Krebs on Security
MARCH 12, 2020
Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.
Troy Hunt
MARCH 12, 2020
I hate dodgy WiFi, hate it with a passion. I finally lost my mind with it a few years ago now so I went and shelled out good money on the full suite of good Ubiquiti gear. I bought a security gateway to do DHCP, a couple of switches for all my connected things, 5 access points for my wireless things and a Cloud Key to control them all. I went overboard and I don't regret it one bit!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 16, 2020
The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened separately when going through security.
Adam Shostack
MARCH 17, 2020
The current situation is scary and anxiety-provoking, and I can’t do much to fix that. One thing I can do is give people a chance to learn, and so I’m making my Linkedin Learning classes free this week. (I’m told that each class is free for the day, so you’ll need to watch each within a day of starting the course.). These links should open the courses (and as I understand it, start the clock).
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Daniel Miessler
MARCH 22, 2020
I’ve thought for a long time that public video feed monitoring would become ubiquitous. My basis for this was looking at humans ultimately desire, not at the tech itself. When I hear crazy long-term predictions I always think two things: either the prediction is going to be obvious, or it’s going to be wrong. I think my approach is different in a subtle and powerful way.
Adam Levin
MARCH 23, 2020
Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts. You can also create an extra firewall by configuring your router to block unwanted incoming internet traffic. Secure Your Webcam: If you’re using an external webcam for videoconferences, disconnect it when you’re not using it.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
MARCH 22, 2020
Strange times, these. But equally, a time to focus on new things and indeed a time to pursue experiences we might not have done otherwise. As Ari now spends his days learning from home, I wanted to really start focusing more on his coding not just for his own benefit, but for all the other kids out there who are in the same home-bound predicament he now finds himself in.
Tech Republic Security
MARCH 2, 2020
Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.
Security Affairs
MARCH 10, 2020
Today Microsoft accidentally leaked info about a new wormable vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol. Today Microsoft accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol. The issue, tracked as CVE-2020-0796 , is pre- remote code execution vulnerability that resides in the Server Message Block 3.0 (SMBv3) network communication protocol, the IT giant will not address the issue a
Thales Cloud Protection & Licensing
MARCH 19, 2020
The need to ensure the ability to work from anywhere is more important than ever. In today’s business environment, constant access to information and services is essential for communication and getting business done whether you are in sales, finance, marketing or the legal profession. This is especially true when we face global incidents like we face today.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Adam Levin
MARCH 18, 2020
The worldwide Covid-19 pandemic has created a massive strain on hospitals and medical facilities. In response to this, many medical professionals are taking elective and non-life-threatening appointments online. “We’re really ramping up telehealth, especially for elderly patients to limit their exposure, while still taking care of their medical needs,” says Dr.
Krebs on Security
MARCH 10, 2020
FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kirill V. Firsov was arrested Mar. 7 after arriving at New York’s John F. Kennedy Airport, according to court documents unsealed Monday.
Troy Hunt
MARCH 18, 2020
Under normal circumstances, we'd be sitting on a stage, beers in hands and doing our (I think we can use this term now) "world famous" Cyber-broken talk. It's like Top gear for nerds. @troyhunt #NDCLondon pic.twitter.com/wxzhM6uOCG — HarryMiller (@HarryMillerr) January 31, 2019 Scott and I have been doing these for a couple of years now, initially as a bit of a space-filler at NDC Security on the Gold Coast.
Tech Republic Security
MARCH 3, 2020
Cybercriminals are finding new ways to get malware on mobile devices, including abusing Android's accessibility features, according to a McAfee report.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
MARCH 16, 2020
While the Coronavirus is spreading in the U.S., a mysterious cyberattack hit the Department of Health and Human Services on Saturday. According to Bloomberg, that cited three people familiar with the matter, a cyberattack hit the U.S. Department of Health and Human Services on Saturday night. People cited by Bloomberg confirmed that the cyber attack aimed at slowing the agency’s systems down. “The U.S.
Thales Cloud Protection & Licensing
MARCH 6, 2020
Disconnecting from your mobile device, laptop or tablet can be as good as a holiday. Simply taking a pause from email and social media in favor of a good book or conversation is known to increase your mood and life satisfaction. But it’s also a chance to step back and re-evaluate our online usage. In my family, we regularly ‘unplug’ and use the opportunity to discuss cyber awareness and topics such as the risks to our family information, how we can improve personal safety, and what are we doing
WIRED Threat Level
MARCH 27, 2020
Kitboga has built a following by trolling telemarketers. Covid-19 opportunists have given him a whole new crop of targets.
Krebs on Security
MARCH 20, 2020
Finastra , a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Troy Hunt
MARCH 4, 2020
Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from previous data breaches from being used again and subsequently, putting their customers at heightened risk.
Tech Republic Security
MARCH 26, 2020
Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.
Security Affairs
MARCH 30, 2020
Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently to be tested.
Threatpost
MARCH 26, 2020
Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
MARCH 10, 2020
There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
Krebs on Security
MARCH 31, 2020
A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com.
Troy Hunt
MARCH 19, 2020
Subject: Data Breach of [your service] Hi, my name is Troy Hunt and I run the ethical data breach notification service known as Have I Been Pwned: [link]. People regularly send me data from compromised systems which are being traded amongst individuals who collect breaches. Recently, a collection of data allegedly taken from the [your service] was sent to me and I believe there’s a high likelihood your site was indeed hacked.
Tech Republic Security
MARCH 23, 2020
The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Security Affairs
MARCH 20, 2020
Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizati
ForAllSecure
MARCH 24, 2020
Introduction. For ForAllSecure, I’ve been focusing on finding bugs in OpenWRT using their Mayhem software. My research on OpenWRT has been a combination of writing custom harnesses, running binaries of the box without recompilation, and manual inspection of code.
Threatpost
MARCH 13, 2020
Organizations are sending employees and students home to work and learn -- but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.
Krebs on Security
MARCH 26, 2020
Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
364 
Let's personalize your content