Krebs on Security
MARCH 31, 2020
A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com.
Schneier on Security
MARCH 30, 2020
The trade-offs are changing : As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder the virus even as the surveillance efforts threaten to alter the precarious balance between public safety and personal privacy on a global s
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
APRIL 3, 2020
I actually lost track of what week it was at the start of this video. Did I do the Aussie workshops last week? Or the week before? I know I was at home so. it's just all becoming a blur. But be that as it may, life marches on and this week like every other one before it was full of interesting cyber-things. I find the situation with Zoom in particular quite fascinating, particularly the willingness - even eagerness - that so many seem to have to throw the very tool that's bringing so many people
The Last Watchdog
MARCH 31, 2020
DevOps is now table stakes for any company hoping to stay competitive. Speed and agility is the name of the game. And everyone’s all-in. Related: A firewall for microservices DevSecOps arose to insert security checks and balances into DevOps, aiming to do so without unduly degrading speed and agility. If you’re thinking that speed and security are like oil and water, you’re right.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
MARCH 30, 2020
In 2018, KrebsOnSecurity unmasked the creators of Coinhive — a now-defunct cryptocurrency mining service that was being massively abused by cybercriminals — as the administrators of a popular German language image-hosting forum. In protest of that story, forum members donated hundreds of thousands of euros to nonprofits that combat cancer (Krebs means “cancer” in German).
Schneier on Security
APRIL 2, 2020
Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points balance, but not passwords) Additional Personal Details (e.g., company, gender, and birthday day and month) Partnerships and
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Daniel Miessler
MARCH 30, 2020
THIS WEEK’S TOPICS: Who’s hiring, freezing, and laying off, models predict 100-200K US deaths, April distancing, Adversarial Capital, Booz Russia, Google State Phishes, Worker Monitoring, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… . The newsletter serves as the show notes for the podcast. —.
The Last Watchdog
APRIL 1, 2020
Deploying the latest, greatest detection technology to deter stealthy network intruders will take companies only so far. Related: What we’ve learned from the massive breach of Capitol At RSA 2020 , I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier.
Schneier on Security
APRIL 3, 2020
Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty) as a thank you for doing the right thing.
Tech Republic Security
APRIL 3, 2020
Identiq uses cryptographic algorithms and preserves customer privacy while enabling companies to to identify new customers through a network of trust.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
MARCH 30, 2020
Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently to be tested.
Threatpost
APRIL 1, 2020
The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.
Schneier on Security
MARCH 31, 2020
A federal court has ruled that violating a website's tems of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have terms of service prohibiting users from supplying fake information, and the researchers worried that their research could expose them to criminal liability under the CFAA, which makes it a crime to "acces
Tech Republic Security
MARCH 30, 2020
World Backup Day is March 31, and while cyberattacks are a potential threat to their data, many SMBs say they don't have a data backup or disaster recovery process, according to data protection company Infrascale.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
APRIL 3, 2020
Bad news for Apple iPhone or MacBook users, attackers could hack their device’s camera by tricking them into visiting a website. The ethical hacker Ryan Pickren demonstrated that it is possible to hack Apple iPhone or MacBook users by simply tricking them into visiting a website with the Safari browser. Pickren reported seven vulnerabilities to Apple that rewarded him with a $75,000 bounty.
Dark Reading
APRIL 1, 2020
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
Schneier on Security
APRIL 1, 2020
Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up.
Tech Republic Security
MARCH 31, 2020
With companies sending employees home to work during the COVID-19 threat, IBM offers a range of tools to support critical IT applications.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
MARCH 28, 2020
Experts discovered an easily exploitable heap-based buffer overflow flaw, tracked as CVE-2020-10245, that exists in the CODESYS web server. A critical heap-based buffer overflow flaw in a web server for the CODESYS automation software for engineering control systems could be exploited by a remote, unauthenticated attacker to crash a server or execute arbitrary code.
Dark Reading
MARCH 31, 2020
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
Threatpost
APRIL 3, 2020
A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations.
Tech Republic Security
MARCH 30, 2020
Since February, spam exploiting the novel coronavirus has jumped by 4,300% and 14,000% in the past 14 days, according to IBM X-Force, IBM's threat intelligence group.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
MARCH 30, 2020
Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity. The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and normal users.
Dark Reading
APRIL 3, 2020
Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.
Threatpost
APRIL 1, 2020
A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.
Tech Republic Security
APRIL 2, 2020
Almost 40% of employees surveyed admitted to not knowing what ransomware is, and many of them have already been victims, according to security provider Kaspersky.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
MARCH 31, 2020
Marriott disclosed a new security breach detected at the end of February 2020 that could impact up to 5.2 million of its guests. Marriott International discloses a data breach that exposed the personal information of roughly 5.2 million hotel guests, the incident was detected at the end of February 2020. “At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.
WIRED Threat Level
APRIL 1, 2020
A class action lawsuit. Rampant zoombombing. And as of today, two new zero-day vulnerabilities.
Threatpost
MARCH 31, 2020
The New York Attorney General has inquired about Zoom's data security strategy, as the conferencing platform comes under heavy scrutiny for its privacy policies.
Tech Republic Security
APRIL 3, 2020
Internet trolls are crashing Zoom video conferences and flooding them with inappropriate content. Here are easy ways to protect your meetings from Zoom bombers.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
279 
Let's personalize your content