Krebs on Security

NOVEMBER 26, 2019

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own.gov domain.

Government 361

Government Internet Internet Web Fraud 361

Troy Hunt

NOVEMBER 25, 2019

When I first started writing code a few decades ago, it was a rather bland affair involving a basic text editor and physical books for reference. I didn't have an opportunity to create anything usable by others until years later and perhaps most importantly in the context of this blog post, I didn't have anyone in my family able to teach me about coding.

Software 346

Software 346

Adam Levin

NOVEMBER 26, 2019

One terabyte of data belonging to a major hotel booking platform was found leaked online. A huge trove of customer data belonging to Gekko Group was found online in an unsecured format. The data contained a wide array of records, including full names, credit card details, client login information, email addresses, home addresses and hotel reservations.

B2B 295

B2B Spyware VPN Phishing 295

Schneier on Security

NOVEMBER 29, 2019

Interesting research: " TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents ": Abstract: : Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training process.

258

258

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

NOVEMBER 25, 2019

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. Apparently, I’m not alone. “I believe this is the first time I’ve seen a camera on a gas pump with a Bluetooth card skimmer,” said Detective Matt Jogodka of the Las Vegas Police Departm

Banking 350

Banking Wireless Encryption Mobile 350

Troy Hunt

NOVEMBER 24, 2019

Kangaroos! I've been trying to line these guys up for weeks to no avail but finally, they've delivered. Speaking of delivering, I actually got 3 blog posts out this week which I've not done for a while, the most significant of which relates to "data enrichment" companies (also often referred to as "data aggregators"). I have a fundamental issue with the very premise of how these firms operate and I'm getting a little sick of finding my own data in there.

VPN 251

VPN Banking Surveillance Data breaches 251

Schneier on Security

NOVEMBER 27, 2019

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but this is a welcome development. The DHS is seeking public feedback.

Government 224

Government 224

Krebs on Security

NOVEMBER 26, 2019

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.

Marketing 343

Marketing Cybercrime Retail Advertising 343

Troy Hunt

NOVEMBER 28, 2019

I recently had the pleasure of spending a few days in Switzerland, firstly in Geneva visiting ( and speaking at ) CERN followed by a visit to the nation's capital, Bern. There I spent some time with a delegation of the National Cybersecurity Centre discussing the challenges they face and where HIBP can play a role. Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome Switzerland as the 7th national gov

Government 244

Government Cybersecurity 244

Tech Republic Security

NOVEMBER 26, 2019

There's not a one-size-fits-all approach to cybersecurity. Learn some of the common mistakes and how you can get on the right path.

Cybersecurity 218

Cybersecurity 218

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

NOVEMBER 26, 2019

Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide.

Cryptocurrency 145

Cryptocurrency Malware Encryption Advertising 145

WIRED Threat Level

NOVEMBER 25, 2019

Researchers show how AI programs can be sabotaged by even subtle tweaks to the data used to train them.

Hacking 130

Hacking 130

Adam Shostack

NOVEMBER 26, 2019

Apparently, someone was baked at Williams Sonoma.

26

26

Tech Republic Security

NOVEMBER 29, 2019

Credential stuffing attacks pose a significant risk to consumers and businesses. Learn how they work and what you can do about them.

Risk 217

Risk 217

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

NOVEMBER 26, 2019

Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent. According to the company, the cause of behavior that violates their policies is a couple of “malicious” software development kits (SDKs) used by the third-party iOS and Android apps.

Accountability 145

Accountability Mobile Advertising Marketing 145

Dark Reading

NOVEMBER 25, 2019

How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side? Empower home office users with these tips.

Cybersecurity 127

Cybersecurity 127

Thales Cloud Protection & Licensing

NOVEMBER 26, 2019

Originally published in Security Magazine on November 20, 2019. With the holidays approaching, many of us are thinking about taking time off from work to be with friends and family, as well all the last minute shopping that needs to be done. The sad truth is that cyber criminals do not take vacations and may be looking at the holidays as yet another opportunity to steal and monetize consumer data.

Retail 114

Retail Cybercrime Threat Reports 114

Tech Republic Security

NOVEMBER 28, 2019

Education and legislation are needed to combat the significant threat of deepfakes.

Education 214

Education 214

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

NOVEMBER 28, 2019

A piece of the Ryuk Ransomware infected the network of the multinational cybersecurity firm Prosegur, forcing the company to shut down it. The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform. Comunicado sobre incidencia de seguridad informática pic.twitter.com/TMdOJzkFCB — Prosegur (@Prosegur) November 27, 2019.

Ransomware 144

Ransomware Cybersecurity Telecommunications Advertising 144

CTOVision Cybersecurity

NOVEMBER 25, 2019

Thanks to the power of computing you can watch Commodore Grace Hopper delivering her landmark lecture at MIT Laboratory on 25 April 1985. The entire presentation is excellent and worth listening to. But my favorite line is right around 23 minutes in, when after describing the nature of technology innovation she says: “Probably the most […].

Technology 113

Technology 113

Threatpost

NOVEMBER 26, 2019

Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware - including domain impersonation, social media giveaway scams, and a malicious Chrome extension.

Scams 112

Scams Media Malware Phishing 112

Tech Republic Security

NOVEMBER 27, 2019

Even full disk encryption can't keep you secure if your PC firmware is compromised, so Secured-core PCs will use the CPU to check if UEFI is telling the truth about secure boot.

Firmware 209

Firmware Encryption 209

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

NOVEMBER 23, 2019

Kaspersky researchers found dozens of flaws in four popular open-source virtual network computing (VNC) systems. Experts from Kaspersky analyzed several different implementations of a remote access system called Virtual Network Computing (VNC) and identified a number of memory corruption vulnerabilities. Some of the vulnerabilities found by the experts could lead to remote code execution.

Software 144

Software Advertising Manufacturing Hacking 144

WIRED Threat Level

NOVEMBER 27, 2019

Black Friday is going to be overrun with cheap, internet-connected gifts. Just make sure you know exactly what you’re buying.

Internet 109

Internet Internet 109

Threatpost

NOVEMBER 28, 2019

38 million consumer health records have been exposed so far in 2019.

Healthcare 105

Healthcare Ransomware 105

Tech Republic Security

NOVEMBER 26, 2019

Cyber insurance can help protect your organization from the financial costs associated with data breaches. Learn the details to decide if it's the right fit for your company.

Cyber Insurance 203

Cyber Insurance Insurance Data breaches 203

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

NOVEMBER 25, 2019

Over the summer, the Apache Solr team addressed a remote code execution flaw, not a working exploit code was published online. The bug addressed by the Apache Solr team fixed over the summer is more dangerous than initially thought. Apache Solr is a highly reliable, scalable and fault-tolerant, open-source search engine written in Java. Solr is highly reliable, scalable and fault-tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, ce

Advertising 143

Advertising Firewall Engineering Authentication 143

Thales Cloud Protection & Licensing

NOVEMBER 25, 2019

Originally published in City A.M. on November 20, 2019 (Page 23). Be afraid, be very afraid, for here are the security fears lurking under your firm’s bed. The choices that characters make in scary movies can often seem baffling. Why do they never turn the lights on when entering the house at night alone? How come they always run upstairs and never outside when being chased?

104

104

Threatpost

NOVEMBER 26, 2019

He and co-conspirators stole 50 gigs of music and leaked some of it onto the internet.

Internet 103

Internet Internet Hacking 103

Tech Republic Security

NOVEMBER 27, 2019

Education and legislation are needed to combat the significant threat of deepfakes.

Education 168

Education 168

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!