Sat.Nov 13, 2021 - Fri.Nov 19, 2021

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

Why I Hate Password Rules

Schneier on Security

The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~. 3hzg=Q~.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Joseph Steinberg

Rockville, MD – November 17, 2021 – Sepio Systems , the leader in Zero Trust Hardware Access (ZTHA), announced today that cybersecurity expert Joseph Steinberg has joined its advisory board.

Weekly Update 270

Troy Hunt

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

Scams 260

Is Microsoft Stealing People’s Bookmarks?

Schneier on Security

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late.

More Trending

Weekly Update 269

Troy Hunt

Where does the time go? The video is an hour and 35 mins today, I suspect in part because I've done it on a Saturday morning with a bit more time to spare and, well, there was just a lot of stuff happening.

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Krebs on Security

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.

VPN 216

Securing Your Smartphone

Schneier on Security

This is part 3 of Sean Gallagher’s advice for “securing your digital life.” ” Uncategorized cybersecurity phishing risk assessment security analysis smartphones threat models

Risk 186

We have failed to stop phishing, even after 2 decades. Can we finally agree that emails need digital signatures?

Joseph Steinberg

Email serves as one of the primary mechanisms of communication within the Western world – yet, decades after it first appeared on the scene, email still remains a source of security headaches.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

The Last Watchdog

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Your polls are bad

Javvad Malik

If you’ve been on LinkedIn recently, you’ve probably seen your feed littered with polling questions.

New Rowhammer Technique

Schneier on Security

Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem.

179
179

Zero Trust: An Answer to the Ransomware Menace?

Dark Reading

Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense

Cyberwar's global players—it's not always Russia or China

CSO Magazine

Over the past year, a string of high-profile cyberattacks coming from Russia and China has galvanized the United States and its western allies into taking swift action to counter the escalating incidents.

The Impending Reality of Virtual Reality

Javvad Malik

There’s a concept around finite and infinite games. A finite game is played to win whereas an infinite game is played for the purpose of continuing. I like to think of Monopoly as an infinite game.

Wire Fraud Scam Upgraded with Bitcoin

Schneier on Security

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam : As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company.

Scams 180

North Korean Hacking Group Targets Diplomats, Forgoes Malware

Dark Reading

The TA406 group uses credential harvesting to target diplomats and policy experts in the United States, Russia, China, and South Korea, rarely resorting to malware

Your weak passwords can be cracked in less than a second

Tech Republic Security

Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass

Looking for security in the wrong places

Javvad Malik

It’s an old economists’ joke. A person out walking at night comes across a man scrabbling on the floor under a lamppost. The man on the floor says he lost his keys. When asked when he dropped them he then replies, “Oh, I dropped them over there, but the light’s better here.” ” It’s an apt metaphor for how cyber security sometimes operates. It’s easier to deal with things we are familiar with, in environments we know best, and using tools we prefer.

122
122

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at @Hack on November 29, 2021. The list is maintained on this page. Uncategorized Schneier news

5 Things ML Teams Should Know About Privacy and the GDPR

Dark Reading

Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process

Over $27billion worth Cyber Crime prevented during COVID-19 Pandemic

CyberSecurity Insiders

According to a study made by security firm Bugcrowd, ethical hackers have prevented over $27 billion worth of cyber crime during the spread of Corona virus 2019.

Scams 114

8 advanced threats Kaspersky predicts for 2022

Tech Republic Security

Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing us to predict what threats might lead the future

161
161

Book Sale: Click Here to Kill Everybody and Data and Goliath

Schneier on Security

For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath , both in paperback, for just $6 each plus shipping. I have 500 copies of each book available. When they’re gone, the sale is over and the price will revert to normal. Order here and here. Please be patient on delivery. It’s a lot of work to sign and mail hundreds of books. And the pandemic is causing mail slowdowns all over the world.

140
140

Cyber Conflict Between US and Iran Heats Up

Dark Reading

The United States, United Kingdom, and Australia warn attacks from groups linked to Iran are on the rise, while the Iranian government blames the US and Israel for an attack on gas pumps

Enhancing AT&T SASE with Palo Alto Networks ‘as a Service’

CyberSecurity Insiders

A few months ago, I wrote a blog on “SASE as a Service” that described how managed services providers (MSPs) can be a catalyzing force for transforming to SASE and bridging the gap between networking and security teams.

Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server

Security Affairs

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks.

6 key points of the new CISA/NSA 5G cloud security guidance

CSO Magazine

5G, or 5th generation mobile networks , is among the most talked about technologies. At a high level, it promises to connect virtually any entity spanning devices, objects, and machines. 5G improves on 4G communication networks in key areas such as latency, speed, and reliability.

Addressing the Low-Code Security Elephant in the Room

Dark Reading

The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications

113
113

UK witnesses an increase in ransomware attacks from Russia

CyberSecurity Insiders

UK’s National Cyber Security Centre (NCSC) has released a press update stating that it has witnessed a surge in ransomware attacks from Russia over the last year.

Canadian teenager stole $36 Million in cryptocurrency via SIM Swapping

Security Affairs

A Canadian teen has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency. A Canadian teenager has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency from an American individual.

8 tips for a standout security analyst resume

CSO Magazine

You’ve got your computer science degree from a prestigious university, a couple of security certifications that you earned the summer after you graduated, and almost a year’s experience working with a set of alert monitoring tools for a small company.

CSO 113

8 Tips To Keep in Mind for Ransomware Defense

Dark Reading

Ransomware is everywhere, including the nightly news. Most people know what it is, but how do ransomware attackers get in, and how can we defend against them

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

This blog was written by an independent guest blogger. Most cyberattacks originate outside the organization. Numerous articles, vulnerability reports, and analytical materials prove this fact.