Sat.Nov 13, 2021 - Fri.Nov 19, 2021

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

Scams 282

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Joseph Steinberg

Rockville, MD – November 17, 2021 – Sepio Systems , the leader in Zero Trust Hardware Access (ZTHA), announced today that cybersecurity expert Joseph Steinberg has joined its advisory board.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Why I Hate Password Rules

Schneier on Security

The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~. 3hzg=Q~.

Dedicated State and Local Cyber Grants Are Finally Arriving

Lohrman on Security

The newly approved federal infrastructure deal brings with it a great holiday present for state and local governments: dedicated cyber funding. Here’s the history, and the future, of cyber grants

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

We have failed to stop phishing, even after 2 decades. Can we finally agree that emails need digital signatures?

Joseph Steinberg

Email serves as one of the primary mechanisms of communication within the Western world – yet, decades after it first appeared on the scene, email still remains a source of security headaches.

More Trending

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

The Last Watchdog

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Krebs on Security

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.

VPN 241

Your polls are bad

Javvad Malik

If you’ve been on LinkedIn recently, you’ve probably seen your feed littered with polling questions.

Securing Your Smartphone

Schneier on Security

This is part 3 of Sean Gallagher’s advice for “securing your digital life.” ” Uncategorized cybersecurity phishing risk assessment security analysis smartphones threat models

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Weekly Update 270

Troy Hunt

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it.

Your weak passwords can be cracked in less than a second

Tech Republic Security

Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass

The Impending Reality of Virtual Reality

Javvad Malik

There’s a concept around finite and infinite games. A finite game is played to win whereas an infinite game is played for the purpose of continuing. I like to think of Monopoly as an infinite game.

Wire Fraud Scam Upgraded with Bitcoin

Schneier on Security

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam : As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company.

Scams 223

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Weekly Update 269

Troy Hunt

Where does the time go? The video is an hour and 35 mins today, I suspect in part because I've done it on a Saturday morning with a bit more time to spare and, well, there was just a lot of stuff happening.

8 advanced threats Kaspersky predicts for 2022

Tech Republic Security

Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing us to predict what threats might lead the future

169
169

Looking for security in the wrong places

Javvad Malik

It’s an old economists’ joke. A person out walking at night comes across a man scrabbling on the floor under a lamppost. The man on the floor says he lost his keys. When asked when he dropped them he then replies, “Oh, I dropped them over there, but the light’s better here.” ” It’s an apt metaphor for how cyber security sometimes operates. It’s easier to deal with things we are familiar with, in environments we know best, and using tools we prefer.

122
122

New Rowhammer Technique

Schneier on Security

Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem.

215
215

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Over $27billion worth Cyber Crime prevented during COVID-19 Pandemic

CyberSecurity Insiders

According to a study made by security firm Bugcrowd, ethical hackers have prevented over $27 billion worth of cyber crime during the spread of Corona virus 2019.

SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts

The Hacker News

Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S.

Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server

Security Affairs

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks.

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at @Hack on November 29, 2021. The list is maintained on this page. Uncategorized Schneier news

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Enhancing AT&T SASE with Palo Alto Networks ‘as a Service’

CyberSecurity Insiders

A few months ago, I wrote a blog on “SASE as a Service” that described how managed services providers (MSPs) can be a catalyzing force for transforming to SASE and bridging the gap between networking and security teams.

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

The Hacker News

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks.

How organizations are beefing up their cybersecurity to combat ransomware

Tech Republic Security

Most organizations surveyed by Hitachi ID are moving partly to software-as-a-service. Less than half have adopted a Zero Trust strategy

Book Sale: Click Here to Kill Everybody and Data and Goliath

Schneier on Security

For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath , both in paperback, for just $6 each plus shipping. I have 500 copies of each book available. When they’re gone, the sale is over and the price will revert to normal. Order here and here. Please be patient on delivery. It’s a lot of work to sign and mail hundreds of books. And the pandemic is causing mail slowdowns all over the world.

167
167

UK witnesses an increase in ransomware attacks from Russia

CyberSecurity Insiders

UK’s National Cyber Security Centre (NCSC) has released a press update stating that it has witnessed a surge in ransomware attacks from Russia over the last year.

North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro

The Hacker News

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software.

Iranian Hackers Are Going After US Critical Infrastructure

WIRED Threat Level

A hacking group is targeting a broad range of organizations, taking advantage of vulnerabilities that have been patched but not yet updated. Security Security / Cyberattacks and Hacks

How midsize companies are vulnerable to data breaches and other cyberattacks

Tech Republic Security

Midsize companies often lack the staff, expertise and expensive tools needed to defend themselves against attack, says security provider Coro

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

This blog was written by an independent guest blogger. Most cyberattacks originate outside the organization. Numerous articles, vulnerability reports, and analytical materials prove this fact.

Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic

The Hacker News

A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users.