Troy Hunt

OCTOBER 15, 2020

You know how some people are what you'd call "house proud" in that they like everything very neat and organised? You walk in there and everything is in its place, nice and clean without clutter. I'm what you'd call "network proud" and the same principle applies to how I manage my IP things: That's just a slice of my Ubiquiti network map which presently has 91 IP addresses on it between clients and network devices.

IoT 356

IoT Risk 356

Krebs on Security

OCTOBER 12, 2020

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot , a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks.

Healthcare 343

Healthcare Internet Internet Ransomware 343

Schneier on Security

OCTOBER 12, 2020

Five researchers hacked Apple Computer’s networks — not their products — and found fifty-five vulnerabilities. So far, they have received $289K. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone’s iCloud account and then do the same to the victim’s contacts.

Hacking 341

Hacking Accountability 341

Adam Levin

OCTOBER 16, 2020

Barnes & Noble has confirmed a data breach following a cyberattack that took many of their services offline. . The bookseller sent an email to customers notifying them that their personal information had been exposed, but that their financial information had not been compromised. . “While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if yo

Data breaches 286

Data breaches VPN Passwords Accountability 286

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

SecureWorld News

OCTOBER 13, 2020

FBI sting reveals a ransomware gang is bribing employees to help launch cyber attacks against their own employers. Details of a foiled ransomware attack.

Ransomware 279

Ransomware Cyber Attacks 279

Troy Hunt

OCTOBER 16, 2020

The week's update comes on the back of a very long week for me, but it's good to be "out there" speaking at events even if they are just from the comfort of my own home. There's also more adventures in IoT, Chrome's experiment with URL paths in their omnibox and Apple messing around with MAC addresses on my phone and watch. Oh - and I did manage to track down what my favourite Norwegian beer is following a question from the audience: I was asked about my favourite Norwegian beer during my live s

Wireless 169

Wireless IoT 169

Tech Republic Security

OCTOBER 16, 2020

If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.

201

201

Adam Levin

OCTOBER 13, 2020

Microsoft has stepped up its efforts to disrupt the Trickbot malware botnet after receiving permission to take on its network infrastructure. Citing concerns of potential activity to disrupt the upcoming elections, Microsoft was granted approval from the U.S. District Court for the Eastern District of Virginia to disable online servers connected to the botnet. .

Threat Detection 161

Threat Detection Malware Banking Ransomware 161

Lenny Zeltser

OCTOBER 13, 2020

REMnux ® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro? To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. Each grouping, which you’ll find in the Discover the Tools section of the documentation site, represents the type of actions the analysts might need to take: Exa

Malware 145

Malware Engineering Software Information Security 145

Schneier on Security

OCTOBER 15, 2020

Earlier this month, we learned that someone is disrupting the TrickBot botnet network. Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Telecommunications 265

Telecommunications Internet Internet Malware 265

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

OCTOBER 16, 2020

Teaching via Zoom has had some unexpected benefits, college professor says, though robotics class is still a challenge. Her real passion is inspiring young women and girls to go into computer science.

Cybersecurity 188

Cybersecurity 188

Security Affairs

OCTOBER 13, 2020

Britain’s most senior cyber general declared that the UK has implemented an advanced offensive cyberwar capability that could destroy its enemies. Gen Sir Patrick Sanders, the UK’s strategic command chief, announced that that the UK has implemented an advanced offensive cyberwar capability that could potentially “degrade, disrupt and destroy” the critical infrastructure of its adversaries.

Government 141

Government Advertising Hacking Cyber Attacks 141

CompTIA on Cybersecurity

OCTOBER 13, 2020

With the increase in cyberattacks and the number of new connected devices, the need for skilled cybersecurity professionals is growing at a rapid pace. The CompTIA Cybersecurity Career Pathway can help you get into cybersecurity.

Cybersecurity 139

Cybersecurity 139

Schneier on Security

OCTOBER 14, 2020

This is a current list of where and when I am scheduled to speak: I’ll be speaking at Cyber Week Online , October 19-21, 2020. I’ll be speaking at the IEEE Symposium on Technology and Society virtual conference, November 12-15, 2020. I’ll be keynoting the 2020 Conference on Cyber Norms on November 12, 2020. I’m speaking at the (ISC)² Security Congress 2020 , November 16, 2020.

Technology 186

Technology 186

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

OCTOBER 12, 2020

Cyberattacks have surged during the coronavirus pandemic. This infographic details ransomware attack trends by industry, continent, and more.

Ransomware 209

Ransomware 209

Security Affairs

OCTOBER 11, 2020

The US DHS’s Homeland Threat Assessment (HTA) report revealed that threat actors have targeted the US Census network during the last year. The US Department of Homeland Security revealed that unknown threat actors have targeted the network of the US Census Bureau during the last year. The attacks were reported in the first Homeland Threat Assessment (HTA) report released earlier this week.

Government 136

Government Advertising Data collection Hacking 136

Threatpost

OCTOBER 13, 2020

The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.

Software 126

Software Ransomware Data breaches IoT 126

Schneier on Security

OCTOBER 14, 2020

The Workshop on Economics of Information Security will be online this year. Register here.

Information Security 246

Information Security 246

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

OCTOBER 14, 2020

What if you could compare security on IoT devices, similar to nutrition labels, before you buy them? One organization is trying to make that happen.

IoT 197

IoT 197

Security Affairs

OCTOBER 11, 2020

Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack. Tyler Technologies, Inc. is the largest provider of software to the United States public sector. At the end of September, the company disclosed a ransomware attack and its customers reported finding suspicious logins and previously unseen remote access tools on their networks.

Technology 134

Technology Ransomware Encryption Advertising 134

Dark Reading

OCTOBER 16, 2020

Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).

131

131

WIRED Threat Level

OCTOBER 13, 2020

Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing.

125

125

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

OCTOBER 14, 2020

IT managers at organizations hit by ransomware are nearly three times as likely to feel "significantly behind" when it comes to understanding cyberthreats, compared to their peers that have never been hit.

Ransomware 163

Ransomware 163

Security Affairs

OCTOBER 14, 2020

Google security researcher discovered Bluetooth vulnerabilities (BleedingTooth) in the Linux kernel that could allow zero-click attacks. Andy Nguyen, a Google security researcher, has found Bluetooth vulnerabilities, referred to as BleedingTooth, in the Linux kernel that could be exploited by attackers to run arbitrary code or access sensitive information.

Advertising 133

Advertising Encryption Hacking Risk 133

Dark Reading

OCTOBER 15, 2020

New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.

Financial Services 125

Financial Services Hacking Media Cybersecurity 125

Threatpost

OCTOBER 15, 2020

Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.

eCommerce 123

eCommerce 123

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

OCTOBER 13, 2020

Cyberattacks against businesses have spiked since the shift to remote work began in early 2020, says Keeper Security.

Cybersecurity 201

Cybersecurity 201

Security Affairs

OCTOBER 15, 2020

The Egregor ransomware gang has hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft. A previously unknown ransomware gang dubbed Egregor has hit the game developer Crytek and leaked files allegedly stolen from the internal network of another leading gaming firm, Ubisoft. Breaking: new #Sekhmet #Ransomware (spin-off?

Ransomware 128

Ransomware Advertising Phishing Media 128

CTOVision Cybersecurity

OCTOBER 14, 2020

Read Bernard Marr explain the difference between cybersecurity and cyber resilience on Forbes: Cyber threats like hacking, phishing, ransomware, and distributed denial-of-service (DDoS) attacks have the potential to cause enormous […].

DDOS 109

DDOS Cybersecurity Cyber threats Phishing 109

WIRED Threat Level

OCTOBER 11, 2020

Researchers found they could stop a Tesla by flashing a few frames of a stop sign for less than half a second on an internet-connected billboard.

Internet 120

Internet Internet Hacking 120

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk