Krebs on Security

MAY 16, 2020

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around the United States on Thursday says the ring has been filing unemployment claims in different states using Social Security numbers

Insurance 363

Insurance Banking Identity Theft Accountability 363

Adam Levin

MAY 1, 2020

Cybercriminals are actively targeting Covid-19 hotspots with malware and phishing campaigns, according to a new report from Bitdefender. The report, “ Coronavirus-themed Threat Reports Haven’t Flattened the Curve ,” shows a direct correlation between confirmed Covid-19 cases and malware attacks exploiting the crisis. These findings confirm a similar report that showed a 30000% increase in Covid-19-themed attacks from January to March.

Scams 296

Scams Malware Phishing Threat Reports 296

The Last Watchdog

MAY 21, 2020

When it was first introduced, device fingerprinting – or online fingerprinting in general – was meant to create a safer, more responsible internet. The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability. Related: Why Satya Nadella calls for regulation of facial recognition systems The concept itself is still very much relevant today.

Advertising 288

Advertising Internet Internet Accountability 288

Schneier on Security

MAY 1, 2020

I was quoted in BuzzFeed: "My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful?

Media 363

Media Internet Internet Government 363

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 20, 2020

These postings provide cybercriminals with the information needed to hack into networks where they can infect critical machines with malware, according to Positive Technologies.

Technology 218

Technology Malware Hacking 218

Security Affairs

MAY 29, 2020

Security experts from Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. A few weeks ago, threat intelligence firm Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. According to the experts, the leak includes government data of an entire country, it was leaked online by a reputable actor that goes online with moniker ‘Toogod.”. “A few weeks ago, our researchers came across a leaked databa

Advertising 141

Advertising Data breaches Government Information Security 141

WIRED Threat Level

MAY 31, 2020

Law enforcement has more tools than ever to track your movements and access your communications. Here's how to protect your privacy if you plan to protest.

Surveillance 145

Surveillance 145

The Last Watchdog

MAY 13, 2020

Chief Information Security Officers were already on the hot seat well before the COVID-19 global pandemic hit, and they are even more so today. Related: Why U.S. cybersecurity policy needs to match societal values CISOs must preserve and protect their companies in a fast-changing business environment at a time when their organizations are under heavy bombardment.

CISO 261

CISO Cybersecurity Digital transformation Risk 261

Dark Reading

MAY 26, 2020

Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your organization has fallen victim and is going to pay. Here's how to handle it.

Ransomware 135

Ransomware 135

Tech Republic Security

MAY 15, 2020

Spoofing government and health organizations, these templates help attackers create and customize their own phishing pages to exploit the COVID-19 pandemic, says Proofpoint.

Phishing 217

Phishing Government 217

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MAY 31, 2020

The hacktivist collective group Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck for more than eight minutes. We are interventionist.

Hacking 140

Hacking Advertising Passwords Internet 140

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches.

Passwords 334

Passwords Accountability Hacking Password Management 334

Threatpost

MAY 8, 2020

The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer platform, which it owns.

Hacking 143

Hacking Accountability Data breaches Phishing 143

WIRED Threat Level

MAY 28, 2020

In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim.

Hacking 137

Hacking 137

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

InfoWorld on Security

MAY 26, 2020

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

143

143

Tech Republic Security

MAY 19, 2020

Many on the dark web are expressing the same thoughts and fears about COVID-19 as everyone else, while others are looking for ways to profit from it, says Trustwave.

217

217

Security Affairs

MAY 29, 2020

Threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks, Kaspersky reported. Researchers from Kaspersky’s ICS CERT unit reported that threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks. The experts first observed the attacks in early 2020, while in early May, threat actors targeted organizations in Japan, Italy, Germany and the UK.

Phishing 137

Phishing Malware Advertising Encryption 137

Krebs on Security

MAY 26, 2020

A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division.

Government 333

Government Media 333

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

MAY 15, 2020

A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.

Malware 123

Malware Hacking 123

WIRED Threat Level

MAY 21, 2020

In the few short years since his time in Congress, the secretary of state has conveniently reversed himself on multiple fronts.

145

145

Dark Reading

MAY 21, 2020

Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?

118

118

Tech Republic Security

MAY 20, 2020

Available online classes include ways to upgrade your resume, add to current skills, or land a better job. Here are some of the top places to go to find eLearning courses.

212

212

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Banco BCR has equity of $806,606,710 and assets of $7,607,483,881, it is one of the most solid banks in Central America.

Ransomware 139

Ransomware Banking Cyber Insurance Advertising 139

Krebs on Security

MAY 23, 2020

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S. states struggle to combat a tsunami of phony Pandemic Unemployment Assistance (PUA) claims.

Insurance 323

Insurance Accountability Banking Government 323

Threatpost

MAY 1, 2020

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.

Phishing 143

Phishing Mobile Hacking 143

WIRED Threat Level

MAY 10, 2020

The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and affects any PC manufactured before 2019.

Manufacturing 118

Manufacturing Hacking 118

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Dark Reading

MAY 22, 2020

With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?

Accountability 132

Accountability 132

Tech Republic Security

MAY 6, 2020

The rapid move to remote working has left many businesses more vulnerable to cybersecurity threats, with nearly half saying they've encountered at least one scare as a direct result of the shift.

Cybersecurity 208

Cybersecurity 208

Security Affairs

MAY 23, 2020

Officials revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims. The Florida Department of Economic Opportunity revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims. It has notified 98 people that have been impacted by the incident, government representatives didn’t disclose when the breach took place either the number of the affected indivi

Data breaches 137

Data breaches Advertising Government Hacking 137

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals.

Malware 306

Malware Cybercrime Ransomware Marketing 306

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity