July, 2022

Facebook Is Now Encrypting Links to Prevent URL Stripping

Schneier on Security

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties.

“Cybersecurity For Dummies” Second Edition Now Available

Joseph Steinberg

The second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Experian, You Have Some Explaining to Do

Krebs on Security

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs.

Writing the perfect resignation letter

Javvad Malik

Over here in the UK we’ve had dozens of MPs (members of parliament) tender their resignation over the last day or so. While I’m not interested in politics, seeing so many resignation letters did provide me with the template to create the perfect letter. It consists of a few steps.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

What Is a Firewall and Do you Need One?

Adam Levin

A firewall is a network security device or program designed to prevent unauthorized and malicious internet traffic from entering a private network or device.

Where Next for Quantum Computing and Cybersecurity?

Lohrman on Security

We’ve been hearing about upcoming breakthroughs with quantum computing technology for several years, so what’s the latest from around the world

More Trending

What Exactly is CyberSecurity?

Joseph Steinberg

CyberSecurity. The word may sound simple enough to easily define; but, in reality, it is not.

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

The Last Watchdog

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. Related: Deploying human sensors. Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website. The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S.

Weekly Update 305

Troy Hunt

I broke Yoda's stick! 3D printing woes, and somehow I managed to get through the explanation without reverting to a chorus of My Stick by a Bad Lip Reading (and now you'd got that song stuck in your head).

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Cyber Attacks Against Critical Infrastructure Quietly Increase

Lohrman on Security

Despite the lack of major headline-grabbing cyber attacks against U.S. critical infrastructure so far in 2022, our global cyber battles continue to increase

Critical Vulnerabilities in GPS Trackers

Schneier on Security

This is a dangerous vulnerability: An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720 , a GPS tracker that sells for about $20 and is widely available.

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Joseph Steinberg

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption.

Risk 225

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

The 911 service as it exists today.

VPN 247

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the ‘101’ for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all the contributing factors that make the company tick? Related: We’re in the golden age of cyber espionage.

Microsoft sent you a USB stick – what would you do?

Javvad Malik

I saw this post on linkedin and was part disgusted, but also slightly admired the professionalism and thought that went into this scam. An unsuspecting victim was sent a USB drive that for all intents and purposes looked like it came from Microsoft. The packaging and logo all looks legit.

Scams 158

How Can I Get a Job in Cybersecurity?

Lohrman on Security

The questions I am most often asked, both online and in person at conferences and other events, surround how people can break into the cybersecurity field for the first time

Security Vulnerabilities in Honda’s Keyless Entry System

Schneier on Security

Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Joseph Steinberg

Apple last week announced new security features specifically intended to offer “specialized additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware.”.

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

The 911 service as it existed until July 28, 2022. re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations.

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

The Last Watchdog

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say.

Mobile 175

MVP Award 12

Troy Hunt

11 years now, wow 😲 It's actually 11 and a bit because it was April Fool's Day in 2011 that my first MVP award came through. At the time, I referred to myself as "The Accidental MVP" as I'd no expectation of an award, it just came from me being me.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

New Business Email Compromise Schemes Add Vendor Deception

Lohrman on Security

Like other forms of cyber crime, business email compromise is growing and evolving. Here’s what you need to know

192
192

Securing Open-Source Software

Schneier on Security

Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards.

Disneyland’s Facebook & Instagram Accounts Defaced With Vulgar Racist Content – But We Can Laugh At The Attacker’s Claim Of Being A “Super Hacker”

Joseph Steinberg

A mischievous hacker, or group of hackers, took over Disneyland’s official Instagram and Facebook accounts earlier today, and, apparently, defaced them both with a series of profane and racist posts.

Microsoft Patch Tuesday, July 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited.

GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drives

The Last Watchdog

Cybersecurity poses a risk to all businesses. Related: Biden moves to protect critical infrastructure. Dataprot reports that 59 percent of Americans have experienced cybercrime in the past. An estimate stated that $6 trillion worth of damage was caused by cybercrime in 2022, making it vital for businesses to securely destroy data. Deleting information from a hard disk drive (HDD) is not enough. Hackers can recover data from physical drives, even when the information has been removed.

Rolling Pwn lets you drive a Honda without the keys!?

Javvad Malik

The Rolling Pwn vulnerability can be used against some keyless Honda’s to unlock, start and drive off. It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass).

IoT 158

Welcoming the Polish Government to Have I Been Pwned

Troy Hunt

Continuing the rollout of Have I Been Pwned (HIBP) to national governments around the world, today I'm very happy to welcome Poland to the service! The Polish CSIRT GOV is now the 34th onboard the service and has free and open access to APIs allowing them to query their government domains.

San Francisco Police Want Real-Time Access to Private Surveillance Cameras

Schneier on Security

Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

Anton on Security

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 ).

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database.

Adware 194