Joseph Steinberg

NOVEMBER 30, 2021

Giving Tuesday has arrived… and, so have many criminals who seek to exploit people’s sense of generosity. While evildoers perpetrate charity-related scams throughout the year, they know that the holiday spirit in general, and the concentrated focus on charity on Giving Tuesday specifically, both improve their odds of success. During this time of year, therefore, we must be extra vigilant to ensure that our charity dollars reach proper destinations and actually do good, rather than enrich c

Scams 363

Scams Artificial Intelligence Media Cryptocurrency 363

Lohrman on Security

NOVEMBER 28, 2021

The world seems focused on new developments in artificial intelligence to help with a wide range of problems, including staffing shortages. But will AI help or harm security teams?

Artificial Intelligence 364

Artificial Intelligence 364

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones.

Internet 72

Internet Internet Authentication Telecommunications 72

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 362

Passwords 362

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Troy Hunt

NOVEMBER 17, 2021

Like most of my good ideas, this one came completely by accident. The other day I was packaging up some swag to send to the winner of my impromptu best "Anonymous" meme competition and I decided to share the following tweet: Time to ramp up the 3D @haveibeenpwned printing too, been giving away a heap of these! pic.twitter.com/ffZpM5aZtx — Troy Hunt (@troyhunt) November 14, 2021 And I was promptly hit by many, many requests for 3D printed HIBP logos.

72

72

The Last Watchdog

NOVEMBER 3, 2021

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity 278

Cybersecurity Data breaches Mobile Internet 278

Lohrman on Security

NOVEMBER 7, 2021

Not only is ransomware the top cybersecurity story in 2021, but new twists, turns and countermeasures keep coming. Here are the latest headlines and what news you need.

Ransomware 362

Ransomware Cybersecurity 362

Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Internet 364

Internet Internet Hacking Accountability 364

Schneier on Security

NOVEMBER 22, 2021

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.

Cryptocurrency 358

Cryptocurrency 358

Troy Hunt

NOVEMBER 19, 2021

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it. I've just watched this back and other than mucking around with the gain in the first part of the video, I reckon it's great.

Wireless 338

Wireless Mobile 338

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Last Watchdog

NOVEMBER 15, 2021

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Cyber Risk 268

Cyber Risk Risk Artificial Intelligence Cyber threats 268

Joseph Steinberg

NOVEMBER 15, 2021

Email serves as one of the primary mechanisms of communication within the Western world – yet, decades after it first appeared on the scene, email still remains a source of security headaches. There has likely not been a single hour during the last decade, for example, during which criminals did not carry out successful phishing-based attacks by exploiting the inherent lack of security within standard and ubiquitous email technology.

Phishing 246

Phishing Artificial Intelligence Technology Scams 246

Lohrman on Security

NOVEMBER 14, 2021

The newly approved federal infrastructure deal brings with it a great holiday present for state and local governments: dedicated cyber funding. Here’s the history, and the future, of cyber grants.

Government 361

Government 361

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Banking 363

Banking Phishing Scams Accountability 363

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Schneier on Security

NOVEMBER 1, 2021

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog : We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic.

Engineering 356

Engineering 356

Troy Hunt

NOVEMBER 28, 2021

It's been a busy week with lots of little bits and pieces demanding my attention. Coding, IoT'ing, 3D printing and a milestone academic event for Ari: Primary school - done! pic.twitter.com/IvUt6lBJRr — Troy Hunt (@troyhunt) November 24, 2021 No major things in this weeks update, but plenty of things on all the above topics and more.

Password Management 298

Password Management IoT Passwords 298

The Last Watchdog

NOVEMBER 8, 2021

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers. However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, sto

Healthcare 268

Healthcare Technology Architecture IoT 268

Javvad Malik

NOVEMBER 3, 2021

I’ve seen VC’s fund many security and tech startups. Lots of the ideas are rubbish, so I’ve come up with my own ideas that aren’t rubbish so VC’s can fund me instead. Don’t steal any of my ideas or I will sue you! Take a human skull and 3D print an eyeball on it, add Linux to the inside where the brain would be. Website uses photo of person looking out from screen with windows environment running, call this cyberSURVIVOR.

Cybersecurity 235

Cybersecurity 235

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Lohrman on Security

NOVEMBER 21, 2021

As global travel returns, airline rules, checks and tests are hard to track. But get ready for more as travel returns for the holidays and 2022. Here’s the latest.

340

340

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer.

Scams 362

Scams Banking Passwords Authentication 362

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” It’s pretty good.

Risk 353

Risk Cybersecurity 353

Tech Republic Security

NOVEMBER 29, 2021

Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.

218

218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

NOVEMBER 22, 2021

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Passwords 244

Passwords Password Management Accountability Data breaches 244

Javvad Malik

NOVEMBER 22, 2021

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. But I do observe CISO’s very closely, and as a result I have figured out how to be an awesome CISO.

CISO 195

CISO Risk Firewall Cybersecurity 195

Daniel Miessler

NOVEMBER 14, 2021

If you’re on InfoSec Twitter You’ve probably seen the recent iteration of the neverending debate around degrees, certs, and InfoSec. Basically, one side argues that you need college to be taken seriously in security, and the other side says nuh-uh! and proceed to give lots of examples of people without a degree. Let me try to express something that applies to much more than this topic: When you have debates with people making good points that are backed by evidence, the answer is likely that the

InfoSec 168

InfoSec Cybersecurity Information Security 168

Krebs on Security

NOVEMBER 17, 2021

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America. In 2018, the American Registry for Internet Numbers (ARIN), which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean, notified Charleston, S.C. b

Internet 358

Internet Internet VPN Marketing 358

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

NOVEMBER 24, 2021

Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.

Spyware 351

Spyware Hacking Government Malware 351

Tech Republic Security

NOVEMBER 28, 2021

You'll never get a better deal on self-paced courses that can teach you the skills necessary to become a cybersecurity analyst, so start training now and switch to a new career in 2022.

Cybersecurity 218

Cybersecurity 218

The Last Watchdog

NOVEMBER 30, 2021

Application Programming Interface. APIs. Where would we be without them? Related: Supply-chain exposures on the rise. APIs are the snippets of code that interconnect the underlying components of all the digital services we can’t seem to live without. Indeed, APIs have opened new horizons of cloud services, mobile computing and IoT infrastructure, with much more to come.

Big data 240

Big data Digital transformation Accountability Hacking 240

Javvad Malik

NOVEMBER 18, 2021

If you’ve been on LinkedIn recently, you’ve probably seen your feed littered with polling questions. It could be something simple as, “which of these items do you like for breakfast” or something more specific such as, “Zero Trust is good because…” Either way, I have a bit of an issue with how these are framed, run, and subsequently interpreted.

Firewall 182

Firewall Data breaches Marketing Risk 182

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams