Adam Levin

SEPTEMBER 1, 2020

Databases containing the personal information of millions of U.S. voters have appeared on Russian hacking forums. According to Russian news outlet Kommersant , a hacker called Gorka9 has posted the personal information of several million registered voters in Michigan, Arkansas, Connecticut, Florida, and South Carolina.The data includes names, birthdates, gender, mailing addresses, email addresses and polling station numbers.

Hacking 281

Hacking Cyber Attacks Authentication Government 281

Schneier on Security

SEPTEMBER 2, 2020

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted.

331

331

Troy Hunt

SEPTEMBER 4, 2020

I kicked off a little bit earlier on this one in order to wrap up before the Burning Minds keynote, and it's interesting to see just how much difference that little sliver of sunlight makes to the video quality. Check the very start of the video versus the very end; this is the sunset slipping through the crack in the fully drawn blinds, make a massive difference.

Passwords 200

Passwords Encryption Risk 200

Tech Republic Security

SEPTEMBER 1, 2020

Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.

Ransomware 216

Ransomware 216

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Levin

SEPTEMBER 4, 2020

The controversial collection of details on billions of American phone calls by the National Security Agency (NSA) was illegal and possibly unconstitutional, according to a ruling by a federal appeals court. Under the NSA program, information and metadata from calls placed by U.S. citizens were collected in bulk and screened for possible connections to terrorist activity.

Surveillance 260

Surveillance Data collection Government Cybersecurity 260

Schneier on Security

SEPTEMBER 1, 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S.

Hacking 279

Hacking Banking Government Malware 279

Tech Republic Security

AUGUST 31, 2020

Commentary: For organizations struggling to secure their IT, a host of new, developer-focused products are hitting the market. Check out this guide of the best developer-centric security products.

Marketing 186

Marketing 186

Security Affairs

SEPTEMBER 3, 2020

The Evilnum APT group has added a new weapon to its arsenal, it is a Python-based spy RAT, dubbed PyVil, designed to target FinTech organizations. The Evilnum APT group was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider.

Malware 132

Malware Advertising Encryption Phishing 132

Schneier on Security

AUGUST 31, 2020

Seny Kamara gave an excellent keynote talk this year at the (online) CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to.

Government 251

Government 251

Threatpost

SEPTEMBER 3, 2020

The NSA argued its mass surveillance program stopped terrorist attacks - but a new U.S. court ruling found that this is not, and may have even been unconstitutional.

Surveillance 136

Surveillance Data privacy Government 136

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

SEPTEMBER 2, 2020

Instead of trying to remember a long and complex password, try switching to passphrases. Learn why they're important and how they work.

Passwords 204

Passwords 204

Security Affairs

SEPTEMBER 2, 2020

Hackers actively exploiting a critical remote code execution vulnerability in the File Manager plugin, over 300,000 WordPress sites potentially exposed. Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin.

Firewall 131

Firewall Advertising Hacking 131

Schneier on Security

SEPTEMBER 4, 2020

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis.

Hacking 245

Hacking 245

Dark Reading

SEPTEMBER 1, 2020

Mass domain purchasing enables email attackers to slip by traditional defenses. Here's how artificial intelligence can stop them.

Artificial Intelligence 138

Artificial Intelligence 138

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

SEPTEMBER 4, 2020

This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.

Phishing 190

Phishing Accountability 190

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The npm security team has removed the JavaScript library “ fallguys ” from the npm portal because it was containing a malicious code used to steal sensitive files from an infected users’ browser and Discord application.

Advertising 129

Advertising Hacking Information Security Malware 129

Schneier on Security

SEPTEMBER 3, 2020

Interesting story of a class break against the entire Tesla fleet.

Hacking 237

Hacking 237

WIRED Threat Level

SEPTEMBER 2, 2020

Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims.

Hacking 134

Hacking Ransomware 134

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

SEPTEMBER 4, 2020

If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.

Authentication 187

Authentication 187

Security Affairs

SEPTEMBER 2, 2020

Experts warn of the KryptoCibule Windows malware that has been active since late 2018 and has targeted users in the Czech Republic and Slovakia. Security researchers from ESET have shared technical detailts of a new piece of Windows malware tracked as KryptoCibule. The malware has been active since at least December 2018, it targets cryptocurrency users as a triple threat.

Cryptocurrency 127

Cryptocurrency Antivirus Malware Advertising 127

Threatpost

SEPTEMBER 4, 2020

The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.

Mobile 121

Mobile 121

Dark Reading

SEPTEMBER 2, 2020

From COVID-19 treatment to academic studies, keeping research secure is more important than ever. The ResearchSOC at Indiana University intends to help.

Cyber Attacks 122

Cyber Attacks 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

SEPTEMBER 4, 2020

Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.

Passwords 189

Passwords 189

Security Affairs

SEPTEMBER 1, 2020

French President Emmanuel Macron announced that France won’t ban the Chinese giant Huawei from its upcoming 5G telecommunication networks. French President Emmanuel Macron announced that his government will not exclude Chinese telecom giant Huawei from the building of the upcoming 5G telecommunication networks. However, Macron said that France will favor European providers of 5G technology due to security concerns.

Telecommunications 122

Telecommunications Advertising Technology Manufacturing 122

WIRED Threat Level

SEPTEMBER 4, 2020

Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case.

Software 119

Software 119

Threatpost

SEPTEMBER 4, 2020

A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.

Phishing 135

Phishing Passwords Hacking 135

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

SEPTEMBER 3, 2020

Social distancing and remote working during COVID-19 have increased cybersecurity risks for companies worldwide, increasing the need for project managers to work on more security-related efforts.

Risk 153

Risk Cybersecurity 153

Security Affairs

AUGUST 31, 2020

Cisco warns that threat actors are attempting to exploit a high severity DoS flaw in its Cisco IOS XR software that runs on carrier-grade routers. Cisco warned over the weekend that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability ( CVE-2020-3566 ) affecting the Cisco IOS XR Network OS that runs on carrier-grade routers.

Software 120

Software Internet Internet Advertising 120

Dark Reading

SEPTEMBER 2, 2020

School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.

Cybersecurity 114

Cybersecurity 114

SecureWorld News

SEPTEMBER 2, 2020

There is an interesting legal twist coming to us now in a lawsuit filed following a 2020 ransomware attack. An attack where hackers exfiltrated data from the company and then the cybercriminals threatened to publish it. The class action lawsuit is going after Blackbaud, which provides marketing and fundraising software in the cloud, used by thousands of charities, universities and healthcare organizations in North America and Europe.

Ransomware 104

Ransomware Healthcare Data breaches Cyber threats 104

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk