Sat.Nov 07, 2020 - Fri.Nov 13, 2020

article thumbnail

Body Found in Canada Identified as Neo-Nazi Spam King

Krebs on Security

The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke , a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports. Homicide detectives said they originally thought the man found June 14, 2017 in a torched SUV on a logging road in Squamish, British Columbia was a local rock climber known to others in the area as a politically progressive vegan named

Banking 345
article thumbnail

2020 Was a Secure Election

Schneier on Security

Over at Lawfare: “ 2020 Is An Election Security Success Story (So Far).” What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a pandemic. Some of the primaries were disasters.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Breached Mashable User Database Leaked Online

Adam Levin

The personal information of technology and culture website Mashable.com users has been discovered in a leaked database online. Mashable announced the leak late November 8, in an announcement on its website. “[W]e learned that a hacker known for targeting websites and apps had posted a copy of a Mashable database to the internet.The types of data in the database included first and last names, general location (such as city or country), email addresses, gender, date of registration, IP addresses,

Passwords 286
article thumbnail

Weekly Update 217

Troy Hunt

This week's update had a load of questions so even whilst the planned content didn't consume a lot of time, audience engagement was great and I appreciate all the input. The big excitement for me was that Ubiquiti doorbell and whilst that might seem like a small thing, I'm absolutely loving it and the ability to answer it from anywhere whilst also integrating it into Home Assistant and triggering events like Sonos text to speech is really cool.

Scams 284
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook.

article thumbnail

“Privacy Nutrition Labels” in Apple’s App Store

Schneier on Security

Apple will start requiring standardized privacy labels for apps in its app store, starting in December: Apple allows data disclosure to be optional if all of the following conditions apply: if it’s not used for tracking, advertising or marketing; if it’s not shared with a data broker; if collection is infrequent, unrelated to the app’s primary function, and optional; and if the user chooses to provide the data in conjunction with clear disclosure, the user’s name or accou

More Trending

article thumbnail

4 phishing scams to watch out for during the holidays

Tech Republic Security

Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them.

Scams 218
article thumbnail

Patch Tuesday, November 2020 Edition

Krebs on Security

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.

Software 259
article thumbnail

New Zealand Election Fraud

Schneier on Security

It seems that this election season has not gone without fraud. In New Zealand, a vote for “Bird of the Year” has been marred by fraudulent votes : More than 1,500 fraudulent votes were cast in the early hours of Monday in the country’s annual bird election, briefly pushing the Little-Spotted Kiwi to the top of the leaderboard, organizers and environmental organization Forest & Bird announced Tuesday.

308
308
article thumbnail

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Related: CEOs quit Tweeting to protect their companies A confluence of technical and social developments points to username-and-password logons becoming obsolete over the next few years.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Phishing, deepfakes, and ransomware: How coronavirus-related cyberthreats will persist in 2021

Tech Republic Security

The pandemic and 5G speed create wider attack capabilities. Phishing emails and other threats will continue to exploit COVID-19 and its side effects, says Check Point Research.

Phishing 193
article thumbnail

The Predictions Dilemma

Javvad Malik

The last quarter of the year is also known as predictions season. It’s the time where those who consider themselves to be wise and enlightened rub their chin thoughtfully and spout the wisdom of what the future holds. I should know, in my days as an industry analyst I was often called upon as a digital Nostradamus. But predictions are no easy feat, and there is a dilemma associated with it… which I call the Predictions Dilemma (contact me for all your branding and marketing needs).

Marketing 130
article thumbnail

The Security Failures of Online Exam Proctoring

Schneier on Security

Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but they’re uniformly mediocre : The remote proctoring industry offers a range of services, from basic video links that allow another human to observe students as they take exams to algorithmic tools that use

article thumbnail

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike

Security Affairs

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and businesses in using videoconferencing solutions, and threat actors are attempting to exploit this scenario.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

6 training trends to watch that "will define the workplace in 2021"

Tech Republic Security

With the shift to remote work amid the coronavirus pandemic, online learning related to mindfulness, cybersecurity, and hybrid tech capabilities surged, Udemy found.

article thumbnail

The NEW CompTIA Security+: Your Questions Answered

CompTIA on Cybersecurity

CompTIA Security+ got a big upgrade to reflect the changes in cybersecurity. If you're pursuing a career in cybersecurity, we have answers to some of the biggest questions about the new CompTIA Security+.

article thumbnail

Inrupt’s Solid Announcement

Schneier on Security

Earlier this year, I announced that I had joined Inrupt , the company commercializing Tim Berners-Lee’s Solid specification : The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things — your computer, your phone, your IoT whatever — is written to your pod.

Insurance 291
article thumbnail

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

Many popular OS and applications have been hacked during this year’s edition of the Tianfu Cup hacking competition. This year’s edition of the Tianfu Cup hacking competition was very prolific, bug bounty hackers have discovered multiple vulnerabilities in multiple software and applications. The Tianfu Cup is the most important hacking contest held in China, the total bonus of the contest this year was up to 1 million US dollars.

Hacking 133
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

How to securely donate old Windows 10 PCs

Tech Republic Security

Many are looking to donate their spare computing devices to people who need them but can't afford to get them on their own. There is a safe and data-secure way to make your donation.

179
179
article thumbnail

The Scammer Who Wanted to Save His Country

WIRED Threat Level

Last fall, a hacker gave Glenn Greenwald a trove of damning messages between Brazil’s leaders. Some suspected the Russians. The truth was far less boring.

Hacking 143
article thumbnail

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Threatpost

A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with identity theft, scams, credit-card fraud and vacation-stealing.

article thumbnail

9 New Tactics to Spread Security Awareness

Dark Reading

Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Top 5 things to do with old gadgets

Tech Republic Security

If you're wondering what to do with devices you don't use anymore, Tom Merritt offers five suggestions for how to deal with them.

209
209
article thumbnail

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET researchers discovered a new modular backdoor, dubbed ModPipe, that was designed to target PoS systems running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 , which is a management suite widely used in restaurant and hospitality sectors.

Malware 131
article thumbnail

We Need A Discipline of Cyber Public Health

Adam Shostack

I’m very excited that, on Monday, I’ll be giving a Distinguished Lecture, “ We Need A Discipline of Cyber Public Health ” at Ruhr University Bochum. It ties together some deeper analysis of where we are with the discipline of security engineering, some of the challenges we face, and how we can solve them. The abstract is: For all the tragedy the coronavirus has brought and difficulties in fighting it, we have a discipline of public health.

Education 100
article thumbnail

We Secured the Election. Now How Do We Secure Trust in Results?

Dark Reading

Disinformation campaigns are now designed not only to influence how voters fill out their ballots, but also how confident they are in the entire process. How do legislators, media organizations, security professionals, and voters respond?

Media 126
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

STEM and cybersecurity training are critical for the future

Tech Republic Security

Training people to fill cybersecurity jobs is important, but teaching everyone safe practices is also essential.

article thumbnail

E-commerce platform X-Cart hit by a ransomware attack

Security Affairs

The e-commerce software platform X-Cart suffered a ransomware attack at the end of October, e-stores hosted by the company went down. At the end of October, the e-commerce software platform X-Cart suffered a ransomware attack, the infection brought down customers’ e-stores hosted by the company on its platform. The software and services company X-Cart was recently acquired by Seller Labs, the premier software and services provider for Amazon sellers and brands.

article thumbnail

Bravo-Cado: Cloud Forensics Defying COVID-19

Javvad Malik

I worked for a couple of years with Chris Doman when I was at AlienVault. In his spare time Chris ran a popular threat intelligence portal called ThreatCrowd which AlienVault acquired when they hired him. Chris is not only one of the smartest people I’ve worked with, but also one of the nicest. I enjoyed collaborating with him over the years and learnt a lot from him. .

Marketing 100
article thumbnail

Animal Jam Hacked, 46M Records Roam the Dark Web

Threatpost

Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum.

Hacking 124
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.