Troy Hunt

NOVEMBER 7, 2019

We're pretty much at a "secure by default" internet these days, at least that's the assumption with most websites, particularly so in the financial sector. About 80% of all web pages are loaded over an HTTPS connection , browsers are increasingly naggy when anything isn't HTTPS and it's never been cheaper nor easier to HTTPS all your things. Which meant that this rather surprised me: Let me break down what's happening here: I'm in (yet another) hotel and on complete autopilot, I start typing "xe

Passwords 254

Passwords Internet Internet Risk 254

Schneier on Security

NOVEMBER 5, 2019

This essay discusses the futility of opting out of surveillance, and suggests data obfuscation as an alternative. We can apply obfuscation in our own lives by using practices and technologies that make use of it, including: The secure browser Tor , which (among other anti-surveillance technologies) muddles our Internet activity with that of other Tor users, concealing our trail in that of many others.

Surveillance 214

Surveillance Technology Internet Internet 214

The Last Watchdog

NOVEMBER 4, 2019

Some 20 years ago, the founders of Amazon and Google essentially set the course for how the internet would come to dominate the way we live. Jeff Bezos of Amazon, and Larry Page and Sergey Brin of Google did more than anyone else to actualize digital commerce as we’re experiencing it today – including its dark underbelly of ever-rising threats to privacy and cybersecurity.

Technology 179

Technology Cryptocurrency Internet Internet 179

Tech Republic Security

NOVEMBER 7, 2019

Support for Windows 7 and Server 2008 is ending in January 2020. Here's how to protect your systems.

158

158

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

NOVEMBER 3, 2019

Banking industry giant NCR Corp. [ NYSE: NCR ] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuicBooks Online from accessing Digital Insight , an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded.

Banking 156

Banking Accountability Passwords Authentication 156

Schneier on Security

NOVEMBER 7, 2019

Fireeye reports on a Chinese-sponsored espionage effort to eavesdrop on text messages: FireEye Mandiant recently discovered a new malware family used by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider in support of Chinese espionage efforts.

Telecommunications 185

Telecommunications Encryption Malware 185

Tech Republic Security

NOVEMBER 7, 2019

Andrew Conway, general manager for Microsoft 365 Security, discusses how to prevent credential theft by relying on biometric security.

Authentication 152

Authentication Passwords 152

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

As most of us know, IoT devices are on the rise in enterprise networks. According to McKinsey & Company , the proportion of organizations that use IoT products has grown from 13 percent in 2014 to 25 percent today. That pace is unlikely to slow down over the coming years; Pagely noted that organizations are still turning to IoT devices as a way to automate and optimize their business processes as well as save on energy costs.

IoT 122

IoT Risk Energy and Utilities Healthcare 122

Schneier on Security

NOVEMBER 6, 2019

This is a fascinating article about a bait-and-switch Airbnb fraud. The article focuses on one particular group of scammers and how they operate, using the fact that Airbnb as a company doesn't do much to combat fraud on its platform. But I am more interested in how the fraudsters essentially hacked the complex sociotechnical system that is Airbnb. The whole article is worth reading.

Hacking 179

Hacking 179

Adam Levin

NOVEMBER 7, 2019

On the latest episode of Third Certainty, Adam Levin explains the dangers of e-skimming, where malicious code is deployed to e-commerce sites to steal customer payment information. The post Be On The Lookout for E-Skimmers – Third Certainty #9 appeared first on Adam Levin.

Technology 114

Technology 114

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

NOVEMBER 7, 2019

Dangerous URL messages, the resurgence of Emotet, and banking trojans flood the cyberthreat landscape, Proofpoint found.

Banking 141

Banking Malware 141

Troy Hunt

NOVEMBER 2, 2019

It's been a pretty full week this one with a couple of talks in Sydney followed by another in Melbourne. Then, to top it all off, getting sick hasn't helped and oh boy did this one hurt. Good news is that even just a few hours after recording this video I'm felling much better, but I desperately need to take a longer period of rest if I don't want a repeat of this any time soon.

Passwords 114

Passwords Hacking Risk 114

Schneier on Security

NOVEMBER 8, 2019

xHelper is not interesting because of its infection mechanism; the user has to side-load an app onto his phone. It's not interesting because of its payload; it seems to do nothing more than show unwanted ads. it's interesting because of its persistence : Furthermore, even if users spot the xHelper service in the Android operating system's Apps section, removing it doesn't work, as the trojan reinstalls itself every time, even after users perform a factory reset of the entire device.

Malware 172

Malware Advertising Encryption Hacking 172

Adam Levin

NOVEMBER 6, 2019

The June data breach of Canadian financial institution Desjardins was wider in scope than initially reported and compromised the data of all 4.2 million of its individual members. The breach, initially detected in December 2018 and announced in July 2019, was originally estimated to have affected 2.7 customers and 173,000 businesses. Desjardins announced the revised figure based on information shared by the Sûreté du Québec (SQ), the Quebec province’s police force.

Data breaches 114

Data breaches Insurance 114

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

NOVEMBER 6, 2019

A report from security firm Akamai found that hackers were using analytics services to optimize their phishing efforts.

Phishing 133

Phishing 133

Security Affairs

NOVEMBER 7, 2019

Experts observed a new phishing campaign that used a specially crafted ZIP archive that was designed to bypass secure email gateways to distribute malware. Attackers have devised a new technique to distribute malware bypassing secure email gateways and other security solutions by using a specially crafted ZIP file. The structure of a ZIP archive contains compressed data, information about the compressed files and a single “End of Central Directory” (EOCD) record, that delimits the end of t

Malware 111

Malware Advertising Phishing Engineering 111

Schneier on Security

NOVEMBER 4, 2019

Tom's Guide writes about home brew TEMPEST receivers: Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own -- and their neighbors' -- electronic devices are doing. Elliott, a researcher at Boston-based security company Veracode, showed that an inexpensive USB dongle TV tuner costing about $10 can pick up a broad range of signals, which can be "tuned" and interpreted by software-defined radio (SDR) app

Computers and Electronics 157

Computers and Electronics Software Technology Spyware 157

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

In a previous blog post ( [link] ) we explored the relationship between GPDR and applications in the cloud. Trust is generally the foundation and basis of any good relationship, but when it comes to protecting your organization, sometimes a Zero Trust mentality is your best bet. Today, Zero Trust, is a tech buzz word heard often, but what is the thought process behind it?

Identity Theft 109

Identity Theft Passwords Authentication Accountability 109

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

NOVEMBER 8, 2019

Learn how to obfuscate SSH login with port knocking.

133

133

Security Affairs

NOVEMBER 8, 2019

Italian law enforcement shut down the ‘Berlusconi market’ black market and arrested three suspected of being its administrators. Italian financial police “Guardia di Finanza” shut down the ‘Berlusconi market’ black market hosted on the Tor network and arrested three administrators. The site was managed by two individuals that go online with nicknames of “ VladimirPutin ” with the role of administrator and “EmmanuelMacron” as moderator.

Marketing 111

Marketing Advertising Hacking Malware 111

Adam Shostack

NOVEMBER 6, 2019

I was not aware that the ITU had formalized swim lane diagrams into Message Sequence Charts. While you don’t need to use these formalizations, the choices they made, and the comparisons to UML’s diagrams can be interesting, especially if there are tricky corners where you’re having trouble modeling some flow. For example, “They work particularly great in opening up assumptions (e.g., so many times a message from server to another has proven to be actually relayed through

100

100

Daniel Miessler

NOVEMBER 4, 2019

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

Information Security 100

Information Security 100

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

NOVEMBER 5, 2019

In 2019, 23 city governments in Texas experienced a coordinated ransomware attack. Tom Merritt explains how they defended themselves and ways you can protect your own business.

Ransomware 128

Ransomware Government 128

Security Affairs

NOVEMBER 3, 2019

Experts have spotted the first mass-hacking campaign exploiting the BlueKeep exploit , crooks leverage the exploit to install a cryptocurrency miner. Security researchers have spotted the first mass-hacking campaign exploiting the BlueKeep exploit , the attack aims at installing a cryptocurrency miner on the infected systems. In May, Microsoft warned users to update their systems to address the remote code execution vulnerability dubbed BlueKeep , A few days later, the National Security Agency (

Cyber Attacks 97

Cyber Attacks Penetration Testing Cryptocurrency Hacking 97

WIRED Threat Level

NOVEMBER 6, 2019

Hackers are one thing. But too few companies take the threat of an inside job seriously enough. .

Hacking 93

Hacking 93

eSecurity Planet

NOVEMBER 4, 2019

Application security is a widespread problem. These security tools can help find and fix application vulnerabilities before hackers exploit them.

91

91

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

NOVEMBER 7, 2019

Chris Bell, director of product management at Secureworks, describes the difficult balance to strike for presenting actionable information to security professionals without exhausting them with information overload.

128

128

Security Affairs

NOVEMBER 5, 2019

The #FifthOfNovember has arrived, the Italian branch of Anonymous and LulzSecITA hacked websites of professional orders, prefecture of Naples, and also the telephone operator Lyca Mobile. The Million Mask March , also known as “Operation Vendetta” is a worldwide, annual protest associated with the hacktivist group Anonymous occurring annually on Guy Fawkes Day, the 5th of November.

Mobile 79

Mobile Hacking Advertising Data breaches 79

WIRED Threat Level

NOVEMBER 4, 2019

By pointing lasers tuned to a precise frequency at a smart assistant, researchers could force it to unlock cars, open garage doors, and more.

Hacking 80

Hacking 80

Dark Reading

NOVEMBER 4, 2019

With their lens into the human side of business, human resources can be an effective partner is the effort to train employees on awareness and keep an organization secure.

Cybersecurity 71

Cybersecurity 71

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!