Tech Republic Security

APRIL 27, 2021

Two email campaigns discovered by Armorblox impersonated Chase in an attempt to steal login credentials.

Banking 218

Banking Phishing 218

Lohrman on Security

APRIL 25, 2021

As we emerge from the worst pandemic in a century, many public- and private-sector employees and employers are reassessing their options within technology and cybersecurity roles.

Marketing 230

Marketing Technology Cybersecurity 230

Threatpost

APRIL 29, 2021

The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes.

Mobile 102

Mobile Malware 102

Schneier on Security

APRIL 26, 2021

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published , artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit

Hacking 363

Hacking Artificial Intelligence Government Engineering 363

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Troy Hunt

APRIL 29, 2021

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP.

Government 363

Government Data breaches 363

Krebs on Security

APRIL 28, 2021

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Insurance 361

Insurance Identity Theft Accountability Technology 361

Schneier on Security

APRIL 30, 2021

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he made an application that was really just a script—code that tells another program what do rather than doing it itself—and didn’t include a standard ap

Internet 343

Internet Internet Malware 343

Troy Hunt

APRIL 26, 2021

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet. This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware.

Malware 363

Malware Passwords Banking Password Management 363

Krebs on Security

APRIL 26, 2021

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States. Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Authentication 345

Authentication Accountability Identity Theft Account Security 345

The Last Watchdog

APRIL 26, 2021

Historically, consumers have had to rely on self-discipline to protect themselves online. Related: Privacy war: Apple vs. Facebook. I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual private networks, or VPNs, came along, providing a pretty nifty little tool that any individual could use to deflect invasive online tracking.

B2C 214

B2C VPN Marketing Antivirus 214

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

APRIL 27, 2021

Moxie Marlinspike has an intriguing blog post about Cellebrite , a tool used by police and others to break into smartphones. Moxie got his hands on one of the devices, which seems to be a pair of Windows software packages and a whole lot of connecting cables. According to Moxie, the software is riddled with vulnerabilities. (The one example he gives is that it uses FFmpeg DLLs from 2012, and have not been patched with the 100+ security updates since then.). …we found that it’s possib

Software 333

Software Accountability 333

Troy Hunt

APRIL 29, 2021

What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT. I'm not sure if the latter gives me a break from the more professional tech stuff or just compounds the amount of stuff I've already got on my plate, but I'm having fun doing it anyway ??

IoT 292

IoT Firewall Data breaches Malware 292

Tech Republic Security

APRIL 28, 2021

The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky.

Phishing 204

Phishing 204

Hot for Security

APRIL 30, 2021

DigitalOcean, the popular cloud-hosting provider, has told some of its customers that their billing details were exposed due to what it described as a “flaw.” In an email sent out to affected users, DigitalOcean explained that an unauthorised party had managed to exploit the flaw to gain access to billing information between April 9 and April 22, 2021.

Data breaches 145

Data breaches Banking Accountability 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Schneier on Security

APRIL 29, 2021

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance: After Faïd’s helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd , detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter.

Surveillance 261

Surveillance 261

Troy Hunt

APRIL 28, 2021

Continuing my efforts to make more breach data available to governments after data breaches impact their domains, I'm very happy to welcome Luxemburg aboard Have I Been Pwned. More specifically, the CERT of the Grand Duchy of Luxemburg ( govcert.lu ) now has free API level access to query their national government domains. This now brings the government count to 14 and I look forward to welcoming more national CERTs in the future.

Government 237

Government Data breaches 237

Tech Republic Security

APRIL 30, 2021

Now that you have your Pritunl VPN server up and running, Jack Wallen shows you how to connect the client.

VPN 193

VPN 193

Security Boulevard

APRIL 29, 2021

Neurodiversity, the term for the range of differences in individual brain function and behavioral traits, with regard to sociability, learning, attention, mood and other mental functions in a non-pathological sense, is important to foster in any industry, but the security space in particular has always welcomed a range of neurodiverse groups. Whether professionals are diagnosed.

Cybersecurity 145

Cybersecurity 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

APRIL 27, 2021

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. I have 600 copies of the book available. When they’re gone, the sale is over and the price will revert to normal. Order here. Please be patient on delivery. It’s a lot of work to sign and mail hundreds of books. I try to do some each day, but sometimes I can’t.

210

210

The Hacker News

APRIL 29, 2021

Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment.

Internet 145

Internet Internet 145

Tech Republic Security

APRIL 28, 2021

The attack was reportedly pulled off by the Babuk gang, which has already leaked screenshots of some of the stolen data.

Ransomware 174

Ransomware 174

CyberSecurity Insiders

APRIL 28, 2021

Cancer treatment services across the United States have taken a big hit as a cyber attack is said to have disrupted the software services operating in the High-tech radiation machines used to treat the malign disease. Elekta is the company in discussion that was hit by a cyber attack and as it supplies software meant to operate radiation treatment systems, most of the medical treatments were cancelled or postponed across North America.

Cyber Attacks 145

Cyber Attacks Healthcare Data privacy Software 145

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Graham Cluley

APRIL 28, 2021

Apple has released a brand new update for its macOS Big Sur operating system, and you really should install it. Amongst other fixes, Big Sur 11.3 patches a zero-day vulnerability that could allow an attacker to craft malicious payloads that will not be checked by Gatekeeper, the security check built into Apple's operating system that is supposed to block the execution of software from untrusted sources.

Malware 145

Malware Software 145

SecureList

APRIL 27, 2021

For four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.

Malware 145

Malware Government Spyware Social Engineering 145

Tech Republic Security

APRIL 28, 2021

Palo Alto Networks' cloud-native security suite is getting a bundle of new features to automate VM security and add malware protection to CI/CD workflows, among others.

Malware 174

Malware 174

Security Boulevard

APRIL 27, 2021

Research that’s done on malicious breaches of data presents a unique conundrum for the security professionals who are doing the investigating: should access to sets of breached raw data become available to public users and, if so, how? In light of the pandemic, the acceleration toward location-distributed work has the potential to raise similar questions.

Data breaches 145

Data breaches Security Awareness Risk Government 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

SecurityTrails

APRIL 27, 2021

Learn what is theHarvester, and how it can help you during your reconnaissance phase to gather emails, names, subdomains, IPs and more.

145

145

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

Malware 145

Malware Software Engineering Hacking 145

Tech Republic Security

APRIL 27, 2021

The spyware tries to steal passwords and other sensitive data and accesses your contact list, warns the U.K.'s National Cyber Security Centre.

Spyware 167

Spyware Passwords 167

Cisco Security

APRIL 29, 2021

20 years ago, I used to work as a network engineer for a fast-growing company that had multiple data centers and many remote offices, and I remember all the work required to simply onboard a remote site. Basically, it took months of planning and execution which included ordering circuits, getting connectivity up and spending hours, and sometimes days, deploying complex configurations to secure the connectivity by establishing encrypted tunnels and steering the right traffic across them.

Internet 145

Internet Internet Banking Backups 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!