Krebs on Security

DECEMBER 16, 2019

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.

Ransomware 208

Ransomware Data breaches Healthcare Cybercrime 208

Adam Levin

DECEMBER 17, 2019

New Orleans has declared a state of emergency following a ransomware attack. The city government has effectively been offline since December 13 when employees were instructed to turn off all computers and disconnect them from WiFi networks following reports of suspicious network activity. . “The city asks residents and vendors for their patience and understanding as our Information Technology team works to restore all operations to normal,” said New Orleans mayor LaToya Cantrell.

Ransomware 168

Ransomware Government Technology Cybersecurity 168

Troy Hunt

DECEMBER 16, 2019

Back in July last year, Scott Helme and I shipped a little pet project that tracked the world's largest websites not implementing HTTPS by default. We called it Why No HTTPS? and it gave people a way to see the largest websites not taking transport layer security seriously. We also broke the list down on a country-by-country basis and it quickly became a means of highlighting security gaps and serving as a "list of shame".

Firewall 166

Firewall 166

Tech Republic Security

DECEMBER 18, 2019

Jack Wallen shares cybersecurity predictions that might make your IT skin crawl. Find out what he thinks could be the silver lining to this security nightmare.

Cybersecurity 151

Cybersecurity 151

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

DECEMBER 19, 2019

DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of shared whiteboards (e.g. meeting notes) and other sensitive files (e.g., OTA -- over-the-air updates) were stored in a publicly accessible AWS S3 bucket that also lacked TLS encryption (CVE-2019-16270, CVE-2019-16274).

IoT 159

IoT Wireless System Administration Encryption 159

Adam Levin

DECEMBER 19, 2019

Internal data breaches are on the rise, with 70% of security professionals reporting that it’s happened to them in the last five years. According to a survey conducted by email security company Egress , accidental internal breaches are one of the top three concerns for IT security decision makers along with external hacks and malware. Among the other findings in the report, fewer than than 40% (39.6%) of organizations train best cybersecurity practices and data hygiene to employees, and 26% of r

Data breaches 157

Data breaches Encryption Risk Malware 157

Tech Republic Security

DECEMBER 19, 2019

83 users have already been affected by 65 malicious files disguised as copies of Star Wars: The Rise of Skywalker according to Kaspersky.

144

144

Schneier on Security

DECEMBER 17, 2019

New details : At the CyberwarCon conference in Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company's threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin. Microsoft has watched the group carry out so-called password-spraying attacks over the past year that try just a few common passwords across user accounts at tens of thousands

Passwords 156

Passwords Manufacturing Accountability Hacking 156

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. TP-Link addressed a critical zero-day vulnerability ( CVE-2017-7405 ) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was not previously reported and can affect both home and business environments.” explained

Passwords 92

Passwords Advertising Firmware Authentication 92

WIRED Threat Level

DECEMBER 16, 2019

Jared Johns found out too late that swapping messages with the pretty girl from a dating site would mean serious trouble. If only he had known who she really was.

Hacking 96

Hacking 96

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

DECEMBER 20, 2019

Find out what Jack Wallen predicts for the cloud and cloud-adjacent technology in 2020 and why he encourages you to dream big.

Technology 151

Technology 151

Schneier on Security

DECEMBER 16, 2019

Interesting research : SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7 , the decades-old phone system carriers still used for calling and texting, which has long been known to be vulnerable to interception and spoofing attacks. While using end-to-end encrypted internet-based tools like iMessage and WhatsApp obviates many of those of SS7 issues, Nohl says that flawed implementations o

Encryption 154

Encryption Internet Internet 154

Security Affairs

DECEMBER 15, 2019

The largest hospital in New Jersey announced on Friday that a ransomware attack last week disrupted its network and that it paid a ransom. The largest hospital in New Jersey, the Hackensack Meridian Health, was the victim of a ransomware attack last week that disrupted its network, the IT staff decided to pay the ransom to decrypt the files. Hackensack Meridian operates 17 acute care and specialty hospitals, and the psychiatric facility Carrier Clinic, nursing homes, and outpatient centers.

Ransomware 92

Ransomware Computers and Electronics Advertising Insurance 92

Thales Cloud Protection & Licensing

DECEMBER 16, 2019

Nearly half (48%) of all corporate data is stored in the cloud according to the 2019 Thales Global Cloud Security Study conducted by the Ponemon Institute. Organizations admitted that on average, only about half (49%) of the data stored in the cloud is secured with encryption and only one-third (32%) believe protecting data in the cloud is their responsibility.

Encryption 111

Encryption Architecture Engineering Government 111

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

DECEMBER 19, 2019

Certain security flaws in 2G, 3G, and 4G have not been resolved, and 5G is vulnerable as well, says a new report from Positive Technologies.

Technology 133

Technology 133

Schneier on Security

DECEMBER 14, 2019

This is a current list of where and when I am scheduled to speak: I'm speaking at SecIT by Heise in Hannover, Germany on March 26, 2020. The list is maintained on this page.

140

140

Security Affairs

DECEMBER 16, 2019

Facebook informed its employees that hard drives containing information about its workers’ payroll were stolen from a car last month. On Friday, Facebook announced that hard drives containing information about its workers’ payroll were stolen from a car last month. According to the company, a thief stole unencrypted hard drives containing banking data belonging to 29,000 Facebook employees.

Identity Theft 87

Identity Theft Banking Advertising Media 87

Daniel Miessler

DECEMBER 16, 2019

[advanced_iframe src=”[link] width=”100%”] No related posts.

Information Security 100

Information Security 100

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

DECEMBER 15, 2019

Jack Wallen runs through 10 of the most important cybersecurity threats, breaches, tools, and news of the year.

Cybersecurity 151

Cybersecurity 151

Thales Cloud Protection & Licensing

DECEMBER 19, 2019

Quantum computing is based on the quantum mechanics principles of superposition and entanglement. Scientists say that quantum computing will cause seismic shifts in cryptography as we know it and will put all known split key (or asymmetric) cryptographic algorithms at risk. 2019 was a milestone year for quantum computing. Google’s announcement of achieving “quantum supremacy” sparkled the debate once more over the impact of quantum computing in cryptography.

Technology 83

Technology Government Encryption Internet 83

Security Affairs

DECEMBER 19, 2019

Security researcher Bob Diachenko discovered more than 267 million Facebook user IDs, phone numbers and names in an unsecured database. Security expert Bob Diachenko, along with Comparitech, has discovered more than 267 million Facebook user IDs, phone numbers and names in an unsecured database. The huge trove of data is likely the result of an illegal scraping operation or Facebook API abuse by a group of hackers in Vietnam.

Advertising 81

Advertising Phishing Authentication Passwords 81

WIRED Threat Level

DECEMBER 18, 2019

Gerry Cotten took at least $137 million to the grave when he died without giving anyone the password to his encrypted laptop.

Encryption 98

Encryption Passwords Cryptocurrency 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

DECEMBER 19, 2019

Other poor choices include "password," "princess," "qwerty," "iloveyou" and "welcome," according to the 2019 list from SplashData.

Passwords 138

Passwords 138

Dark Reading

DECEMBER 17, 2019

Protecting the places where application services meet is critical for protecting enterprise IT. Here's what security pros need to know about "the invisible glue" that keeps apps talking to each other.

67

67

Security Affairs

DECEMBER 16, 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019. The company collected 500 million passwords in total and the results were disconcerting.

Passwords 80

Passwords Data breaches Password Management Advertising 80

WIRED Threat Level

DECEMBER 18, 2019

Thirty years ago, Cliff Stoll published The Cuckoo's Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.

Internet 81

Internet Internet Cybersecurity 81

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

DECEMBER 16, 2019

Experts say don't leave your devices open to cyberattacks from hackers anxious to steal your information.

150

150

Dark Reading

DECEMBER 16, 2019

Meanwhile, the mayor of the city of New Orleans says no ransom money demands were made as her city struggles to recover from a major ransomware attack launched last week.

Ransomware 64

Ransomware 64

Security Affairs

DECEMBER 19, 2019

The FBI warned one again the holiday travelers about the danger of using free WiFi networks while traveling. Free WiFi networks, such as the ones in the airports and hotel, hide many dangers to the holiday travelers, for this reason, has once again published a new warning. Threat actors could leverage free WiFi networks to infect victims with malware, to steal their sensitive data or to take over their devices. “Don’t allow your phone, computer, tablet, or other devices to auto-conne

Wireless 71

Wireless Advertising Passwords Banking 71

WIRED Threat Level

DECEMBER 15, 2019

The next-generation wireless networks make it harder to track and spoof users, but security holes remain because devices still connect to older networks.

Wireless 76

Wireless 76

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk