Sat.Aug 21, 2021 - Fri.Aug 27, 2021

Surveillance of the Internet Backbone

Schneier on Security

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network.

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Weekly Update 258

Troy Hunt

A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style).

Cyber in Afghanistan: Tech’s Vital Role in Kabul Evacuation

Lohrman on Security

The desperate images coming out of Afghanistan following the Taliban’s takeover last weekend underline the importance of technology and the real-life impacts when planning goes well — or not so well.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Details of the Recent T-Mobile Breach

Schneier on Security

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked. Uncategorized breaches cell phones data breaches hacking T-Mobile

Mobile 259

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce. Related: Employees as human sensors. As of 2018, more than 2 million people were working abroad for U.S. companies in China alone.

More Trending

A Bad Solar Storm Could Cause an 'Internet Apocalypse'

WIRED Threat Level

The undersea cables that connect much of the world would be hit especially hard by a coronal mass ejection. Security Security / Security News

Interesting Privilege Escalation Vulnerability

Schneier on Security

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges.

FBI warns of OnePercent ransomware gang – what you need to know

Graham Cluley

The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking US companies since November 2020. Read more in my article on the Tripwire State of Security blog. Guest blog Malware Ransomware FBI OnePercent ransomware

Beyond the pandemic: Why are data breach costs at an all?time high?

We Live Security

It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity. Cybersecurity

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Cloud Workload Security

Security Boulevard

Cloud observability and security are quickly becoming mainstays necessary to manage and secure cloud-based applications and infrastructure. At Black Hat 2021, Datadog announced their new Cloud Workload Security offering, providing real-time eBPF-powered threat detection across containers and hosts.

Tech companies pledge to help toughen US cybersecurity in White House meeting

Tech Republic Security

Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks

Top Code Debugging and Code Security Tools

eSecurity Planet

There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And as even a casual reader would know from the headlines, not all of that code is flawless.

How attackers could exploit breached T-Mobile user data

CSO Magazine

T-Mobile has confirmed a data breach that impacted nearly 50 million people, including current, former and prospective subscribers. The exposed details differed across different types of customers, so the level of risk users are exposed to varies.

CSO 114

Cybercriminals Inducing Insiders to Plant Malware

Security Boulevard

Those who manage insider threat programs just got a healthy reminder from researchers at Abnormal Security who detailed how their deployed tools detected a new insider recruitment tactic—this time involving ransomware.

Mobile Security companies are lining up for protection against Pegasus Malware

CyberSecurity Insiders

As the Pegasus malware nuisance is slowly found politically gripping the entire world, companies offering security solutions to mobile users are getting busy in finding out a solution that helps protect against the infection repercussions caused by the Pegasus Malware.

Mobile 112

T-Mobile confirms fifth data breach in three years

Graham Cluley

T-Mobile has confirmed media reports from earlier this week that it had suffered a serious data breach. And it's not just existing T-Mobile users who should be alarmed, but former and prosepective customers as well. Data loss data breach T-Mobile

Kubernetes hardening: Drilling down on the NSA/CISA guidance

CSO Magazine

Kubernetes has become the de facto choice for container orchestration. Some studies report that up to 88% of organizations are using Kubernetes for their container orchestration needs and 74% of that occurring in production environments.

113
113

AI-Fueled Deep Fakes Signal New Era of Cybercrime

Security Boulevard

Information manipulation has been around since Chinese general Sun Tzu wrote “The Art of War” in 550 BC. The Russians routinely use disinformation tactics to destabilize democracies. Events like the 2020 U.S.

Cyber Attack on Crypto Exchange brings $97 million loss to customers

CyberSecurity Insiders

Japan-based Cryptocurrency Exchange Company named ‘Liquid’ was reportedly hit by a cyber attack after which the cyber crooks managed to pull $97 million directly from the e-wallets of several customers.

Man impersonates Apple support, steals 620,000 photos from iCloud accounts

We Live Security

The man was after sexually explicit photos and videos that he would then share online or store in his own collection. The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity. Cybercrime

Ransomware demands and payments skyrocket

Tech Republic Security

According to a ransomware report, the average ransom payment in the first half of 2021 jumped to $570,000. Learn more in TechRepublic's Karen Roby interview with writer Lance Whitney

Banking’s Digital Future Raises Security Concerns

Security Boulevard

As the global financial services industry undergoes a seismic shift, disruption is prompting the industry to replace traditional practices, with emphasis on the inevitable digital future banks will have to embrace.

Cyber Attacks on Global Education Sector witness a jump

CyberSecurity Insiders

According to a study by Check Point Software, there has been an increase in cyber attacks on the Education Sector operating across the world. And the survey confirmed that the education sector operating in United States, UK, Israel, India and Italy were deeply affected from January to July this year.

The T-Mobile data breach: A timeline

CSO Magazine

Telecommunications giant T-Mobile has warned that information including names, dates of birth, US Social Security numbers (SSNs), and driver’s license/ID of almost 50 million individuals comprising current, former, or prospective customers has been exposed via a data breach.

LPE zero-day flaw in Razer Synapse allows attackers to take over Windows PCs

Security Affairs

A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer mouse or keyboard. Razer is a popular manufacturer of computer accessories, including gaming mouses and keyboards.

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

eSecurity Planet

Cloudflare last month fought off a massive distributed denial-of-service (DDoS) attack by a botnet that was bombarding 17.2 million requests per second (rps) at one of the internet infrastructure company’s customers in the financial services space.

DDOS 112

Details of US State Department Cyber Attack

CyberSecurity Insiders

The US Department of Defense Cyber Command has disclosed in a tweet that the US State Department was hit by a cyber attack, just a couple of weeks ago, hinting at a serious data breach.

Java deserialization vulnerabilities explained and how to defend against them

CSO Magazine

The Java programming language offers a seamless and elegant way to store and retrieve data. However, without proper input validation and safeguards in place, your application can be vulnerable to unsafe deserialization vulnerabilities.

CSO 110

New LockFile ransomware gang uses ProxyShell and PetitPotam exploits

Security Affairs

A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang named LockFile targets Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

Risk officers and board members don't agree on use of tech and data in business

Tech Republic Security

Survey by EY finds that board members are interested in spending more money on technology and data analytics for risk management

Google bans the following cryptocurrency apps for data security

CyberSecurity Insiders

If you are a cryptocurrency enthusiast and are using any of the mining apps to earn more, then this article needs your interest.

Your ISP is Selling your Data—Despite Swearing Not To

Security Boulevard

“Netflow Data” is big business. It’s being traded by brokers, with zero transparency. But didn’t ISPs promise not to sell it? The post Your ISP is Selling your Data—Despite Swearing Not To appeared first on Security Boulevard.

VPN 108

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. The U.S. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices.

VPN 109

Google and mobile operating systems top list of privacy concerns, says Kaspersky

Tech Republic Security

Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture

Mobile 156