Krebs on Security

MAY 29, 2019

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this partic

Phishing 273

Phishing Scams Education Internet 273

Schneier on Security

MAY 31, 2019

The International Committee of the Red Cross has just published a report: " The Potential Human Cost of Cyber-Operations." It's the result of an "ICRC Expert Meeting" from last year, but was published this week. Here's a shorter blog post if you don't want to read the whole thing. And [link] by one of the authors.

Malware 246

Malware 246

Troy Hunt

MAY 25, 2019

I'm a day and a half behind with this week's update again - sorry! Thursday and Friday were solid with training in Melbourne so I recorded Saturday and am pushing this out in the early hours of Sunday before going wakeboarding - is that work / life balance? But there's been a hell of a lot going on, particularly around HIBP and I'll be talking a lot more about that in the weeks to come.

Password Management 202

Password Management Passwords Advertising 202

The Last Watchdog

MAY 28, 2019

159

159

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

MAY 31, 2019

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. [NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful.

Financial Services 264

Financial Services Insurance Banking Authentication 264

Schneier on Security

MAY 28, 2019

Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. "The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you're a small business.

Insurance 246

Insurance Small Business Accountability 246

Adam Levin

MAY 29, 2019

First American Financial Corp. left hundreds of millions of sensitive financial documents unprotected on its website dating back as far as 2003. The security hole, discovered by Washington real estate developer Ben Shoval and reported by security expert Brian Krebs, allowed anyone with a web browser full access to digitized records related to mortgage deals.

Small Business 149

Small Business Insurance Accountability Banking 149

Krebs on Security

MAY 30, 2019

Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software. In March 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) — Canada’s equivalent of the U.S. Federal Communications Commission (FCC), executed a search warrant in tandem with the Royal Canadian Mounted Police (RCMP) at the home of a Toronto softwa

Computers and Electronics 246

Computers and Electronics Malware Software Telecommunications 246

Schneier on Security

MAY 29, 2019

Really interesting talk by former Facebook CISO Alex Stamos about the problems inherent in content moderation by social media platforms. Well worth watching.

CISO 213

CISO Media 213

Adam Shostack

MAY 29, 2019

There’s a fascinating paper, “ Tuning Out Security Warnings: A Longitudinal Examination Of Habituation Through Fmri, Eye Tracking, And Field Experiments.” (It came out about a year ago.). The researchers examined what happens in people’s brains when they look at warnings, and they found that: Research in the fields of information systems and human-computer interaction has shown that habituation—decreased response to repeated stimulation—is a serious threat to the effectiv

Mobile 113

Mobile 113

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

MAY 31, 2019

The Russian army seems to be in the process of replacing the Windows system with the Debian-based Linux distribution Astra Linux. Cyber security seems to subvert the globalization concept, governments are working to develop their own technology fearing possible espionage and sabotage activities of foreign states. The Russian military is in the process of replacing the Windows system with the Linux distribution Astra Linux.

Government 112

Government Advertising Data privacy Manufacturing 112

WIRED Threat Level

MAY 26, 2019

We've picked our favorite password managers for PC, Mac, Android, iPhone, and web browsers.

Password Management 111

Password Management Passwords 111

Dark Reading

MAY 28, 2019

Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.

Authentication 102

Authentication Passwords 102

Threatpost

MAY 30, 2019

One of the most popular U.S. drive-through restaurants has been hit with a data breach due to POS malware.

Malware 101

Malware Data breaches 101

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

MAY 30, 2019

Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt. Recent research by the cybersecurity experts at VPNpro shows that the popular mobile VPN developer Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt.

VPN 111

VPN Small Business Advertising Mobile 111

WIRED Threat Level

MAY 27, 2019

Google knows more about you than you might think. Here's how to keep it from knowing your location, web browsing, and more.

105

105

Thales Cloud Protection & Licensing

MAY 30, 2019

As I noted in my last blog post , containers, which are now pervasive in enterprises, are ephemeral, and microservices frameworks like Kubernetes treat them as such. Data security is a complex subject, and, unfortunately, microservices only add to the complexity. I frequently try to untangle the threads of knotty issues by asking questions. So, in this and my next few blogs, I will share some questions you might want to ask as you go about securing your data in a microservices environment.

Authentication 97

Authentication Software Network Security 97

Threatpost

MAY 30, 2019

HiddenWasp is unique for Linux-based malware in that it targets systems to remotely control them.

Malware 98

Malware 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

MAY 29, 2019

The popular white hat hacker Tavis Ormandy has announced the discovery of a code execution vulnerability in Microsoft’s Notepad text editor. The Google Project Zero researcher Tavis Ormandy announced the discovery of a code execution flaw in Microsoft’s Notepad text editor. Am I the first person to pop a shell in notepad? … believe it or not, It's a real bug!

Advertising 112

Advertising Hacking Cybersecurity Information Security 112

Dark Reading

MAY 28, 2019

Fighting cybercrime requires visibility into much more than just the Dark Web. Here's where to look and a glimpse of what you'll find.

Cybercrime 95

Cybercrime 95

WIRED Threat Level

MAY 25, 2019

You don't have to get your hands dirty to do the most important spring cleaning of the year.

86

86

Threatpost

MAY 31, 2019

Google Project Zero researcher unearths a bug in Microsoft’s Notepad Windows application.

Hacking 96

Hacking 96

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

MAY 29, 2019

Public Wi-Fi is easily accessible by everyone, as much as free surfing sounds cool, it is risky as well. Let’s see how your data can be hacked easily. In the contemporary world of networking, Wi-Fi has become a vital commodity. Wi-Fi are now installed in each and every place regardless of the size of the place; from international airports to small kiosks, you can find an internet connection everywhere.

Hacking 111

Hacking VPN Passwords Internet 111

Dark Reading

MAY 29, 2019

Nearly three-quarters of organizations hit with impersonation attacks experienced direct losses of money, customers, and data.

93

93

WIRED Threat Level

MAY 31, 2019

At this rate, it will take years to fix a critical vulnerability that remains in over 900,000 Windows machines. A worm will arrive much sooner.

Hacking 82

Hacking 82

Threatpost

MAY 31, 2019

A lack of security training for interns, and their obsession with sharing content on social media, could lead to a perfect storm for hackers looking to collect social engineering data.

Media 87

Media Social Engineering Engineering Phishing 87

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

MAY 25, 2019

Security experts at Sophos have detected a wave of attacks targeting Windows servers that are running MySQL databases with the intent of delivering the GandCrab ransomware. Sophos researchers have observed a wave of attacks targeting Windows servers that are running MySQL databases, threat actors aim at delivering the GandCrab ransomware. This is the first time the company sees hackers targeting Windows servers running instances MySQL databases to infect them with ransomware.

Ransomware 111

Ransomware Advertising Internet Internet 111

Dark Reading

MAY 29, 2019

Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.

Ransomware 90

Ransomware Risk 90

eSecurity Planet

MAY 30, 2019

We take a closer look at 12 highly critical vulnerabilities disclosed in the past month.

81

81

Threatpost

MAY 31, 2019

As 5G deployments continue to increase, what are the top security risks for enterprises? We discuss with an expert during GSMA's Mobile360 conference.

Risk 83

Risk IoT Hacking 83

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!