Troy Hunt

AUGUST 6, 2020

I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there: But one of them is literally called “Secure VPN”, how is this possible?! “Are You Using These VPN Apps? Personal Info Of 20 Million Users Leaked: That’s 1.2TB Data” [link] — Troy Hunt (@troyhunt) July 20, 2020 VPNs are a great example of where a tool can be us

VPN 302

VPN Marketing Encryption 302

Schneier on Security

AUGUST 6, 2020

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance. When location exposure could be detrimental to a mission, users should prioritize mission risk and apply location tracking mitigations to the greatest e

Risk 261

Risk Wireless Mobile Cybersecurity 261

Tech Republic Security

AUGUST 6, 2020

Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research.

175

175

Elie

AUGUST 6, 2020

This talk showcases SCALD, our tool that leverages deep-learning explainability and dynamic execution to automatically find which parts of a crypto-hardware implementation is responsible for leaking the information exploited by side-channel attacks.

118

118

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 6, 2020

Despite the FBI announcement, hospitals, schools, and government offices across the world still use Windows 7.

Government 196

Government 196

Security Affairs

AUGUST 6, 2020

Threat actors can abuse Microsoft Teams updater to retrieve and execute malicious code from a remote location. Security experts from Trustwave detailed the Living Off the Land technique that could allow a threat actor to abuse the MS Teams Updater to download any binary or malicious payload from a remote server. The bad news is that the issue could not be easily addressed because it is a design flaw.

Advertising 121

Advertising Hacking Malware 121

Security Affairs

AUGUST 6, 2020

The FBI warned private industry partners of risks impacting companies running Windows 7 after the Microsoft OS reached the end of life on January 14. The Federal Bureau of Investigation is warning companies running Windows 7 systems of the greater risk of getting hacked because the Microsoft OS has reached the end of life on January 14. Early this week, the FBI has sent a private industry notification (PIN Number 20200803-002) to partners in the US private sector. “The FBI has observed cyb

Cyber Attacks 117

Cyber Attacks Healthcare Firewall Advertising 117

Threatpost

AUGUST 6, 2020

Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.

Hacking 125

Hacking 125

WIRED Threat Level

AUGUST 6, 2020

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.

Software 140

Software Hacking 140

Threatpost

AUGUST 6, 2020

The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems, reportedly thanks to the Maze gang.

Ransomware 124

Ransomware Malware Hacking 124

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

AUGUST 6, 2020

Netwalker ransomware operators breached the networks of Forsee Power , a well-known player in the electromobility market. A new company has been added to the list of the victims of the Netwalker ransomware operators, it is Forsee Power , which provides advanced lithium-ion battery systems for any mobility application. The industrial group is based in France and in the US USA, it is one of the market leaders in Europe, Asia, and North America with annual revenue of around $65 million and over 200

Ransomware 109

Ransomware VPN Advertising Marketing 109

Threatpost

AUGUST 6, 2020

Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.

Hacking 108

Hacking Internet Internet IoT 108

WIRED Threat Level

AUGUST 6, 2020

Meet the hackers who, this weekend, will try to commandeer an actual orbiter as part of a Defcon contest hosted by the Air Force and the Defense Digital Service.

Hacking 101

Hacking 101

Threatpost

AUGUST 6, 2020

At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users.

Mobile 113

Mobile 113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

AUGUST 6, 2020

The story of a guy who wouldn't let a few quintillion possible decryption keys stand between him and his cryptocurrency.

Cryptocurrency 112

Cryptocurrency 112

Dark Reading

AUGUST 6, 2020

Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.

Engineering 89

Engineering 89

WIRED Threat Level

AUGUST 6, 2020

Through deceptive designs known as “dark patterns,” online retailers try to nudge you toward purchases you wouldn’t otherwise make.

Retail 99

Retail 99

Threatpost

AUGUST 6, 2020

Black Hat 2020 session discusses how high-wattage connected devices like dishwashers and heating systems can be recruited into botnets and used to manipulate energy markets.

Marketing 83

Marketing IoT Technology Malware 83

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 6, 2020

Researchers Peleg Hader and Tomer Bar of SafeBreach share details of the three vulnerabilities they found in Windows Print Spooler that could allow an attacker to sneak into the network through an old printer service mechanism.

76

76

Threatpost

AUGUST 6, 2020

Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches.

Small Business 84

Small Business 84

Dark Reading

AUGUST 6, 2020

From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.

99

99

WIRED Threat Level

AUGUST 6, 2020

In an interview with WIRED, former national intelligence official Sue Gordon discusses Russian election interference and other digital threats to democracy.

75

75

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

AUGUST 6, 2020

It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.

Software 75

Software 75

SecureWorld News

AUGUST 6, 2020

When it comes to addressing cybersecurity, Microsoft's Bug Bounty program is putting its money where its mouth is. If it had a mouth. How much money did Microsoft pay in bug bounties? Microsoft paid out $13.7 million in the most recent year. That's a massive number on its own. But it's even more startling compared to what Microsoft has rewarded security researchers in the past.

Cybersecurity 52

Cybersecurity 52

Dark Reading

AUGUST 6, 2020

SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.

Ransomware 73

Ransomware Risk 73

SecureWorld News

AUGUST 6, 2020

Hackers and cybercriminals sell plenty of things on the dark web. One of those things? Prescription drugs. And a newly unsealed indictment in U.S. Federal Court reveals just how profitable a crime like that can be. Who was selling OxyContin on the dark web? The names? 44 year-old David Brian Pate, and 38 year-old Jose Luis Fung Hou. The men, both Costa Rican citizens and one with dual U.S. citizenship, have just been charged on the following counts: Conspiring with persons to distribute controll

Marketing 52

Marketing Cryptocurrency Cybercrime 52

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

AUGUST 6, 2020

Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.

90

90

Notice Bored

AUGUST 6, 2020

Seeing the term 'operational resilience' being bandied about right now, I thought I'd take a closer look, starting with the definitions. So what is 'operational resilience'? It is: " a set of techniques that allow people, processes and informational systems to adapt to changing patterns. It is the ability to alter operations in the face of changing business conditions.

Risk 52

Risk Banking Accountability Government 52

Dark Reading

AUGUST 6, 2020

Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.

90

90

The Security Ledger

AUGUST 6, 2020

In this episode of the podcast (#187), sponsored by Virsec, we talk with journalist and author Cory Doctorow of BoingBoing.net about the recent GE Filtergate incident and how DRM is invading our homes. Also, Satya Gupta the Chief Technology Officer of the firm VirSec joins us to talk about how application runtime monitoring is gaining traction in. Read the whole entry. » Related Stories Episode 186: Certifying Your Smart Home Security with GE Appliances and UL Spotlight Podcast: Two Decades

Artificial Intelligence 52

Artificial Intelligence Manufacturing Technology Internet 52

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.