Sat.Jan 23, 2021 - Fri.Jan 29, 2021

article thumbnail

A @TomNomNom Recon Tools Primer

Daniel Miessler

There are recon tools, and there are recon tools. @tomnomnom —also called Tom Hudson—creates the latter. I have great respect for large, multi-use suites like Burp , Amass , and Spiderfoot , but I love tools with the Unix philosophy of doing one specific thing really well. I think this granular approach is especially useful in recon. Related Talk: Mechanizing the Methodology.

Internet 364
article thumbnail

Joseph Steinberg Appointed To CompTIA Cybersecurity Advisory Council

Joseph Steinberg

Long-time cybersecurity-industry veteran, Joseph Steinberg , has been appointed by CompTIA, the information technology (IT) industry’s nonprofit trade association that has issued more than 2-million vendor-neutral IT certifications to date, to its newly-formed Cybersecurity Advisory Council. The council, comprised of 16 experts with a diverse set of experience and backgrounds, will provide guidance on how technology companies can both address pressing cybersecurity issues and threats, as well as

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Taxman Cometh for ID Theft Victims

Krebs on Security

The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year.

Insurance 288
article thumbnail

Massive Brazilian Data Breach

Schneier on Security

I think this is the largest data breach of all time: 220 million people. ( Lots more stories are in Portuguese.).

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Weekly Update 228

Troy Hunt

Well, it kinda feels like we're back to the new normal that is 2021. I'm home, the kids are back at school and we're all still getting breached. We're breached so much that even when we're not breached but someone says we're breached, it genuinely looks like we're breached. Ok, that's a bit wordy but the Exodus thing earlier today was frustrating, not because a screen cap of an alleged breach notice was indistinguishable from a phish, but because of the way some people chose to react when I shar

article thumbnail

Keyless Car Entry Systems May Allow Anyone To Open And Steal Your Vehicle

Joseph Steinberg

Hands-free car-entry systems that allow people to unlock their car doors without the need to push any buttons on the fob or car provide great convenience; at least during the winter, many people even store key fobs in their coats and do not even physically handle the fobs on a regular basis. Cars that allow such access typically utilize proximity to determine when to let people open their doors; when a corresponding fob (and, ostensibly the car’s owner) is close to a locked vehicle that ve

More Trending

article thumbnail

Dutch Insider Attack on COVID-19 Data

Schneier on Security

Insider data theft : Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground. […]. According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government COVID-19 systems and databases. They were working from home: “Because people are working from home, they can easily take photos of their screens.

Risk 264
article thumbnail

SolarWinds attack: Cybersecurity experts share lessons learned and how to protect your business

Tech Republic Security

The highly sophisticated SolarWinds attack was designed to circumvent threat detection—and it did, for much too long. Two cybersecurity experts share some valuable lessons learned from the attack.

article thumbnail

The Top 21 Security Predictions for 2021

Lohrman on Security

308
308
article thumbnail

The Future of Payments Security

Thales Cloud Protection & Licensing

The Future of Payments Security. madhav. Tue, 01/26/2021 - 09:17. Criminals use a wide range of methods to commit fraud. The increasing trend of using mobile payments for in-store purchases (especially during the pandemic) is leading criminals to increasingly focus their efforts on defrauding people through online fraud and scams. Fraud and scams move to the web.

Retail 142
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Including Hackers in NATO Wargames

Schneier on Security

This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks.

article thumbnail

Gartner: The future of AI is not as rosy as some might think

Tech Republic Security

A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.

215
215
article thumbnail

2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic

Lohrman on Security

279
279
article thumbnail

Emotet botnet takedown – what you need to know

Graham Cluley

Law enforcement agencies across the globe say that they have dealt a blow against Emotet, described by Interpol as "the world's most dangerous malware", by taking control of its infrastructure. Read more in my article on the Tripwire State of Security blog.

Malware 145
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities

Hot for Security

Threat experts at Google say that they have identified an ongoing hacking campaign that has targeted computer security experts, specifically those researching the very type of software vulnerabilities exploited by cybercriminals. Read more in my article on the Hot for Security blog.

Hacking 144
article thumbnail

2021 predictions: Quantifying and prioritizing cyber and business risk

Tech Republic Security

Every new year brings new challenges surrounding risk management. Learn how to protect your company and its assets with these tips from an industry insider.

Risk 213
article thumbnail

Ransomware: Analyzing the data from 2020

Digital Shadows

Note: This blog is a roundup of our quarterly ransomware series. You can also see our Q2 Ransomware Trends, Q3. The post Ransomware: Analyzing the data from 2020 first appeared on Digital Shadows.

article thumbnail

Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers

SC Magazine

Researchers at GRIMM have discovered multiple vulnerabilities – two of which could lead to remote code execution (RCE) – within the NITRO open source library that the Department of Defense and federal intelligence community use to exchange, store and transmit digital images collected by satellites. Two of the flaws “looked like they could lead to remote code execution,” said Adam Nichols, principal of the Software Security practice at GRIMM, who explained to SC Media that photos in the library a

Media 143
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

A Look at the Legal Consequence of a Cyber Attack

The State of Security

Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of […]… Read More. The post A Look at the Legal Consequence of a Cyber Attack appeared first on The State of Security.

article thumbnail

Homebrew: How to install post-exploitation tools on macOS

Tech Republic Security

We'll guide you through the process of using Homebrew package manager to install post-exploit security tools on macOS to further assess compromised system vulnerabilities found in your Apple equipment.

196
196
article thumbnail

Update your iPhone now to protect against vulnerabilities that hackers may have actively exploited

Graham Cluley

Apple is encouraging owners of iPhones and iPads to update their devices to the latest version of iOS and iPadOS in order to protect against serious vulnerabilities that could have already been actively exploited by malicious hackers.

Malware 143
article thumbnail

Cryptojacking malware targeting cloud apps gets new upgrades, worming capability

SC Magazine

A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier to spread and harder for organizations to detect when their cloud applications have been commandeered. New research from Palo Alto’s Unit 42 details how Pro-Ocean, which was used throughout 2018 and 2019 to illegally mine Monero from infected Linux machines, has been quietly updated by the threat actor Rocke Group after it was exposed by Cisco Talos and other threat researchers i

Malware 141
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

2020 Data Breaches Point to Cybersecurity Trends for 2021

Lohrman on Security

article thumbnail

Distributed denial of service (DDoS) attacks: A cheat sheet

Tech Republic Security

This comprehensive guide covers different types of denial of service attacks, DDoS protection strategies, as well as why it matters for business.

DDOS 211
article thumbnail

How decision-making psychology can improve incident response

CSO Magazine

Incident response (IR) is a key part of any large organization’s security posture. Ensuring your teams know how to react to different situations and scenarios enables companies to respond quicker and more effectively to cyberattacks.

140
140
article thumbnail

TrustArc Celebrates Data Privacy Day

TrustArc

Data Privacy Day (or Data Protection Day, if you are based in Europe) is upon us! Every year on January 28th, we take this time to create awareness about the importance of data privacy, keeping data safe and enabling trust. We take being a Data Privacy Day Champion seriously, and are proud to spread the […]. The post TrustArc Celebrates Data Privacy Day appeared first on TrustArc Privacy Blog.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Hacker leaks data of 2.28 million dating site users

Zero Day

Data belongs to dating site MeetMindful and includes everything from real names to Facebook account tokens, and from email addresses and geo-location information.

article thumbnail

Data Privacy Day: 10 experts give advice for protecting your business

Tech Republic Security

Data Privacy Day is dedicated to achieving sound privacy practices to protect businesses and customers. Learn insights from 10 experts in the field to help safeguard your company.

article thumbnail

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

Zscaler’s research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner. The bot is composed of a series of Executable and Linkable Format (ELF) binaries and Unix shell scripts. .

article thumbnail

Wormable Android malware spreads via WhatsApp messages

We Live Security

“Download This application and Win Mobile Phone”, reads the message attempting to trick users into downloading a fake Huawei app. The post Wormable Android malware spreads via WhatsApp messages appeared first on WeLiveSecurity.

Malware 137
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.