July, 2020

article thumbnail

Thinking of a Cybersecurity Career? Read This

Krebs on Security

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.

article thumbnail

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

It took a global pandemic and the death of George Floyd to put deep-seated social inequities, especially systemic racism, front and center for intense public debate. Related: Will ‘blockchain’ lead to more equitable wealth distribution? We may or may not be on the cusp of a redressing social injustice by reordering our legacy political and economic systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Decade of Microsoft Most Valuable Professional

Troy Hunt

Last week, I received my 10th Microsoft Most Valuable Professional award. Being recognised as an MVP was a pivotal moment in my career and to continue receiving the award all these years later is an honour. Particularly given recent events that have made it exceptionally difficult to sustain community contributions , the recognition is particularly significant this year.

Media 267
article thumbnail

Russian Hackers Targeting Remote Workers

Adam Levin

A Russia-based hacking group is exploiting the current Covid-19 pandemic to target and compromise U.S. companies with multiple strains of malware, according to a new report. Cybersecurity firm Symantec released a warning that the Russian hacking group “Evil Corp” has been behind a widespread hacking campaign against over thirty U.S. organizations, including eight Fortune 500 companies.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Facebook data privacy scandal: A cheat sheet

Tech Republic Security

Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.

article thumbnail

Version 7 of the REMnux Distro Is Now Available

Lenny Zeltser

10 years after the initial release of REMnux , I’m thrilled to announce that REMnux version 7 is now available. This Linux distribution for malware analysis includes hundreds of new and classic tools for examining executables, documents, scripts, and other forms of malicious code. To start using REMnux v7, you can: Download REMnux as a virtual appliance Set up a dedicated REMnux system from scratch Add REMnux to an existing Ubuntu 18.04 host Run REMnux distro as a Docker container.

More Trending

article thumbnail

CISA warns organizations of cyberattacks from the Tor network

Security Affairs

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about cyberattacks from the Tor network. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) is warning enterprises of cyberattacks launched from the Tor network. Threat actors leverage the Tor network to hide the real source of their attacks and avoid that their C2 infrastructure could be identified and shut down by.

Risk 144
article thumbnail

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

WIRED Threat Level

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting.

Hacking 145
article thumbnail

Twitter Hack Update: What We Know (and What We Don’t)

Threatpost

With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.

Hacking 136
article thumbnail

87% of Americans view data privacy as a human right, but most still use risky security practices

Tech Republic Security

While 56% of Americans want more control over personal data, more than 40% said they reuse passwords, use public Wi-Fi, or save a credit card to an online store, KPMG found.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How You Can Write Better Threat Reports

Lenny Zeltser

Writing about cybersecurity threats, such as phishing campaigns, malware infections, and attack groups, is challenging for many reasons. How should you decide what details to include? How can you persuade the readers that your analysis is sound? How might you address the needs of multiple audiences? I’m happy to share what I’ve learned over the years about writing effective threat reports in the following 36-minute video.

article thumbnail

Business ID Theft Soars Amid COVID Closures

Krebs on Security

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.

article thumbnail

Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

Security Affairs

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link]. I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun. “We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers&#

article thumbnail

Hackers Broke Into Real News Sites to Plant Fake Stories

WIRED Threat Level

A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO.

Media 145
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Twitter Elite Accounts Are Hijacked in Unprecedented Cryptocurrency Scam

Threatpost

The Twitter accounts of Gates, Musk, Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts.

article thumbnail

COVID-19 has spurred businesses to migrate security operations to the cloud

Tech Republic Security

Companies have increased their reliance on cloud-based security platforms to protect sensitive data as a result of the coronavirus pandemic, according to a new survey.

213
213
article thumbnail

Sudden Rise in Email Based Ransomware Attacks

SecureWorld News

Phishing emails are increasingly attempting to launch ransomware attacks against organizations. This includes a newly discovered family, or strain of ransomware, called Avaddon. Proofpoint research: rise in email based ransomware. Throughout June, security researchers noticed an increase in email-based ransomware attacks. Proofpoint's Security Brief on the uptick notes how broad this shift has been: "Daily volumes ranged from one to as many as 350,000 messages in each campaign, and over one mill

article thumbnail

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Hacking 340
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. Cybersecurity researchers at Intezer spotted a new completely undetectable Linux malware , dubbed Doki , that exploits undocumented evasion techniques while targeting publicly accessible Docker servers.

article thumbnail

The Worst Hacks and Breaches of 2020 So Far

WIRED Threat Level

Iran, China, Russia—the gang was all here in the first half of this year. Oh, and also an unprecedented pandemic that’s been a boon for hackers.

Hacking 145
article thumbnail

Billions of Devices Impacted by Secure Boot Bypass

Threatpost

The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks.

IoT 133
article thumbnail

CISOs discuss cybersecurity in the COVID-19 environment

Tech Republic Security

A digital panel discussion sponsored by MIT's Sloan CIO Digital Learning Series covered a range of topics from protecting remote workers to phishing to how to manage risk.

CISO 207
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Unemployment Insurance Fraud and Identity Theft: Up Close and Personal

Lenny Zeltser

In June 2020, the Federal Trade Commission (FTC) warned that “imposters are filing claims for unemployment benefits [in the US], using the names and personal information of people who have not filed claims.” How do such scams look from the victim’s perspective, and what can you do if you’re affected? As a victim of this scheme, I’d like to share my experience.

article thumbnail

Here’s Why Credit Card Fraud is Still a Thing

Krebs on Security

Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here’s a look at the havoc that lag has wrought, as seen through the purchasing patterns at one of the underground’s biggest stolen card shops that was hacked last year.

article thumbnail

Google Tsunami vulnerability scanner is now open-source

Security Affairs

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data.

article thumbnail

Twitter Cracks Down on QAnon. Your Move, Facebook

WIRED Threat Level

Twitter's new policy won't make the conspiracy group disappear. But experts say it could dramatically reduce its ability to spread.

145
145
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Cisco Network Security Flaw Leaks Sensitive Data

Threatpost

The flaw exists in Cisco's network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software.

article thumbnail

Hackers will lurk in your email for more than a week after breaking in

Tech Republic Security

Beware - cybercriminals could be spending days rooting around in employee inboxes for information they can sell to other crooks, or use to mount further attacks.

213
213
article thumbnail

Rise of the Robots: How You Should Secure RPA

Dark Reading

Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?

120
120
article thumbnail

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and th

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.