IOS XE Software Security Advisory Bundled Publication.

article thumbnail

6 Things to Know About the Microsoft 'Zerologon' Flaw

Dark Reading

Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.

108
108
article thumbnail

CISA says federal agency compromised by malicious cyber actor

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and exfiltrated data. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and threat actors exfiltrated data. CISA published a detailed incident report related to the incident but didn’t disclose the name of the hacked agency.

VPN 93
article thumbnail

RASP 101: Staying Safe With Runtime Application Self-Protection

Dark Reading

The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.

87
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Twitter warns developers of possible API keys leak

Security Affairs

Twitter is warning developers that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. Twitter is sending emails to developers to warn them that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. According to the social media firm, the browser used by developers may have cached the sensitive data while accessing certain pages on developer.twitter.com.

article thumbnail

Navigating the Asia-Pacific Threat Landscape: Experts Dive In

Dark Reading

At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.

86
article thumbnail

Polish police shut down major group of hackers in the country

Security Affairs

Polish police dismantled a major group of hackers that was behind several criminal activities, including ransomware attacks, and banking fraud. Polish authorities have dismantled a major hacker group that was involved in multiple cybercrime activities, including ransomware attacks, malware distribution, SIM swapping, banking fraud, running rogue online stores, and even making bomb threats at the behest of paying customers.

article thumbnail

Getting Over the Security-to-Business Communication Gap in DevSecOps

Dark Reading

Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.

97
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Ring’s Flying In-Home Camera Drone Escalates Privacy Worries

Threatpost

Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.

article thumbnail

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

In the last post of AST Guide for the Disenchanted , we identified the minimum appsec risks that need to be addressed as a part of your DevSecOps pipeline. The two risks are: known and unknown vulnerabilities. In today’s post, we’ll focus on how software composition analysis can help you address those known vulnerabilities. You are what you eat.

article thumbnail

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

Threatpost

An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.

article thumbnail

The Best Chrome Extensions to Prevent Creepy Web Tracking

WIRED Threat Level

Ad trackers follow you everywhere online—but it doesn’t have to be that way.

74
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

FortiGate VPN Default Config Allows MitM Attacks

Threatpost

The client's default configuration for SSL-VPN has a certificate issue, researchers said.

VPN 99
article thumbnail

Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging

Schneier on Security

I thought the virus doesn’t survive well on food packaging : Authorities in China’s northeastern Jilin province have found the novel coronavirus on the packaging of imported squid, health authorities in the city of Fuyu said on Sunday, urging anyone who may have bought it to get themselves tested. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

215
215
article thumbnail

Industrial Cyberattacks Get Rarer but More Complex

Threatpost

The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.

IoT 84