Sat.Feb 22, 2020 - Fri.Feb 28, 2020

article thumbnail

Deep Learning to Find Malicious Email Attachments

Schneier on Security

Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week.

Phishing 355
article thumbnail

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

Krebs on Security

The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data.

Wireless 354
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Handling Huge Traffic Spikes with Azure Functions and Cloudflare

Troy Hunt

Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. They'd given me a heads up as apparently, that's what the program has a habit of doing: I Just wanted to get in contact to let you know we're featuring 'have I been pwned?

article thumbnail

Stalkerware Installations Up 60% in 2019

Adam Levin

The number of stalkerware apps detected on smartphones increased in 2019, a full 60% over the previous year according to a new report released by Kaspersky Labs. . The anti-virus company’s annual mobile malware report said stalkerware reports increased from 40,286 in 2019 to 67,500 in 2019, figures derived from data gleaned from Kaspersky product users that consented to provide statistical data for research purposes.

Malware 236
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Firefox Enables DNS over HTTPS

Schneier on Security

This is good news : Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. [.]. But the move is not without controversy.

DNS 277
article thumbnail

Zyxel Fixes 0day in Network Storage Devices

Krebs on Security

Patch comes amid active exploitation by ransomware gangs. Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground.

IoT 301

LifeWorks

More Trending

article thumbnail

Threat Model Thursday: BIML Machine Learning Risk Framework

Adam Shostack

The Berryville Institute of Machine Learning (BIML) has released “ An Architectural Risk Analysis of Machine Learning Systems.” This is an important step in the journey to systematic, structured, and comprehensive security analysis of machine learning systems, and we can contrast it with the work at Microsoft I blogged about last month. As always, my goal is to look at published threat models to see what we can learn.

Risk 182
article thumbnail

Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program

Schneier on Security

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which wa

275
275
article thumbnail

BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

The Last Watchdog

Along with Richard Stiennon , I belong to a small circle of journalists and tech industry analysts who’ve been paying close attention to cybersecurity since Bill Gates curtailed commercial work on Windows to rivet Microsoft’s attention on defending its software code. Related: The role of PKI is securing digital transformation That was in 2002. Back then, email spam was a nuisance evolving into a potent attack vector, and the top malware innovators were script kiddies seeking bragging rights.

article thumbnail

Coronavirus: How hackers are exploiting the epidemic to steal your information

Tech Republic Security

Karen Roby interviewed a cybersecurity expert about a different threat than COVID-19 brings.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Blackhat and Human Factors

Adam Shostack

As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there. Over the past few years, we’ve developed an interesting track with good material year over year. The 2020 call for papers is open and closes April 6th. I wrote a short blog post on what we look for. The BlackHat CFP calls for work which has not been published elsewhere.

147
147
article thumbnail

Russia Is Trying to Tap Transatlantic Cables

Schneier on Security

The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe. The cables enable millions of people to communicate and allow financial transactions to take place seamlessly. Garda and military sources believe the agents were sent by the GRU, the military intelligence branch of the Russian armed forces which was blamed for the nerve a

Internet 272
article thumbnail

How a Hacker's Mom Broke Into a Prison—and the Warden's Computer

WIRED Threat Level

Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother.

Hacking 145
article thumbnail

How to create a Linux user that cannot log in

Tech Republic Security

For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.

218
218
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Joker malware still able to bypass Google Play Store checks

Security Affairs

The infamous Joker malware has found a way to bypass the security checks to be published in the official Play Store, new clicker was found by experts. The fight to the Joker malware (aka Bread) begun in September 2019 when security experts at Google removed from the official Play Store 24 apps because they were infected with a new spyware tracked as “ the Joker. ”.

Malware 145
article thumbnail

Humble Bundle's 2020 Cybersecurity Books

Schneier on Security

For years, Humble Bundle has been selling great books at a "pay what you can afford" model. This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's Encrypt. (The default is 15%, and you can change that.

article thumbnail

7 Tips to Improve Your Employees' Mobile Security

Dark Reading

Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.

Mobile 134
article thumbnail

16 best practices for improving cybersecurity

Tech Republic Security

Cisco's 2020 CISO Benchmark Study links a robust patch policy and collaboration to smaller data breaches.

CISO 218
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

ISS reveals malware attack impacted parts of the IT environment

Security Affairs

ISS , the multinational Denmark-based facility services company, was hit with a malware that shuts down shared IT services worldwide. ISS , the Danish multinational services company announced it was hit with malware, in response to the incident the firm disabled access to shared IT services worldwide. ISS services include cleaning services, support services, property services, catering services, security services and facility management services.

Malware 145
article thumbnail

DHS Issues Ransomware Warning for Critical Infrastructure Operators

Adam Levin

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory following a ransomware attack on a natural gas compression facility. In the warning, CISA announced that a “cyber threat actor used a Spearphising Link to obtain initial access to the organization’s information technology (IT) network before pivoting to its OT network.

article thumbnail

Unsupervised Learning: No. 217

Daniel Miessler

[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

article thumbnail

Infosys CISO: Being good at technology is no longer enough

Tech Republic Security

Vishal Salvi says investing time and developing influence are the keys to making the shift to a secure-by-design mindset.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Google removed nearly 600 apps from the Play Store for ad policy violation

Security Affairs

Google announced to have removed nearly 600 Android apps in the official Play Store that were violating two ad-related policies. Google removed from the official Play Store nearly 600 Android apps that were violating two ad-related policies, it also banned the same apps from Google AdMob and Google Ad Manager. “As part of our ongoing efforts — along with help from newly developed technologies — today we’re announcing nearly 600 apps have been removed from the Google Play Store and banned f

article thumbnail

Protecting Against Coronavirus Scams – Third Certainty #12

Adam Levin

The global coronavirus pandemic has created a fertile field for cybercriminals seeking to prey upon the fears of their victims. In the latest episode of Third Certainty, Adam Levin discusses how people can protect themselves online. The post Protecting Against Coronavirus Scams – Third Certainty #12 appeared first on Adam Levin.

Scams 130
article thumbnail

6 Truths About Disinformation Campaigns

Dark Reading

Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.

128
128
article thumbnail

Cloud misconfigurations are a new risk for the enterprise

Tech Republic Security

Cybersecurity is an imperfect science, similar to infectious disease control, according to McAfee CTO.

Risk 218
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hunting the coronavirus in the dark web

Security Affairs

Let me share with you the result of a one-night long analysis of major black marketplaces searching for anything related to the coronavirus epidemic. Recently I have received many questions from journalists and colleagues about the activity in the dark web related to the coronavirus epidemic, here you are what I have found digging in the major black marketplaces.

Marketing 145
article thumbnail

Malicious Documents Emerging Trends: A Gmail Perspective

Elie

This talk provides a comprehensive analysis of the malicious documents that target users and corporate inboxes, an in-depth analysis of the latest evasion tactics used by attackers and what Google is doing about it.

118
118
article thumbnail

SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps

Dark Reading

Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you.

112
112
article thumbnail

The good, the bad, and the scary from Experian's data breach report

Tech Republic Security

Many security teams don't update response plans on a regular basis but complying with GDPR is getting easier.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!