Krebs on Security
NOVEMBER 17, 2020
An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.
Schneier on Security
NOVEMBER 16, 2020
Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze : Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesn’t solve any problems civil elections actually have. It’s basically incompatible with “software independence”, considered an essential property.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
NOVEMBER 17, 2020
The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster. With this in mind, all eyes should be on Black Friday. According to Adobe Analytics’ recent holiday forecast , online sales are projected to surge 33% year over year to a record $189 billion as “Cyber-week turns to Cyber-months” amid the ongoing COVID-19 pandemic.
Troy Hunt
NOVEMBER 19, 2020
This week, I've finally got a workable mobile setup with sufficient quality audio and video. As I explain in the video, this is ultimately achieved by the Sigma lens feeding into the Sony DSLR then via micro HDMI to the Elgato Cam Link 4K into my laptop via USB which then wifis over to my boat shed access point connected via ethernet over power to the server room and into the network.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
NOVEMBER 20, 2020
A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping , a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.
Schneier on Security
NOVEMBER 20, 2020
Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well as custom malware in this attack campaign, including a custom malware — Backdoor.Hartip — that Symantec has not seen being used by the group before.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
NOVEMBER 20, 2020
IBM, Honeywell, and Intel are just three companies leading the way in building quantum machines as well as the algorithms and controls to run them. Learn about possible business use cases for quantum.
Javvad Malik
NOVEMBER 19, 2020
For October’s National Cyber Security Awareness month, I put together a few videos and blogs. In my mind it formed a campaign, but for various reasons, the timings were a bit inconsistent and the different resources ended up on different places. So as a recap – I put everything from this year into this one blog post. Hey just because the month is over doesn’t mean we pack up and go home right. 5 Cyber Security Awareness Month Tips for Cybersecurity Professionals.
Schneier on Security
NOVEMBER 14, 2020
This is a current list of where and when I am scheduled to speak: I’m speaking at the (ISC)² Security Congress 2020 , November 16, 2020. I’ll be on a panel at the OECD Global Blockchain Policy Forum 2020 on November 17, 2020. The panel is called “Deep Dive: Digital Security and Distributed Ledger Technology: Myths and Reality.” I’m speaking on “ Securing a World of Physically Capable Computers ” as part of Cary Library’s Science & Economics Series on Novem
Adam Shostack
NOVEMBER 17, 2020
There’s a threat modeling manifesto being released today by a diverse set of experts and advocates for threat modeling. We consciously modeled it after the agile manifesto and it’s focused on values and principles. Also, there’s a podcast that gives you a chance to listen, behind-the-scenes at The Threat Modeling Manifesto – Part 1.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
NOVEMBER 16, 2020
Implementing appropriate data privacy is critical for company operations and success. Learn some of the challenges and solutions recommended to do the job right.
Adam Levin
NOVEMBER 14, 2020
As Covid-19 rise across the country, public health officials are starting to ramp up contact tracing efforts. . Among other issues, tracking the spread of the disease has been stymied by widespread confusion and misinformation about what kind of data is being collected, and by whom. . Misconceptions about Covid-19 tracking have yielded fertile ground for scammers, who have used phone calls, text messages, and even malicious apps to collect sensitive personal information and spread malware. .
Schneier on Security
NOVEMBER 19, 2020
Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide.
The Last Watchdog
NOVEMBER 16, 2020
Most of time we take for granted the degree to which fundamental components of civilization are steeped in mathematics. Everything from science and engineering to poetry and music rely on numeric calculations. Albert Einstein once observed that “pure mathematics is, in its way, the poetry of logical ideas.” Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
NOVEMBER 18, 2020
This year was rough for all involved--even Linux and open source didn't come through unscathed. See what Jack Wallen considers to be the biggest issue for Linux in 2020.
Security Affairs
NOVEMBER 19, 2020
The CyberNews.com Investigation team carried out an infiltration operation against an IRC botnet and reported it to CERT Vietnam to help take it down. Original post @ [link]. In order to gather valuable information about the IRC botnet’s activity, we joined its Command and Control channel where we met the botmaster who was responsible for running the entire network of compromised systems.
CompTIA on Cybersecurity
NOVEMBER 18, 2020
Learn about the cybersecurity industry for beginners and how you can further your cybersecurity career with IT certifications like CompTIA Security+.
Anton on Security
NOVEMBER 20, 2020
Sometimes great old blog posts are hard to find (especially on Medium ), so I decided to do a periodic (who am I kidding, occasional?—?not periodic ) list blog with my favorite posts of the past quarter or so. Here is my first. The posts below are ranked by lifetime views and topic. It covers both Anton on Security and my posts from Google Cloud blog.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
NOVEMBER 19, 2020
Cybercriminals are taking advantage of Google's open and accessible online tools to skirt past the usual security filters, says Armorblox.
Security Affairs
NOVEMBER 15, 2020
Chilean-based retail giant Cencosud has suffered a ransomware attack that impacted operations at its stores, Egregor ransomware appears to be involved. A ransomware attack, allegedly launched by the Egregor ransomware gang, hit the Chilean-based retail giant Cencosud, the incident impacted operations at its stores. Cencosud the largest retail company in Chile and the third largest listed retail company in Latin America, competing with the Brazilian Companhia Brasileira de Distribuição and the Me
Threatpost
NOVEMBER 19, 2020
Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.
WIRED Threat Level
NOVEMBER 18, 2020
A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
NOVEMBER 18, 2020
People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.
Security Affairs
NOVEMBER 20, 2020
Authorities in India believe that a major power outage that occurred in October in Mumbai may have been caused by hackers. On October 13, a major power outage occurred in the metropolitan area of Mumbai causing the partial disruption of the traffic management systems and the paralysis of the rail traffic and also impacted work at the stock exchange.
Threatpost
NOVEMBER 16, 2020
Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.
CompTIA on Cybersecurity
NOVEMBER 18, 2020
CompTIA PenTest+ is now approved by the U.S. Department of Defense (DoD) 8570 for three cybersecurity job categories.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
NOVEMBER 19, 2020
Linux endpoint detection and response will help Microsoft Defender customers secure Linux servers and networks against security nasties.
Security Affairs
NOVEMBER 18, 2020
Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defense evasion and social engineering,” reads a message pub
Threatpost
NOVEMBER 19, 2020
Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks.
Dark Reading
NOVEMBER 19, 2020
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
331 
Let's personalize your content