Troy Hunt
OCTOBER 2, 2020
Sexuality, relationships and online dating are all rather personal things. They're aspects of our lives that many people choose to keep private or at the very least, share only with people of our choosing. Grindr is "The World's Largest Social Networking App for Gay, Bi, Trans, and Queer People" which for many people, makes it particularly sensitive.
Krebs on Security
OCTOBER 1, 2020
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock. In its advisory (PDF), the Treasury’s Office of Foreign Assets Control (OFAC) said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial in
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 29, 2020
As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly.
Daniel Miessler
SEPTEMBER 27, 2020
Threat modeling is a superpower. When done correctly it gives you the ability to adjust your defensive behaviors based on what you’re facing in real-world scenarios. And not just for applications, or networks, or a business—but for life. The Difference Between Threats and Risks. This type of threat modeling is a life skill, not just a technical skill.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Troy Hunt
OCTOBER 2, 2020
This week there's a lot of connected things: connected shoes, connected garage camera and connected GoPro. And then there's Scott's Grindr account. Awkward. Actually, since recording this weekly update the details of the issue have now been released so I'll talk about that in more detail next week. This week there's all the above and, on a more personal note, my relationship with Charlotte.
Krebs on Security
OCTOBER 2, 2020
Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. A text snippet from one of the bogus Trickbot configuration updates.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Levin
SEPTEMBER 29, 2020
Ransomware operators have released the personal data of students in the Clark County School District in Nevada after officials refused to pay to have their files decrypted. The information leaked reportedly includes Social Security numbers, names, grades, addresses, and financial information. District officials have been thus far unable to verify the data.
Troy Hunt
SEPTEMBER 26, 2020
Wow, 4 years already. Regardless of where I've been in the world or the stresses that have been going on in my personal life , every single week without exception there's been a video. This makes 210 of them now, and these days they're live from a much more professional setup in a location that has absolutely no chance of changing for the foreseeable future.
Krebs on Security
SEPTEMBER 29, 2020
Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft ‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen , two companies that together handle 911 calls for a broad swath of the Uni
Schneier on Security
OCTOBER 1, 2020
Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these changes would be too minute to detect merely from a video, but viewing videos that have been enhanced to exaggerate these color shifts will quickly disabuse you of that notion.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
OCTOBER 1, 2020
This October looks quite different from previous years, as IT oversees staff who are no longer centrally located, creating a larger attack surface for bad actors. Awareness is key, experts say.
Adam Levin
SEPTEMBER 28, 2020
Tyler Technologies, a software and technology provider for U.S. federal, state, and local government agencies, announced that its internal systems were hacked last week. . The company, which provides election, information management and emergency management systems to over 15,000 government offices across the country, announced the hack after its website was taken offline Wednesday, September 23. .
WIRED Threat Level
OCTOBER 1, 2020
New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week.
Security Affairs
SEPTEMBER 29, 2020
The French maritime transport and logistics giant CMA CGM S.A. revealed it was the victim of a malware attack that affecting some servers on its network. CMA CGM S.A. , a French maritime transport and logistics giant, revealed that a malware attack affected some servers on its network. The company is present in over 160 countries through 755 offices and 750 warehouses with 110,000 employees and 489 vessels.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
OCTOBER 1, 2020
In an effort to make IT pros' jobs easier, Jack Wallen offers cybersecurity tips to end users--in particular, what not to do to keep company networks, equipment, and data secure.
Adam Levin
OCTOBER 2, 2020
Facebook has announced that it will place greater restrictions on advertisements for social and political issues ahead of the upcoming U.S. presidential election. The company announced the new restrictions on its corporate blog earlier this week, which prohibit the following content: Ads discouraging participation in the voting process. Ads seeking to delegitimize lawful voting practices as fraudulent, illegal, or corrupt.
WIRED Threat Level
OCTOBER 2, 2020
There’s a small but real possibility that we won’t know which party controls the Senate until 2021, thanks to a special election and a unique state requirement.
Security Affairs
SEPTEMBER 29, 2020
While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections. The name AgeLocker comes from the use of the Actually Good Encryption ( AGE ) algorithm to encrypt files, experts warn that encrypted files can’t be recovered without paying t
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
OCTOBER 1, 2020
With the 2020 presidential election looming, here are questions to consider before posting on social media.
CompTIA on Cybersecurity
SEPTEMBER 30, 2020
This cybersecurity awareness month, CompTIA wants to thank cybersecurity pros for ensuring information integrity.
Dark Reading
SEPTEMBER 29, 2020
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.
Security Affairs
SEPTEMBER 29, 2020
US-based Arthur J. Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. US-based Arthur J. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. The company did not provide technical details about the attack, it is not clear how the ransomware operators breached the company and which is the family of malware that infected its systems.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
SEPTEMBER 28, 2020
The Joker malware has been a persistent thorn in Google's side as it keeps popping up in shady apps to infect users of the Google Play store.
Threatpost
OCTOBER 1, 2020
What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.
Dark Reading
OCTOBER 1, 2020
From WarGames, to Aaron Swartz, to bug bounties, to Van Buren, here's what cybersecurity researchers should know about the US's primary anti-hacking law before it gets its day in the Supreme Court.
Security Affairs
SEPTEMBER 26, 2020
Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them. According to telecoms firm Magyar Telekom, the attack took place on Thursday and was launched from servers in Russia, China and Vietnam.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
SEPTEMBER 28, 2020
Assessing the security posture of devices is an important part of securing data and communications. Follow these steps to make sure you do it correctly.
Threatpost
SEPTEMBER 29, 2020
Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.
WIRED Threat Level
SEPTEMBER 28, 2020
“All computers are completely shut down,” one Universal Health Services employee told WIRED.
Security Affairs
SEPTEMBER 26, 2020
Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files. ThunderX is ransomware that appeared in the threat landscape recently, infections were discovered at the end of August 2020. .
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
364 
Let's personalize your content