Sat.May 02, 2020 - Fri.May 08, 2020

article thumbnail

Meant to Combat ID Theft, Unemployment Benefits Letter Prompts ID Theft Worries

Krebs on Security

Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank , a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states. Some of these unemployment applications will trigger an automatic letter from U.S. Bank to the applicant. The letters are intended to prevent identity theft, but many people are mistaking these vague missives for a notification that someone has hijacked their identity.

article thumbnail

Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance

Schneier on Security

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name Maximator and provides documentary evidence. The five members of this European alliance are Denmark, Sweden, Germany, the Netherlands, and France.

327
327
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Indecent Exposure: 7TB of Adult Streaming User Data Unsecured on Server

Adam Levin

Users on an adult streaming platform may have experienced the wrong kind of exposure when over seven terabytes of data was found on an unprotected database online. The damage done could include the dissemination of amateur pornographic user images. . CAM4, a video streaming service primarily for adult amateur webcam content, reportedly left more than 11 million user records online on an unprotected Elasticsearch server.

Phishing 197
article thumbnail

Cybersecurity: Half of businesses have had remote working security scares

Tech Republic Security

The rapid move to remote working has left many businesses more vulnerable to cybersecurity threats, with nearly half saying they've encountered at least one scare as a direct result of the shift.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Unsupervised Learning: No. 227

Daniel Miessler

THIS WEEK’S TOPICS: VICE vs. Chinese Surveillance, Indian Contact Tracing, NHS + GCHQ, Banjo Racism, Singapore Requires Check-ins, Bruce on Contact Tracing, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

article thumbnail

Used Tesla Components Contain Personal Information

Schneier on Security

Used Tesla components, sold on eBay, still contain personal information , even after a factory reset. This is a decades-old problem. It's a problem with used hard drives. It's a problem with used photocopiers and printers. It will be a problem with IoT devices. It'll be a problem with everything, until we decide that data deletion is a priority.

IoT 302

More Trending

article thumbnail

Bad password habits continue with 53% admitting to using the same password

Tech Republic Security

Ahead of World Password Day, a survey finds management is worse than junior staff at practicing good password hygiene, according to SecureAuth.

Passwords 217
article thumbnail

Report: Microsoft’s GitHub Account Gets Hacked

Threatpost

The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer platform, which it owns.

Hacking 143
article thumbnail

Malware in Google Apps

Schneier on Security

Interesting story of malware hidden in Google Apps. This particular campaign is tied to the government of Vietnam. At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India.

Malware 295
article thumbnail

68% of Pharma Executives Have Had Credentials Breached Online

Adam Levin

The online credentials for 68% of pharmaceutical executives analyzed for a study have been compromised recently. The study, conducted by cybersecurity firm Blackcloak, found that the email accounts of over two-thirds of pharmaceutical executives had been compromised within the last five to ten years. Of the compromised emails, 57% were found on the dark web and had been either cracked or stored in plaintext format.

Passwords 130
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

A passwordless future: How security keys and biometrics are taking over

Tech Republic Security

Passwords are no longer a secure method of identity verification, resulting in many organizations to turn to other tactics, Yubico found.

Passwords 217
article thumbnail

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. The malicious code was designed to target Linux-based servers and Internet of Things (IoT) devices and use them as part of a DDoS botnet.

IoT 128
article thumbnail

ILOVEYOU Virus

Schneier on Security

It's the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design.

Software 279
article thumbnail

Is CVSS the Right Standard for Prioritization?

Dark Reading

More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.

109
109
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

This common online behavior puts you and your data at great risk

Tech Republic Security

A LastPass report reveals 91% use the same passwords on multiple accounts, and 53% haven't changed passwords in 12 months, despite high-profile security breaches.

Risk 194
article thumbnail

GoDaddy discloses a data breach, web hosting account credentials exposed

Security Affairs

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials. Headquartered in Scottsdale, Arizona, the Internet domain registrar and web hosting company claims to have over 19 million customers worldwide.

article thumbnail

Black Hat USA, DEF CON 28 Go Virtual

Threatpost

Due to the coronavirus pandemic, there will be no in-person Black Hat USA or DEF CON conferences this year.

139
139
article thumbnail

India's Covid-19 Contract Tracing App Could Leak Patient Locations

WIRED Threat Level

The system's use of GPS data could let hackers pinpoint who reports a positive diagnosis.

143
143
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Phishing emails caught exploiting DocuSign and COVID-19

Tech Republic Security

A new attack discovered by Abnormal Security aims to steal account credentials from people who use the online document signing platform.

Phishing 205
article thumbnail

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Security Affairs

A hacker has leaked the details of 15 million users registered on Tokopedia , an Indonesian technology company specializing in e-commerce. Tokopedia is an Indonesian technology company specializing in e-commerce, it currently operates Indonesia’s largest online store. The company has over 4200 employees and accounts for over 90 million active users every month.

article thumbnail

Naikon APT Hid Five-Year Espionage Attack Under Radar

Threatpost

The Chinese APT has been discovered behind a five-year espionage campaign that compromises government servers - and uses that as leverage for other attacks.

article thumbnail

The Price of Fame? Celebrities Face Unique Hacking Threats

Dark Reading

Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.

Hacking 102
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

5 things developers should know about data privacy and security

Tech Republic Security

In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.

article thumbnail

French daily Le Figaro leaks 7.4 Billion records

Security Affairs

French daily Le Figaro database accidentally exposed online, the archive included roughly 7.4 billion records containing personal information of employees and users. French daily newspaper Le Figaro exposed roughly 7.4 billion records containing personally identifiable information (PII) of employees, reporters, and at least 42,000 users. The database was discovered by the Safety Detectives team of experts lead by the researcher Anurag Sen , it was over 8TB, the archive also included data of acco

article thumbnail

Google Android RCE Bug Allows Attacker Full Device Access

Threatpost

The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week.

Mobile 118
article thumbnail

The World Needs Hope

Adam Shostack

A New Hope, even! Happy Star Wars Day!

130
130
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Cybersecurity: SMBs are keeping up with big companies, according to Cisco survey

Tech Republic Security

Cisco survey finds security experts at mid-sized companies have strong incident response plans and prioritize proactive threat hunting.

article thumbnail

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

Since the end of April 2020, a new trojan has been affecting Portuguese users from several bank organizations. The modus operandi of this piece of malware is not new in Portugal. At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details of the victims. One of the last occurrences was last December 2019, where the Lampion trojan operated in a very similar way, changing only the way the malware was distributed (via

Banking 112
article thumbnail

Zoom Beefs Up End-to-End Encryption to Thwart ‘Zoombombers’

Threatpost

As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. A full cryptographic draft architecture will be available on May 22.

article thumbnail

Adult Cam CAM4 Site Exposed 10.88 Billion User Records

WIRED Threat Level

CAM4 has taken the server offline, but not before it leaked 7TB of user data.

137
137
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.