Krebs on Security
MARCH 12, 2020
Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.
Troy Hunt
MARCH 12, 2020
I hate dodgy WiFi, hate it with a passion. I finally lost my mind with it a few years ago now so I went and shelled out good money on the full suite of good Ubiquiti gear. I bought a security gateway to do DHCP, a couple of switches for all my connected things, 5 access points for my wireless things and a Cloud Key to control them all. I went overboard and I don't regret it one bit!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 16, 2020
The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened separately when going through security.
The Last Watchdog
MARCH 16, 2020
Many companies take an old-school approach to bringing up the rear guard, if you will, when it comes to protecting IT assets. It’s called network segmentation. The idea is to divide the network up into segments, called subnetworks, to both optimize performance as well as strengthen security. Related: A use case for endpoint encryption At RSA 2020 in San Francisco recently, I learned about how something called “micro segmentation” is rapidly emerging as a viable security strategy.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Adam Shostack
MARCH 17, 2020
The current situation is scary and anxiety-provoking, and I can’t do much to fix that. One thing I can do is give people a chance to learn, and so I’m making my Linkedin Learning classes free this week. (I’m told that each class is free for the day, so you’ll need to watch each within a day of starting the course.). These links should open the courses (and as I understand it, start the clock).
Daniel Miessler
MARCH 22, 2020
I’ve thought for a long time that public video feed monitoring would become ubiquitous. My basis for this was looking at humans ultimately desire, not at the tech itself. When I hear crazy long-term predictions I always think two things: either the prediction is going to be obvious, or it’s going to be wrong. I think my approach is different in a subtle and powerful way.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
MARCH 2, 2020
This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at : Have I Been Pwned is no longer being sold and I will continue running it independently. After 11 months of a very intensive process culminating in many months of exclusivity with a party I believed would ultimately be the purchaser of the service, unexpected changes to their business model made the deal infeasible.
Schneier on Security
MARCH 13, 2020
Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it's really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a "National Commission on Online Child Sexual Exploitation Prevention" tasked with developing "best practices" for owners of Internet platforms to "prevent, reduce, and respond" to child exploitation.
Adam Levin
MARCH 23, 2020
Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts. You can also create an extra firewall by configuring your router to block unwanted incoming internet traffic. Secure Your Webcam: If you’re using an external webcam for videoconferences, disconnect it when you’re not using it.
The Last Watchdog
MARCH 11, 2020
Speed is what digital transformation is all about. Organizations are increasingly outsourcing IT workloads to cloud service providers and looking to leverage IoT systems. Related: The API attack vector expands Speed translates into innovation agility. But it also results in endless ripe attack vectors which threat actors swiftly seek out and exploit.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
MARCH 26, 2020
Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.
Krebs on Security
MARCH 10, 2020
FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kirill V. Firsov was arrested Mar. 7 after arriving at New York’s John F. Kennedy Airport, according to court documents unsealed Monday.
Troy Hunt
MARCH 22, 2020
Strange times, these. But equally, a time to focus on new things and indeed a time to pursue experiences we might not have done otherwise. As Ari now spends his days learning from home, I wanted to really start focusing more on his coding not just for his own benefit, but for all the other kids out there who are in the same home-bound predicament he now finds himself in.
Schneier on Security
MARCH 30, 2020
The trade-offs are changing : As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder the virus even as the surveillance efforts threaten to alter the precarious balance between public safety and personal privacy on a global s
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Adam Levin
MARCH 18, 2020
The worldwide Covid-19 pandemic has created a massive strain on hospitals and medical facilities. In response to this, many medical professionals are taking elective and non-life-threatening appointments online. “We’re really ramping up telehealth, especially for elderly patients to limit their exposure, while still taking care of their medical needs,” says Dr.
The Last Watchdog
MARCH 31, 2020
DevOps is now table stakes for any company hoping to stay competitive. Speed and agility is the name of the game. And everyone’s all-in. Related: A firewall for microservices DevSecOps arose to insert security checks and balances into DevOps, aiming to do so without unduly degrading speed and agility. If you’re thinking that speed and security are like oil and water, you’re right.
Tech Republic Security
MARCH 26, 2020
New data from Barracuda shows cybercriminals are taking advantage of people's concerns during the COVID-19 pandemic.
Krebs on Security
MARCH 25, 2020
Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Troy Hunt
MARCH 18, 2020
Under normal circumstances, we'd be sitting on a stage, beers in hands and doing our (I think we can use this term now) "world famous" Cyber-broken talk. It's like Top gear for nerds. @troyhunt #NDCLondon pic.twitter.com/wxzhM6uOCG — HarryMiller (@HarryMillerr) January 31, 2019 Scott and I have been doing these for a couple of years now, initially as a bit of a space-filler at NDC Security on the Gold Coast.
Schneier on Security
MARCH 10, 2020
Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out : All this raises a question, though: just how bad is the CIA's security that it wasn't able to keep Schulte out, even accounting for the fact that he is a hacking and computer specialist?
Adam Levin
MARCH 9, 2020
While ransomware and leaky or completely unprotected databases dominated headlines in 2019, e-skimmers quietly made a killing. A major e-skimming compromise was discovered on Macy’s website at the start of the holiday season in which hackers captured the payment information of a number of online shoppers. The retailer wasn’t alone. American Outdoor Brands, Puma, Ticketmaster UK, British Airways, Vision Direct, Newegg, and many, many others were also infected by e-skimmers.
The Last Watchdog
MARCH 2, 2020
Security information and event management (SIEM) is evolving and integrating with security orchestration, automation, and response (SOAR) to add real value in the cybersecurity space. Related : How SOAR Is Helping to Address the Cybersecurity Skills Gap SIEM is useful for detecting potential security incidents and triggering alerts, but the addition of a SOAR solution brings these alerts to another level by triaging the data and adopting remediation measures where required.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
MARCH 23, 2020
The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4.
Krebs on Security
MARCH 20, 2020
Finastra , a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.
Troy Hunt
MARCH 4, 2020
Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from previous data breaches from being used again and subsequently, putting their customers at heightened risk.
Schneier on Security
MARCH 19, 2020
SANS has made freely available its " Work-from-Home Awareness Kit.". When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Levin
MARCH 23, 2020
Covid-19 is increasing the number of employees working from home, and more businesses are relying on video conferences as a means of keeping in regular communication. . Follow these tips to make sure your webcam isn’t compromising your privacy and your data: Unplug/disable your camera when it’s not in use: If you’re using an external camera, don’t just turn it off when you’re not in a conference–unplug it completely.
The Last Watchdog
MARCH 6, 2020
Cyber threats now command the corporate sector’s full attention. It’s reached the point where some CEOs have even begun adjusting their personal online habits to help protect themselves, and by extension, the organizations they lead. Corporate consultancy PwC’s recent poll of 1,600 CEOs worldwide found that cyber attacks are now considered the top hinderance to corporate performance, followed by the shortage of skilled workers and the inability to keep up with rapid tech advances.
Tech Republic Security
MARCH 19, 2020
Security company is using thermal imaging and AI to identify people with a temperature of 100 degrees.
Krebs on Security
MARCH 3, 2020
Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Expert insights. Personalized for you.
364 
Let's personalize your content