Krebs on Security

SEPTEMBER 8, 2020

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web br

Software 232

Software Backups Authentication Internet 232

Troy Hunt

SEPTEMBER 11, 2020

The highlight of my week was absolutely getting the Shelly 1 units behind a couple of my light switches working as I'd always dreamed. It just opens up so many automation possibilities that I'm really excited about what I might do in the future with them now. When I get the place to a standard I'm happy with, I'll definitely do a good walkthrough and show how it all works.

InfoSec 215

InfoSec 215

Schneier on Security

SEPTEMBER 10, 2020

Ross Anderson’s fantastic textbook, Security Engineering , will have a third edition. The book won’t be published until December, but Ross has been making drafts of the chapters available online as he finishes them. Now that the book is completed, I expect the publisher to make him take the drafts off the Internet. I personally find both the electronic and paper versions to be incredibly useful.

Engineering 200

Engineering Internet Internet 200

Tech Republic Security

SEPTEMBER 11, 2020

If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.

Cybersecurity 188

Cybersecurity Hacking 188

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Levin

SEPTEMBER 8, 2020

The city of Hartford, Connecticut’s capital, was hit by a ransomware attack that disrupted many of its critical systems and caused the city’s first day of school to be postponed. “We are often the subject of cyberattacks,” said Hartford mayor Luke Bronin. This was, however, the most extensive and significant attack that the city has been subject to in the last five years.” .

Ransomware 154

Ransomware Cybersecurity Technology Education 154

Adam Shostack

SEPTEMBER 10, 2020

There’s been a lot of talk over the last week about “updating threat models” in light of the Tesla insider story. ( For example.) I’m getting this question a fair bit, and so wanted to talk about insiders in particular, and how to use the news in threat modeling more generally. This also is a great opportunity to think about incentives.

Engineering 130

Engineering Phishing Accountability Malware 130

Tech Republic Security

SEPTEMBER 7, 2020

Almost anything with an internet connection can be hijacked and used in a malicious botnet attack--IoT devices are especially popular targets. Learn how to spot and prevent this malware threat.

IoT 186

IoT Internet Internet Malware 186

Adam Levin

SEPTEMBER 7, 2020

With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. Find out more on the latest episode of Third Certainty with Adam Levin. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.

Cyber Insurance 130

Cyber Insurance Insurance Data breaches Cybersecurity 130

Security Affairs

SEPTEMBER 5, 2020

FBI issued a second flash alert about ProLock ransomware stealing data, four months after the first advisory published by the feds on the same threat. The FBI has issued the 20200901-001 Private Industry Notification about ProLock ransomware stealing data on September 1st. The fresh alert is the second one related to this threat, the first one (MI-000125-MW Flash Alert) was published on May 4th, 2020.

Ransomware 132

Ransomware Advertising Malware Backups 132

Schneier on Security

SEPTEMBER 5, 2020

I'm switching my website software from Movable Type to Wordpress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. (This is to prevent any new comments from disappearing in the move.). This is not a site redesign, so you shouldn't notice many differences.

Software 249

Software 249

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

SEPTEMBER 10, 2020

Sophisticated hackers and crooks are developing more tools to target Linux-based systems used by government and big business.

Government 215

Government 215

Adam Shostack

SEPTEMBER 7, 2020

Phil Venables is one of the more reflective and thoughtful CSOs out there, and in this era where everything is a tweet or a linkedin post (sigh) you may have missed that Phil has a blog. This Labor day, why not take the time to catch up on his writing?

100

100

Security Affairs

SEPTEMBER 6, 2020

Visa issued a warning regarding a new credit card JavaScript skimmer, tracked as Baka, that implements new features to evade detection. Visa issued a warning regarding a new e-skimmer known as Baka that removes itself from memory after having exfiltrating payment card details. The e-skimmer was first spotted by experts with Visa’s Payment Fraud Disruption (PFD) initiative in February 2020 while analyzing a command and control (C2) server employed in another campaign and that hosted an Imag

eCommerce 131

eCommerce Malware Encryption Advertising 131

Threatpost

SEPTEMBER 7, 2020

As IT systems, IoT and operational technology converge, attacks on cyber-physical systems in industrial, healthcare and other scenarios will come with dire consequences, Gartner predicts.

Healthcare 123

Healthcare IoT Technology Hacking 123

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

SEPTEMBER 11, 2020

Hacker groups are ramping up activity as the US heads into the peak of election season. The latest attacks at times bear hallmarks similar to those seen in 2016.

172

172

Dark Reading

SEPTEMBER 8, 2020

In a rare twist, "next-gen" isn't just marketing-speak when it comes to next-gen firewalls, which function differently than traditional gear and may enable you to replace a variety of devices.

Firewall 109

Firewall Marketing 109

Security Affairs

SEPTEMBER 9, 2020

K-Electric, the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services. K-Electric, the electricity provider for Karachi (Pakistan) is another victim of the Netwalker ransomware gang, the infection disrupted billing and online services. K-Electric (KE) (formerly known as Karachi Electric Supply Company / Karachi Electric Supply Corporation Limited) is a Pakistani investor-owned utility managing all three key stage

Ransomware 128

Ransomware Energy and Utilities VPN Advertising 128

Threatpost

SEPTEMBER 10, 2020

Cyberattacks have caused several school systems to delay students' first day back - and experts warn that new COVID-related delays could be the new "snow days.".

Ransomware 126

Ransomware Phishing Education Government 126

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

SEPTEMBER 10, 2020

Demands are sharply higher, and the complexity and costs of addressing an attack are increasing, according to cyber insurance provider Coalition.

Cyber Insurance 181

Cyber Insurance Insurance Ransomware 181

Dark Reading

SEPTEMBER 10, 2020

While the amount will vary from organization to organization, here are four ways for everyone to evaluate whether they're allocating the right amount of money and resources.

107

107

Security Affairs

SEPTEMBER 8, 2020

UK research university Newcastle University suffered a DoppelPaymer ransomware attack and took its systems offline in response to the attack. UK research university Newcastle University was infected with the DoppelPaymer ransomware, in response to the incident it was forced to take systems offline on the morning of August 30th. The Newcastle University did not provide info about the family of ransomware behind the attack, but the DoppelPaymer ransomware operators are claiming to be responsible.

Ransomware 126

Ransomware Advertising Data breaches Accountability 126

Threatpost

SEPTEMBER 11, 2020

Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

Phishing 122

Phishing Authentication Hacking 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

SEPTEMBER 8, 2020

Small and midsized businesses cited budget constraints as their biggest security obstacle, according to Untangle.

Cybersecurity 189

Cybersecurity 189

ImmuniWeb

SEPTEMBER 8, 2020

97% of the leading cybersecurity companies have had their data exposed on the Dark Web in 2020, with over 160,000 high or critical incidents that may jeopardize their clients.

Cybersecurity 111

Cybersecurity 111

Security Affairs

SEPTEMBER 10, 2020

Slovak cryptocurrency exchange ETERBASE disclosed a security breach, hackers stole cryptocurrency funds worth $5.4 million. Slovak cryptocurrency exchange ETERBASE disclosed a security breach, the hackers stole Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets worth $5.4 million. The company disclosed the hack on Thursday, threat actors have stolen various cryptocurrencies from its hot wallets, it also suspended all the transactions until September 10. “Dear users, as we have informed o

Cryptocurrency 121

Cryptocurrency Data breaches Advertising Hacking 121

WIRED Threat Level

SEPTEMBER 7, 2020

The argument hinges in part on psychiatrists' testimony that Assange is a high suicide risk.

Risk 145

Risk 145

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

SEPTEMBER 9, 2020

TechRepublic writer Erik Eckel gives tips on how to make sure your data is safe if you're working from home.

187

187

Threatpost

SEPTEMBER 10, 2020

The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.

Wireless 106

Wireless Authentication 106

Security Affairs

SEPTEMBER 5, 2020

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are displayed on top of legitimate webpages to trick victims into providing their credentials. “Message quarantine phish are back, this time with a

Social Engineering 120

Social Engineering Phishing Engineering Advertising 120

Dark Reading

SEPTEMBER 10, 2020

Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter - Cyber, Physical & Technology at Brit Insurance.

Insurance 103

Insurance Cyber Insurance Data privacy Cybersecurity 103

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk