Troy Hunt
MARCH 22, 2020
Strange times, these. But equally, a time to focus on new things and indeed a time to pursue experiences we might not have done otherwise. As Ari now spends his days learning from home, I wanted to really start focusing more on his coding not just for his own benefit, but for all the other kids out there who are in the same home-bound predicament he now finds himself in.
Krebs on Security
MARCH 26, 2020
Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Daniel Miessler
MARCH 22, 2020
I’ve thought for a long time that public video feed monitoring would become ubiquitous. My basis for this was looking at humans ultimately desire, not at the tech itself. When I hear crazy long-term predictions I always think two things: either the prediction is going to be obvious, or it’s going to be wrong. I think my approach is different in a subtle and powerful way.
Adam Levin
MARCH 23, 2020
Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts. You can also create an extra firewall by configuring your router to block unwanted incoming internet traffic. Secure Your Webcam: If you’re using an external webcam for videoconferences, disconnect it when you’re not using it.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
MARCH 27, 2020
This has been an absolutely flat-out week between running almost 3 hours of our free Cyber-Broken talk with Scott Helme, doing an hour of code with Ari each day (and helping get up to speed with remote schooling) then running our Hack Yourself First workshop on Aussie time zones the last couple of days. But, especially given the current circumstances, I'm pretty happy with the result ??
Krebs on Security
MARCH 25, 2020
Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
MARCH 23, 2020
Covid-19 is increasing the number of employees working from home, and more businesses are relying on video conferences as a means of keeping in regular communication. . Follow these tips to make sure your webcam isn’t compromising your privacy and your data: Unplug/disable your camera when it’s not in use: If you’re using an external camera, don’t just turn it off when you’re not in a conference–unplug it completely.
Troy Hunt
MARCH 24, 2020
Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the expansion of this initiative to include the USA government by way of their US Cybersecurity and Infrastructure Security Agency (CISA).
Krebs on Security
MARCH 23, 2020
In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. after receiving what looked like a bill for search engine optimization (SEO) services rendered on behalf of their domain names. The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings.
Schneier on Security
MARCH 24, 2020
Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on the voter's computer without the voter's knowledge, local elections officials cannot verify that the voter's ballot reflects the voter's in
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 26, 2020
Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.
Adam Levin
MARCH 23, 2020
As more employees are working remotely in the wake of the Covid-19 pandemic, businesses are being targeted by an increasing number of phishing campaigns. . Follow these five tips to keep your email and your business cybersecure: Don’t send sensitive information via email: Email is convenient and universal, but it’s not an especially secure way to send information.
Adam Shostack
MARCH 26, 2020
Threat modeling figures heavily in the FDA’s thinking. It’s been part of the first cybersecurity pre-market guidance, it was a big part of the workshop on ‘ content of premarket submissions ,’ etc. There have been lots of questions about how to make that happen. I’ve been working with the FDA and the MDIC, and we have been planning for free boot camps for threat modeling.
Schneier on Security
MARCH 25, 2020
The Chinese facial recognition company Hanwang claims it can recognize people wearing masks : The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MARCH 23, 2020
The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4.
The Last Watchdog
MARCH 26, 2020
Defending business networks isn’t getting any easier. Companies can have the latest, greatest perimeter defenses, intrusion detection systems and endpoint protections – and attackers will still get through. Just ask Equifax or Capital One. Related: Why cybersecurity should reflect societal values An emerging approach, called Network Traffic Analysis , is gaining traction as, in effect, a catch-all network security framework positioned at the highest layer of the networking stack.
Security Affairs
MARCH 27, 2020
Operators behind the Ryuk Ransomware continue to target hospitals even as these organizations are involved in the fight against the Coronavirus pandemic. The threat actors behind the infamous Ryuk Ransomware continue to target hospitals, even as they are involved in containing the Coronavirus outbreak. The decision of the operators is not aligned with principal ransomware gangs that have announced they will no longer target health and medical organizations during the Coronavirus (COVID-19) pande
Schneier on Security
MARCH 27, 2020
This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion somewhere in Siberia in the 1980s. Lots of information about the origins of US export controls laws and sabotage operations.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MARCH 26, 2020
The coronavirus is putting a strain on healthcare facilities and increasing cybersecurity risks. Here are steps hospital IT admins can take to prevent ransomware and safeguard patient data.
The Last Watchdog
MARCH 25, 2020
Machine learning (ML) and digital transformation (DX) go hand in glove. We’ve mastered how to feed data into pattern-recognition algorithms. And as we accelerate the digitalization of everything, even more data is being generated. Related: Defending networks with no perimeter Machine learning already is deeply embedded in the online shopping, banking, entertainment and social media systems we’ve come to rely on.
Security Affairs
MARCH 25, 2020
The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. The campaign was uncovered by FireEye , threat actor targeted many organizations worldwide the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products.
Schneier on Security
MARCH 26, 2020
Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof's "market for lemons") or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome the market for lemons. Our preliminary analysis suggests the majority of cyber warranties cover the cost of repairing the device alone.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 26, 2020
New data from Barracuda shows cybercriminals are taking advantage of people's concerns during the COVID-19 pandemic.
The Last Watchdog
MARCH 24, 2020
Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day. I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.
Security Affairs
MARCH 21, 2020
The financial technology firm Finastra announced it has suffered a ransomware attack that took down its some of its systems. Finastra , the UK leading financial technology provider, announced that some of its servers were shut down in response to a ransomware attack that the company detected. Finastra provides financial software and services to more than 9,000 customers worldwide, it has over 10,000 employees and $1.9 billion in revenues.
Adam Shostack
MARCH 23, 2020
I know many readers are here for the threat modeling, and I could claim that this is the “what are we going to do about it” post, which it is, but I don’t want to have to blog all threat modeling all the time. So this is the “Seattle is a month into COVID-19” post. There are a huge number of tips on how to stay safe, how to work from home, etc.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MARCH 25, 2020
Businesses see advantages in migrating to cloud-based security tools but are worried about such issues as data privacy and unauthorized access, says Exabeam.
The Last Watchdog
MARCH 23, 2020
Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day. I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.
Security Affairs
MARCH 26, 2020
The FBI shuts down Deer.io, a Russian-based online platform that has been hosting hundreds of online shops where illegal products and services were being sold, The Department of Justice announced on Tuesday, that the Federal Bureau of Investigation has recently taken down the Russian-based online platform DEER.IO that is hosting various cybercrime products and services were being sold. “A Russian-based cyber platform known as DEER.IO was shut down by the FBI today, and its suspected admini
WIRED Threat Level
MARCH 27, 2020
Kitboga has built a following by trolling telemarketers. Covid-19 opportunists have given him a whole new crop of targets.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
301 
Let's personalize your content