Schneier on Security

NOVEMBER 4, 2020

Accuracy isn’t great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants. Specifically, they focused on the movement of their shoulders and arms to extrapolate the actions of their fingers as they typed.

Data collection 363

Data collection Software 363

Troy Hunt

NOVEMBER 2, 2020

I've had this blog post in draft for quite some time now, adding little bits to it as the opportunity presented itself. In a essence, it boils down to this: people expressing their displeasure when I post about a topic they're not interested in then deciding to have a whinge that my timeline isn't tailored to their expectation of the things they'd like me to talk about.

Data breaches 363

Data breaches InfoSec Media Technology 363

Krebs on Security

NOVEMBER 4, 2020

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data publi

Ransomware 360

Ransomware Backups Data breaches Encryption 360

Adam Shostack

OCTOBER 31, 2020

With three days to the US election, the outrage machines are running on all cylinders. It’ll be easier to stay happy if you remember to notice them. To be clear, I’m not using a metaphor. Websites from news to social media use data to drive stories. Twitter’s top tweets, Facebook’s timeline, your local newspaper, but also Linkedin, Medium, Buzzfeed, – all are focused on keeping you on their site as long as possible to show you as many ads as possible.

Media 264

Media Engineering 264

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

NOVEMBER 2, 2020

Google’s Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. The exploit doesn’t affect the cryptography, but allows attackers to escalate system privileges: Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

363

363

Troy Hunt

NOVEMBER 5, 2020

Alrighty, quickie intro before I rush off to hit the tennis court, catch up with old friends, onto the wake park before BBQ and, of course, ??. I'm doing a quick snapshot on how we're travelling down here COVID wise, I lament the demise (followed by resurrection) of my Ubiquiti network, there's a heap of new data breaches in HIBP and a bunch more insight into my guitar lessons (no, I'm not giving guitar lessons!

Data breaches 361

Data breaches Passwords Hacking 361

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. (2021-2030) A Surge in Demand for InfoSec people will result in many more professionals being trained and placed within companies, likely using more of a trade/certification model than a 4-year university model. (2026-) Cyberinsurance will ascend as the primary mechanism for making cybersecurity-related product and service decisions within companies. (2030-) Automation & AI will s

InfoSec 255

InfoSec Insurance Artificial Intelligence Cybersecurity 255

Schneier on Security

NOVEMBER 5, 2020

California’s Proposition 24, aimed at improving the California Consumer Privacy Act, passed this week. Analyses are very mixed. I was very mixed on the proposition, but on the whole I supported it. The proposition has some serious flaws, and was watered down by industry, but voting for privacy feels like it’s generally a good thing.

345

345

Tech Republic Security

NOVEMBER 5, 2020

A security awareness program backed by multi-factor authentication can help protect your critical assets, says NordVPN Teams.

Social Engineering 218

Social Engineering Engineering Security Awareness Authentication 218

Adam Levin

NOVEMBER 6, 2020

Network access to over 7,000 organizations in the U.S., Canada, and Australia is allegedly available for auction on Russian hacking forums. An unidentified hacker is advertising an archive of remote desktop protocol (RDP) credentials to several thousand organizations with bids starting at 25 bitcoins (roughly $390,000). . “I sell everything at once, without samples, convenient access via rdp to each network,” states the advertisement , promising administrative access to each compromised network.

Advertising 182

Advertising Hacking Ransomware Malware 182

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

NOVEMBER 4, 2020

The source code for the KPot information stealer was put up for auction and the REvil ransomware operators want to acquire it. The authors of KPot information stealer have put its source code up for auction , and the REvil ransomware operators will likely be the only group to bid. #KPOT source code up for sale! pic.twitter.com/fJ3BwlaHsR — ??????

Ransomware 145

Ransomware Malware Advertising Cybercrime 145

Schneier on Security

NOVEMBER 6, 2020

Research paper: Rick Wash, “ How Experts Detect Phishing Scam Emails “: Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails received, they are not perfect and phishing remains one of the largest sources of security risk in technology and communication systems.

Phishing 261

Phishing Scams Technology Risk 261

Tech Republic Security

NOVEMBER 2, 2020

The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.

Data breaches 218

Data breaches Ransomware Cybersecurity 218

Adam Levin

NOVEMBER 6, 2020

Healthcare facilities are under an increased threat of cyberattack, according to the FBI. In a joint cybersecurity advisory with the Cybersecurity and Infrastructure Agency (CISA) and the Department of Health and Human Services (HHS), the FBI warned of an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”. While there are currently several strains of malware actively targeting healthcare facilities, the advisory primarily focused on TrickBot, a program with a

Healthcare 175

Healthcare Antivirus Backups Cybercrime 175

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

NOVEMBER 5, 2020

VMware has released new patches for ESXi after learning that a fix released in October for the critical CVE-2020-3992 flaw was incomplete. The virtualization giant VMware has released new fixes for ESXi after learning that a patch released in October for the critical CVE-2020-3992 flaw was incomplete. The CVE-2020-3992 vulnerability is a use-after-free bug issue that affects the OpenSLP service in ESXi, it could be exploited by a remote, unauthenticated attacker to execute arbitrary code in the

Advertising 145

Advertising Hacking Information Security Malware 145

Dark Reading

NOVEMBER 5, 2020

From meditation to the right mindset, seasoned vulnerability researchers give their advice on how to maximize bug bounty profits and avoid burnout.

144

144

Tech Republic Security

NOVEMBER 2, 2020

Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.

Media 218

Media Ransomware 218

Adam Levin

NOVEMBER 4, 2020

The infamous Maze ransomware gang has announced they will cease operations, effective immediately. . On November 1, the hacking group behind several high profile ransomware attacks in 2020 issued a rambling press release, riddled with spelling errors, on the dark web announcing, “it is officially closed.”. “All the links to out [sic] project, using of our brand, our work methods should be considered to be a scam,” the announcement stated.

Ransomware 168

Ransomware Scams Hacking Malware 168

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

NOVEMBER 1, 2020

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019. The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019.

Ransomware 145

Ransomware Cybercrime Advertising Software 145

WIRED Threat Level

NOVEMBER 2, 2020

You can lock down your meetings like never before—even if you have to give up a few features to do so.

Encryption 144

Encryption 144

Tech Republic Security

NOVEMBER 5, 2020

The California Privacy Rights Act adds "teeth" to the CCPA, but some advocates say it doesn't go far enough.

Data privacy 216

Data privacy 216

Threatpost

NOVEMBER 3, 2020

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.

Telecommunications 133

Telecommunications Malware Hacking 133

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

NOVEMBER 1, 2020

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. The threat actor is advertising the stolen data since October 28 on a hacker forum. Source Bleeping Computer.

Data breaches 145

Data breaches Accountability Advertising Passwords 145

WIRED Threat Level

NOVEMBER 4, 2020

A criminal complaint alleges that a West Virginia man disguised the plastic components as wall hangers and sold hundreds of them online.

143

143

Tech Republic Security

NOVEMBER 5, 2020

Learn how you can enable the new Nextcloud end-to-end encryption.

Encryption 208

Encryption 208

Threatpost

NOVEMBER 5, 2020

Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.

Mobile 131

Mobile 131

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. Someone has transferred almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet to another wallet.

Cryptocurrency 145

Cryptocurrency Passwords Advertising Hacking 145

WIRED Threat Level

NOVEMBER 1, 2020

Scammers are luring people into Google Docs in an attempt to get them to visit potentially malicious websites.

Scams 138

Scams 138

Tech Republic Security

NOVEMBER 4, 2020

As Americans anxiously await clarity regarding final voting counts and results of yesterday's election, a new report found 26% of US consumers correlate who will win with how much they'll spend.

187

187

Adam Shostack

NOVEMBER 4, 2020

I posted this image in 2004. It’s even more relevant now. While we have a country that is clearly divided, the dividing lines are not so neat as the maps showing states going one way or the other.

130

130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!