Krebs on Security

MAY 16, 2020

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around the United States on Thursday says the ring has been filing unemployment claims in different states using Social Security numbers

Insurance 363

Insurance Banking Identity Theft Accountability 363

The Last Watchdog

MAY 21, 2020

When it was first introduced, device fingerprinting – or online fingerprinting in general – was meant to create a safer, more responsible internet. The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability. Related: Why Satya Nadella calls for regulation of facial recognition systems The concept itself is still very much relevant today.

Advertising 288

Advertising Internet Internet Accountability 288

Schneier on Security

MAY 19, 2020

Ben Buchanan has written " A National Security Research Agenda for Cybersecurity and Artificial Intelligence." It's really good -- well worth reading.

Artificial Intelligence 337

Artificial Intelligence Cybersecurity 337

Tech Republic Security

MAY 20, 2020

These postings provide cybercriminals with the information needed to hack into networks where they can infect critical machines with malware, according to Positive Technologies.

Technology 218

Technology Malware Hacking 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches.

Passwords 334

Passwords Accountability Hacking Password Management 334

Troy Hunt

MAY 22, 2020

Hey, check out that haircut! And shirt! It's almost like I'm a professional again ?? Come Monday, schools here return as usual so I figured it was time for both my son and I to head to the barber. Other events of the day had me sprucing up to a level I don't think I've seen since Feb and I've gotta say, it's actually kind of nice. If only I had somewhere I could actually go out to.

VPN 165

VPN Data breaches 165

Tech Republic Security

MAY 19, 2020

Many on the dark web are expressing the same thoughts and fears about COVID-19 as everyone else, while others are looking for ways to profit from it, says Trustwave.

217

217

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals.

Malware 306

Malware Cybercrime Ransomware Marketing 306

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. He looks at the key findings and talks about what they might mean to us going forward. The newsletter serves as the show notes for the podcast. The Dataviz Game on Point. Verizon’s Breach Report is one of the best infosec reports out there, and I’m always excited when I hear it’s been released.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Schneier on Security

MAY 18, 2020

A new malware, called Ramsey, can jump air gaps : ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a and v2.b). Each version was different and infected victims through different methods, but at its core, the malware's primary role was to scan an infected computer, and gather Word, PDF, and ZIP documents in a hidden storage folder, ready to be exfiltrated at

Malware 204

Malware Government 204

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MAY 20, 2020

Available online classes include ways to upgrade your resume, add to current skills, or land a better job. Here are some of the top places to go to find eLearning courses.

210

210

Adam Shostack

MAY 20, 2020

Understanding the way intrusions really happen is a long-standing interest of mine. This is quite a different set of questions compared to “how long does it take to detect,” or “how many records are stolen?” How the intrusion happens is about questions like: Is it phishing emails that steal creds? Email attachments with exploits?

InfoSec 124

InfoSec Government Engineering Phishing 124

Daniel Miessler

MAY 18, 2020

THIS WEEK’S TOPICS: Feds Release Top Vulns, China Brainwave Tracking, Europe CISSP Masters, Army Electronic Warfare, Microsoft Third-largest Patch Tuesday, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. Threat actors attempted to exploit a zero-day (CVE-2020-12271) in the Sophos XG firewall to spread ransomware to Windows machines, the good news is that the attack was blocked by a hotfix issued by Sophos. At the end of April, cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Fi

Firewall 131

Firewall Ransomware Passwords VPN 131

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

MAY 21, 2020

Stolen in a recent breach, the names, email addresses, encrypted passwords, and other data of Home Chef customers are being sold on the Dark Web.

Encryption 211

Encryption Passwords 211

WIRED Threat Level

MAY 21, 2020

In the few short years since his time in Congress, the secretary of state has conveniently reversed himself on multiple fronts.

145

145

Dark Reading

MAY 22, 2020

With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?

Accountability 132

Accountability 132

Security Affairs

MAY 22, 2020

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. Introduction. During our Cyber Threat Intelligence monitoring we spotted new malicious activities targeting some Italian companies operating worldwide in the manufacturing sector, some of them also part of the automotive production chain.

Manufacturing 128

Manufacturing Malware Spyware Cyber threats 128

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

MAY 20, 2020

LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security.

Password Management 202

Password Management Phishing Passwords 202

Threatpost

MAY 19, 2020

The attack discovered by Cofense can steal sensitive user data stored on the cloud as well as find other victims to target.

Phishing 136

Phishing Authentication Hacking 136

Dark Reading

MAY 21, 2020

Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?

118

118

Security Affairs

MAY 19, 2020

British airline EasyJet announced it was the victim of a “highly sophisticated” cyber attack that exposed email addresses and travel details of around 9 million of its customers. British airline EasyJet announced that a “highly sophisticated” cyber-attack exposed email addresses and travel details of around 9 million of its customers. “Following discussions with the Information Commissioner’s Office (“ICO”), the Board of easyJet announces that it h

Hacking 120

Hacking Cyber Attacks Advertising Scams 120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

MAY 21, 2020

Working remotely presents key security challenges, but employees may actually be following security rules more carefully when working from home, says 1Password.

Cybersecurity 197

Cybersecurity 197

WIRED Threat Level

MAY 19, 2020

Firms like Google and Cloudflare raced to prevent an amplification attack that threatened to take down large portions of the internet with just a few hundred devices.

DDOS 112

DDOS Internet Internet Hacking 112

Threatpost

MAY 19, 2020

Researchers link the malware to Wolf Research operators with "high confidence" after it was spotted in campaigns targeting Thai users.

Malware 127

Malware Spyware Mobile 127

Security Affairs

MAY 18, 2020

A new ransomware attack hit the Texas government, the malware this time infected systems at the state’s Department of Transportation (TxDOT). The Texas government suffered two ransomware attacks in a few weeks, the first one took place on May 8, 2020 and infected systems at the Texas court. All @txcourts websites are down. We are aware of this issue and working to remedy it.

Ransomware 120

Ransomware Government Advertising Malware 120

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

MAY 21, 2020

Cyberattacks against hospitals and medical facilities have risen this year, often via ransomware and social engineering exploits, says IntSights.

Social Engineering 202

Social Engineering Healthcare Engineering Ransomware 202

WIRED Threat Level

MAY 19, 2020

Security researchers have spotted the “Scattered Canary” group scamming vital benefits programs amid the Covid-19 pandemic.

Scams 124

Scams Hacking 124

Threatpost

MAY 19, 2020

A host of unpatched security bugs that allow BIAS attacks affects Bluetooth chips from Apple, Intel, Qualcomm, Samsung and others.

IoT 123

IoT Mobile 123

Security Affairs

MAY 20, 2020

Security experts have disclosed five unpatched vulnerabilities in Microsoft Windows, four of which rated as high-risk severity. Security experts from Trend Micro’s Zero Day Initiative (ZDI) have published information on five unpatched vulnerabilities in Microsoft Windows. Four vulnerabilities are classified as high-risk severity, three of them are zero-day vulnerabilities tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915.

Advertising 116

Advertising Risk Hacking Information Security 116

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk