Krebs on Security
DECEMBER 27, 2019
Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible.
Adam Levin
DECEMBER 24, 2019
Convenience store and gas station chain Wawa informed customers of a data breach that compromised payment card information at most of its 842 locations. In an announcement released December 19, Wawa CEO Chris Gheysens. stated that the company’s information security team had discovered malware on their payment processing servers about a week earlier.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 26, 2019
Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA at will.
Troy Hunt
DECEMBER 24, 2019
When is data "public"? And what does "public" even mean? Does it mean it's merely visible to the public? Or does it mean the public can do anything they like with it? This discussion comes up time and time again as it did with the huge leak of PDL data only last month. For the most part, the impacted data in this incident came from LinkedIn, a service where by design we (including myself) publish personal information about ourselves for public consumption.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 24, 2019
Firejail allows you to easily sandbox Linux applications. Find out how to add this extra layer of security.
Daniel Miessler
DECEMBER 24, 2019
A debate recently flared up on Twitter around creating and sharing high-quality Offensive Security Tools, such as Empire. Richard Bejtlich came out against, saying that OST tools were doing more harm than good. “We believe that Powershell and Empire framework will remain a major threat vector employed by APTs, malware authors, and Red Teams.” SO WHY ARE YOU UPDATING IT?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
DECEMBER 21, 2019
Monday: 40C and lapping up the Gold Coast sunshine. Wednesday: -8C and lapping up. Juicy IPA ! I'm back in Oslo and catching up with the locals including running a roundtable discussion for CSOs at Microsoft, visiting the Norwegian National Cyber Security Centre ( recently onboarded to HIBP ) and chatting with Forbrukerrådet, the Norwegian Consumer Counsel.
Tech Republic Security
DECEMBER 27, 2019
Security teams should coordinate and operate by standard practices to ensure their efforts yield the maximum results. Learn some tips from an industry insider on how to make it happen.
Security Affairs
DECEMBER 23, 2019
Critical CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway could be exploited to access company networks, 80,000 companies at risk worldwide. A critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway), tracked as CVE-2019-19781 , could be exploited by attackers to access company networks.
Daniel Miessler
DECEMBER 23, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
DECEMBER 27, 2019
2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.
Tech Republic Security
DECEMBER 24, 2019
Security analysts say multifactor authentication is an absolute must for any company running multiple interfaces.
Security Affairs
DECEMBER 27, 2019
The 2020 Cybersecurity Landscape – Below Pierluigi Paganini’s cybersecurity predictions for the next twelve months. Here we are again for the annual prediction of the events that I believe will impact the cybersecurity landscape in the next year. Let’s try to imagine what threats and bad actors will influence the cyber arena in the next 12 months. 1) Targeted ransomware attacks on the rise.
WIRED Threat Level
DECEMBER 22, 2019
A messaging app called ToTok had scores of positive reviews, particularly from users in the UAE. US intelligent officials say it may be spying for that government instead. .
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
DECEMBER 23, 2019
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children's connected toys, here are the top IoT disasters in 2019.
Tech Republic Security
DECEMBER 27, 2019
Learn how to hide or encrypt specific files in Windows in order to better protect them.
Security Affairs
DECEMBER 25, 2019
A new Mozi P2P botnet is actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. Security experts from 360 Netlab spotted a new Mozi P2P botnet that is actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. According to the researchers, in the last months, the botnet was mainly involved in DDoS attacks, experts also noticed that the sample borrows part of code from the Gafgyt malware.
Dark Reading
DECEMBER 23, 2019
Fraudsters with social engineering skills are hijacking cell phone SIM cards to access victims' bitcoin and social media accounts
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
PerezBox Security
DECEMBER 24, 2019
On December 18th, DeepInstinct put out a great article outlining the latest Legion Loader campaign. Whether a parent, or organization, this served as a great example to demonstrate the effectiveness. Read More. The post Mitigating Web Threats with CleanBrowsing DNS appeared first on PerezBox.
Tech Republic Security
DECEMBER 25, 2019
If you're concerned about the security of your code within Docker Hub, you might want to enable two-factor authentication.
Security Affairs
DECEMBER 24, 2019
Russia successfully disconnected from the internet. Russia’s government announced that it has successfully concluded a series of tests for its RuNet intranet aimed at country disconnection from the Internet. The Russian Government has announced on Monday that it has successfully concluded the test on its RuNet intranet and the complete disconnection of the country from the Internet. “The results of the exercises showed that, in general, both authorities and telecom operators are read
WIRED Threat Level
DECEMBER 26, 2019
In the last few years, the "Nigerian prince" scams have gotten a major upgrade.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
DECEMBER 26, 2019
2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Here's the Threatpost Top 10 for data-breach news of the year, featuring all the low-lights.
Tech Republic Security
DECEMBER 24, 2019
If you're concerned about the security of your code within Docker Hub, you might want to enable two-factor authentication.
Security Affairs
DECEMBER 25, 2019
A flaw in the Twitter app for Android could have been exploited by attackers to obtain sensitive information or take over an account. Twitter has recently addressed a security vulnerability that affected the Android version of the app, it could have been exploited by hackers to access sensitive information of the users (direct messages, protected tweets and location data) or take over their accounts.
WIRED Threat Level
DECEMBER 23, 2019
It's been a rough 10 years in cybersecurity—and it's only getting worse.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
DECEMBER 23, 2019
How would the world's most generous elf operate in a world of zero-trust security? A group of cybersecurity experts lets us know.
Tech Republic Security
DECEMBER 24, 2019
Firejail allows you to easily sandbox Linux applications. Find out how to add this extra layer of security.
Security Affairs
DECEMBER 27, 2019
Nepal police arrested more than 100 Chinese nationals over a suspected cyber scam, this is the largest-ever operation involving foreigners. Nepal authorities have arrested more than 100 Chinese nationals that were in the country on tourist visas, they are suspected to be involved in a cyber scam. The Nepal police conducted a coordinated operation that allowed the arrests of the suspects, eight of which are women.
Threatpost
DECEMBER 24, 2019
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
178 
Let's personalize your content