Troy Hunt

AUGUST 6, 2020

I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there: But one of them is literally called “Secure VPN”, how is this possible?! “Are You Using These VPN Apps? Personal Info Of 20 Million Users Leaked: That’s 1.2TB Data” [link] — Troy Hunt (@troyhunt) July 20, 2020 VPNs are a great example of where a tool can be us

VPN 301

VPN Marketing Encryption 301

Adam Levin

AUGUST 7, 2020

The FBI warned in a private industry notification published August 3 that companies and organizations still using Windows 7 are at risk. Microsoft’s end of life (EOL) announcement for version 7 of its flagship Windows operating system means most customers still using it would no longer receive security updates or technical support. According to the FBI notification, continued use of the platform “creates the risk of criminal exploitation.”.

Risk 220

Risk Hacking Authentication Ransomware 220

Schneier on Security

AUGUST 3, 2020

Australia is reporting that a BlackBerry device has been cracked after five years: An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state's longest-running drug importation investigations. In April, new technology "capabilities" allowed authorities to probe the encrypted device.

Encryption 279

Encryption Technology 279

Tech Republic Security

AUGUST 7, 2020

Security professionals must act before TLS 1.3 and DNS-over-HTTPS (DoH) are implemented or they won't be able to analyze network traffic and detect cyberthreats, warns Forrester Research.

DNS 218

DNS Encryption 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

AUGUST 7, 2020

What. A. Week. I've been absolutely non-stop publishing data breaches to HIBP whilst simultaneously putting in place the framework to start advising NordVPN on their cybers and open sourcing the HIBP code base at the same time (and a bunch of other more boring stuff that didn't make the cut). That's all explained in this week's update so I won't drill further into it here, there's obviously a couple of big announcements so if you have any questions, drop them in the comments below and I'll eithe

Data breaches 182

Data breaches 182

Adam Levin

AUGUST 5, 2020

Simple spelling errors in URLs can expose you to phishing, malware, and other kinds of cyber trickery. In the latest episode of Third Certainty, Adam Levin discusses typosquatting and how it can put your data security in jeopardy. The post Typosquatting – Third Certainty #24 appeared first on Adam Levin.

Phishing 164

Phishing Malware Cybersecurity 164

Tech Republic Security

AUGUST 3, 2020

One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone.

Engineering 210

Engineering Cybersecurity Malware 210

Security Affairs

AUGUST 2, 2020

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware. BleepingComputer first revealed that Garmin has received the decryption key to recover the files encrypted with the WastedLocker Ransomware in the recent attack. On July 23, smartwatch and wearables maker Garmin has shut down several of its services due to a ransomware attack that targeted its internal network and some production systems.

Ransomware 145

Ransomware Encryption Advertising Software 145

Adam Levin

AUGUST 5, 2020

The NSA has issued a cybersecurity advisory about the use of location data on personal devices, social media accounts, mobile applications, as well as Internet of Things-enabled devices. The advisory, titled “Limiting Location Data Exposure,” was released August 4. While it is directed at government officials, the advice could also help the general public mitigate risks to data and privacy posed by location-tracking technologies.

Cybersecurity 150

Cybersecurity Mobile Advertising Media 150

Schneier on Security

AUGUST 4, 2020

The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic.

Cybercrime 222

Cybercrime 222

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

AUGUST 4, 2020

Security firm recommends digital distancing for devices and more collaboration between IT and security teams to harden the attack surface.

Threat Reports 204

Threat Reports 204

Security Affairs

AUGUST 4, 2020

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS.

Banking 144

Banking Data breaches Mobile Advertising 144

Threatpost

AUGUST 7, 2020

Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.

Data breaches 128

Data breaches 128

Dark Reading

AUGUST 3, 2020

With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.

CISO 143

CISO Data collection 143

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

AUGUST 6, 2020

Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research.

172

172

Security Affairs

AUGUST 2, 2020

A critical flaw in the wpDiscuz WordPress plugin could be exploited by remote attackers to execute arbitrary code and take over the hosting account. Security experts from Wordfence discovered a critical vulnerability impacting the wpDiscuz WordPress plugin that is installed on over 80,000 sites. The vulnerability could be exploited by attackers to execute arbitrary code remotely after uploading arbitrary files on servers hosting the vulnerable WordPress sites. wpDiscuz provides an Ajax real-time

Accountability 128

Accountability Advertising Account Security Hacking 128

Jane Frankland

AUGUST 3, 2020

Words are power. They have energy, and whether we’re speaking, reading, and exposing ourselves to them, we can use them to build relationships, increase knowledge, and drive action. We can use them purposefully, intuitively and strategically. For good and for bad. Consider one of the most relevant words of the moment, crisis. Most dictionaries define it as: A time of intense difficulty or danger.

Cybersecurity 100

Cybersecurity Risk Technology Artificial Intelligence 100

Elie

AUGUST 6, 2020

This talk showcases SCALD, our tool that leverages deep-learning explainability and dynamic execution to automatically find which parts of a crypto-hardware implementation is responsible for leaking the information exploited by side-channel attacks.

118

118

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

AUGUST 3, 2020

The increased use of personal phones for work and the growth of mobile malware create a risk to organizations, says Gigamon.

Mobile 208

Mobile Malware Risk 208

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data.

VPN 127

VPN Passwords Banking Advertising 127

Threatpost

AUGUST 5, 2020

During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return -and how a cyber vigilante is attempting to thwart the malware's comeback.

Malware 117

Malware Phishing 117

Elie

AUGUST 5, 2020

In recent years, Side-Channel Attacks Assisted with Machine Learning aka SCAAML have been proven a very effective approach to carry-out side-channel attacks even against the toughest hardware cryptographic implementations in a semi-automatic manner. Building on this line of work, this talk showcases how to take it a step further and demonstrates how to combine the recent advances in deep-learning explainability with dynamic execution to quickly assess which parts of a hardware cryptographic impl

116

116

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

AUGUST 4, 2020

WhatsApp, Facebook, and Microsoft rounded out the top five as the most spoofed brands last quarter, says Check Point Research.

Phishing 200

Phishing 200

Security Affairs

AUGUST 2, 2020

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. and foreign government organizations. The feds are recommending victims, not to pay the ransom and reporting incidents to their local FBI field offices.

Ransomware 127

Ransomware VPN Advertising Government 127

WIRED Threat Level

AUGUST 5, 2020

By reverse-engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.

Engineering 126

Engineering Hacking 126

Threatpost

AUGUST 6, 2020

Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.

Hacking 125

Hacking 125

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

AUGUST 3, 2020

The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more.

Software 199

Software Technology 199

Security Affairs

AUGUST 5, 2020

Researchers from TIM’s Red Team Research (RTR) have discovered another 4 new zero-day vulnerabilities in the WOWZA Streaming Engine product. Last month, the TIM’s Red Team Research (RTR) disclosed 2 new vulnerabilities affecting the Oracle Business Intelligence product with High severity. Today, the TIM’s Red Team Research led by Massimiliano Brolli, discovered 4 new vulnerabilities that have been addressed by the manufacturer WOWZA Streaming Engine, between the end of 2019 and

Engineering 113

Engineering Media Advertising Manufacturing 113

WIRED Threat Level

AUGUST 6, 2020

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.

Software 142

Software Hacking 142

Threatpost

AUGUST 6, 2020

The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems, reportedly thanks to the Maze gang.

Ransomware 124

Ransomware Malware Hacking 124

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk