Schneier on Security

SEPTEMBER 29, 2020

As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly.

Hacking 363

Hacking IoT Engineering Internet 363

Krebs on Security

SEPTEMBER 17, 2020

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

Antivirus 363

Antivirus Hacking Software Government 363

Troy Hunt

SEPTEMBER 3, 2020

You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway. Huh? Isn't the whole point of encryption that it protects data when exposed to unintended parties? Ah, yes, but it wasn't encrypted it was hashed and therein lies a key difference: Saying that passwords are “encrypted” over and over again doesn’t make it so.

Passwords 364

Passwords Encryption Data breaches Risk 364

Daniel Miessler

SEPTEMBER 27, 2020

Threat modeling is a superpower. When done correctly it gives you the ability to adjust your defensive behaviors based on what you’re facing in real-world scenarios. And not just for applications, or networks, or a business—but for life. The Difference Between Threats and Risks. This type of threat modeling is a life skill, not just a technical skill.

VPN 326

VPN Risk Hacking Encryption 326

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Adam Levin

SEPTEMBER 1, 2020

Databases containing the personal information of millions of U.S. voters have appeared on Russian hacking forums. According to Russian news outlet Kommersant , a hacker called Gorka9 has posted the personal information of several million registered voters in Michigan, Arkansas, Connecticut, Florida, and South Carolina.The data includes names, birthdates, gender, mailing addresses, email addresses and polling station numbers.

Hacking 281

Hacking Cyber Attacks Authentication Government 281

Tech Republic Security

SEPTEMBER 28, 2020

Assessing the security posture of devices is an important part of securing data and communications. Follow these steps to make sure you do it correctly.

Cybersecurity 218

Cybersecurity 218

Krebs on Security

SEPTEMBER 29, 2020

Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft ‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen , two companies that together handle 911 calls for a broad swath of the Uni

Telecommunications 362

Telecommunications Software 362

Troy Hunt

SEPTEMBER 11, 2020

The highlight of my week was absolutely getting the Shelly 1 units behind a couple of my light switches working as I'd always dreamed. It just opens up so many automation possibilities that I'm really excited about what I might do in the future with them now. When I get the place to a standard I'm happy with, I'll definitely do a good walkthrough and show how it all works.

InfoSec 277

InfoSec 277

Security Affairs

SEPTEMBER 29, 2020

The French maritime transport and logistics giant CMA CGM S.A. revealed it was the victim of a malware attack that affecting some servers on its network. CMA CGM S.A. , a French maritime transport and logistics giant, revealed that a malware attack affected some servers on its network. The company is present in over 160 countries through 755 offices and 750 warehouses with 110,000 employees and 489 vessels.

Ransomware 145

Ransomware Malware Advertising Cyber Attacks 145

Adam Levin

SEPTEMBER 4, 2020

The controversial collection of details on billions of American phone calls by the National Security Agency (NSA) was illegal and possibly unconstitutional, according to a ruling by a federal appeals court. Under the NSA program, information and metadata from calls placed by U.S. citizens were collected in bulk and screened for possible connections to terrorist activity.

Surveillance 260

Surveillance Data collection Government Cybersecurity 260

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

SEPTEMBER 28, 2020

The Joker malware has been a persistent thorn in Google's side as it keeps popping up in shady apps to infect users of the Google Play store.

Malware 218

Malware 218

Schneier on Security

SEPTEMBER 11, 2020

Harvard Kennedy School’s Belfer Center published the “ National Cyber Power Index 2020: Methodology and Analytical Considerations.” The rankings: US China UK Russia Netherlands France Germany Canada Japan Australia. We could — and should — argue about the criteria and the methodology, but it’s good that someone is starting this conversation.

Surveillance 363

Surveillance Government 363

Krebs on Security

SEPTEMBER 16, 2020

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. The Justice Department unsealed indictments against Russian nationals Danil Potekhin and Dmitirii Karasavidi , alleging the duo was responsible for a sophisticated phishing and money laundering campaig

Cryptocurrency 362

Cryptocurrency Phishing Accountability Cybercrime 362

Troy Hunt

SEPTEMBER 4, 2020

I kicked off a little bit earlier on this one in order to wrap up before the Burning Minds keynote, and it's interesting to see just how much difference that little sliver of sunlight makes to the video quality. Check the very start of the video versus the very end; this is the sunset slipping through the crack in the fully drawn blinds, make a massive difference.

Passwords 261

Passwords Encryption Risk 261

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

SEPTEMBER 26, 2020

Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them. According to telecoms firm Magyar Telekom, the attack took place on Thursday and was launched from servers in Russia, China and Vietnam.

DDOS 145

DDOS Banking Telecommunications Advertising 145

Adam Levin

SEPTEMBER 22, 2020

The personal information of 540,000 sports referees, league officials, and school representatives has been compromised following a ransomware attack targeting a software vendor for the athletics industry. ArbiterSports, a software provider for several sports leagues including the NCAA, announced that it had averted a ransomware attack in July 2020, but despite blocking the attempt to encrypt their systems, the company discovered that a database backup had been accessed prior to the attack.

Identity Theft 246

Identity Theft Passwords Backups Encryption 246

Tech Republic Security

SEPTEMBER 23, 2020

Game players are affected by phishing campaigns, while gaming companies are getting hit by DDoS attacks, says Akamai.

DDOS 218

DDOS Phishing 218

Schneier on Security

SEPTEMBER 18, 2020

Posted three years ago, but definitely appropriate for the times.

Passwords 363

Passwords 363

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

SEPTEMBER 23, 2020

Tyler Technologies , a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents.

Technology 357

Technology Ransomware Software Government 357

Troy Hunt

SEPTEMBER 26, 2020

Wow, 4 years already. Regardless of where I've been in the world or the stresses that have been going on in my personal life , every single week without exception there's been a video. This makes 210 of them now, and these days they're live from a much more professional setup in a location that has absolutely no chance of changing for the foreseeable future.

Passwords 225

Passwords Technology Hacking 225

Security Affairs

SEPTEMBER 26, 2020

Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files. ThunderX is ransomware that appeared in the threat landscape recently, infections were discovered at the end of August 2020. .

Ransomware 145

Ransomware Advertising Encryption Hacking 145

Adam Levin

SEPTEMBER 16, 2020

A phishing campaign is targeting employees with phony email reminders for cybersecurity and phishing awareness training. . In a clever spin on more widely known phishing methods, hackers are sending emails pretending to be from KnowBe4, a company specializing in training employees to recognize phishing scams. . Source: Cofense.com. The emails prompt their targets to click links to complete “required” training sessions, which redirect them to spoofed Outlook.com login pages hosted at a Russian t

Phishing 238

Phishing Scams Cybersecurity 238

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

SEPTEMBER 23, 2020

Some 85% of CISOs surveyed by Netwrix revealed that they sacrificed cybersecurity to quickly set up employees to work remotely.

Cyber threats 218

Cyber threats CISO Cybersecurity 218

Schneier on Security

SEPTEMBER 21, 2020

This sounds like a bad idea.

Surveillance 362

Surveillance 362

Krebs on Security

SEPTEMBER 14, 2020

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here’s the story of how companies searching for investors to believe in their ideas can run into trouble. Nick is an investment banker who runs a firm that helps raise capital for its clients (Nick is not his real name, and like other investment brokers interviewed in this stor

Scams 354

Scams Cryptocurrency Accountability Technology 354

WIRED Threat Level

SEPTEMBER 2, 2020

Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims.

Hacking 145

Hacking Ransomware 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

SEPTEMBER 23, 2020

Samba team has released a security patch to address the Zerologon issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Samba team has released a security patch to address the Zerologon (CVE-2020-1472) issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

Authentication 145

Authentication Advertising Architecture Passwords 145

Adam Levin

SEPTEMBER 29, 2020

Ransomware operators have released the personal data of students in the Clark County School District in Nevada after officials refused to pay to have their files decrypted. The information leaked reportedly includes Social Security numbers, names, grades, addresses, and financial information. District officials have been thus far unable to verify the data.

Ransomware 237

Ransomware Media Encryption Government 237

Tech Republic Security

SEPTEMBER 22, 2020

Security is changing rapidly, and the COVID-19 pandemic hasn't helped. A Cisco roundtable of chief information security officer advisers plotted the course for a secure future.

CISO 218

CISO Information Security 218

Schneier on Security

SEPTEMBER 30, 2020

Really interesting conversation with someone who negotiates with ransomware gangs: For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy and others) ­ and even if payment is arguably unlawful, seems unlikely to be prosecuted.

Ransomware 355

Ransomware Data breaches Banking Encryption 355

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams