Krebs on Security

MARCH 17, 2020

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “ money mules ” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here’s the story of one upstart mule factory that spoofs a major nonprofit and tells new employees they’ll be collecting and transmitting donations for an international “Corona

Banking 326

Banking Scams Accountability Healthcare 326

Troy Hunt

MARCH 18, 2020

Under normal circumstances, we'd be sitting on a stage, beers in hands and doing our (I think we can use this term now) "world famous" Cyber-broken talk. It's like Top gear for nerds. @troyhunt #NDCLondon pic.twitter.com/wxzhM6uOCG — HarryMiller (@HarryMillerr) January 31, 2019 Scott and I have been doing these for a couple of years now, initially as a bit of a space-filler at NDC Security on the Gold Coast.

Advertising 298

Advertising Media 298

Schneier on Security

MARCH 16, 2020

The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened separately when going through security.

Government 363

Government 363

Adam Shostack

MARCH 17, 2020

The current situation is scary and anxiety-provoking, and I can’t do much to fix that. One thing I can do is give people a chance to learn, and so I’m making my Linkedin Learning classes free this week. (I’m told that each class is free for the day, so you’ll need to watch each within a day of starting the course.). These links should open the courses (and as I understand it, start the clock).

246

246

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

MARCH 20, 2020

Finastra , a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.

Ransomware 280

Ransomware Healthcare Banking Data breaches 280

Troy Hunt

MARCH 19, 2020

Subject: Data Breach of [your service] Hi, my name is Troy Hunt and I run the ethical data breach notification service known as Have I Been Pwned: [link]. People regularly send me data from compromised systems which are being traded amongst individuals who collect breaches. Recently, a collection of data allegedly taken from the [your service] was sent to me and I believe there’s a high likelihood your site was indeed hacked.

Data breaches 263

Data breaches Media Hacking Passwords 263

Schneier on Security

MARCH 19, 2020

SANS has made freely available its " Work-from-Home Awareness Kit.". When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected.

VPN 324

VPN Network Security Accountability Software 324

Krebs on Security

MARCH 16, 2020

Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit , effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org , an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary s

Malware 245

Malware Internet Internet Government 245

Troy Hunt

MARCH 15, 2020

Of course it's virtual because let's face it, nobody is going anywhere at the moment. Plenty of you aren't even going into an office any more let alone fronting up to a conference with hundreds or even thousands of people. That sucks for you because you end up both missing out on events and sooner or later, suffering from cabin fever (I've always found that difficult across many years of remote work).

Hacking 254

Hacking Technology Software Risk 254

Adam Levin

MARCH 17, 2020

The COVID19 pandemic, also known as the novel coronavirus, has affected daily life in unprecedented ways. Because of home-work and homeschooling measures, millions of Americans are using video conferencing for the first time. With this surge in new users, there will be many cyber security challenges. Workplace meetings, college classes, and even children’s playdates are now being held via webcam in the hopes of preventing the spread of the virus.

IoT 201

IoT Firewall Internet Internet 201

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

MARCH 18, 2020

Interesting data : A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense.

Risk 275

Risk 275

Krebs on Security

MARCH 20, 2020

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai , a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.

IoT 234

IoT DDOS VPN Firewall 234

Troy Hunt

MARCH 20, 2020

Geez, where do I even begin? I honestly wasn't sure, then I could hear the kids playing in the background whilst I was setting up and per the video thought "yeah, stuff it, I'll leave that in" because as messed up as a bunch of stuff is, life goes on. And that's where I really wanted to start this week - what life looks like today. As I say in the video, it's paradoxical because it's all (mostly) very normal here, but it's painful to watch what's happening to friends around the world.

Data breaches 215

Data breaches Hacking Technology 215

Adam Levin

MARCH 19, 2020

Home routers are typically an easy point of entry for hackers looking for sensitive data. With more employees working remotely, it’s now more important than ever to make sure their routers, and by proxy your company’s data, are protected. . Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected.

Wireless 199

Wireless Firmware Firewall Manufacturing 199

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Last Watchdog

MARCH 16, 2020

Many companies take an old-school approach to bringing up the rear guard, if you will, when it comes to protecting IT assets. It’s called network segmentation. The idea is to divide the network up into segments, called subnetworks, to both optimize performance as well as strengthen security. Related: A use case for endpoint encryption At RSA 2020 in San Francisco recently, I learned about how something called “micro segmentation” is rapidly emerging as a viable security strategy.

Cybersecurity 210

Cybersecurity IoT Internet Internet 210

Adam Shostack

MARCH 19, 2020

This post comes from a conversation I had on Linkedin with Clint Gibler. He wrote: One challenge I’ve heard from a number of companies is that, with say 3-5 AppSec engineers supporting 500 – 1000 devs, you can’t TM every story, or even every epic. So what do you focus on? The high risk / most critical things. But what are those? It’s not always easy to have visibility or even awareness of everything being built in fast moving, complex, large environments.

Engineering 182

Engineering Risk 182

Tech Republic Security

MARCH 17, 2020

The app promises access to a coronavirus map tracker but instead holds your contacts and other data for ransom, DomainTools found.

Ransomware 218

Ransomware 218

Adam Levin

MARCH 19, 2020

With businesses sending employees to work from home in the wake of Covid-19, the cybersecurity of their home offices has become paramount. One of the best ways to keep employee and business data protected is by having them connect via Virtual Private Network. . Here are five ways VPNs can keep remote employees secure. Better Network and Firewall Protection: By routing an employee’s internet traffic through your company network, you can provide the same firewalls and network-level protection that

VPN 130

VPN Firewall Authentication Passwords 130

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Daniel Miessler

MARCH 17, 2020

THIS WEEK’S TOPICS: Virus updates, Github gets NPM, New Stimulus, Amazon Hiring 100K, Saltwater Nozzles, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Security Affairs

MARCH 16, 2020

While the Coronavirus is spreading in the U.S., a mysterious cyberattack hit the Department of Health and Human Services on Saturday. According to Bloomberg, that cited three people familiar with the matter, a cyberattack hit the U.S. Department of Health and Human Services on Saturday night. People cited by Bloomberg confirmed that the cyber attack aimed at slowing the agency’s systems down. “The U.S.

Cyber Attacks 140

Cyber Attacks Advertising Healthcare Data breaches 140

Tech Republic Security

MARCH 19, 2020

Malicious COVID-19 domains and special virus-themed sales on the dark web are two ways criminals are using the outbreak to ramp up business, said security provider Check Point.

151

151

Adam Levin

MARCH 18, 2020

With companies telling their employees to stay home to slow the spread of Covid-19, many are holding meetings remotely. Here’s what to look for when choosing a videoconferencing platform: End-to-end encryption: This makes it harder to intercept any potentially sensitive information being discussed. Attendance via PIN: The only attendees allowed into a meeting should be issued a personal identification number that changes each meeting.

Banking 130

Banking Encryption Passwords Technology 130

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Last Watchdog

MARCH 18, 2020

Corporate America’s love affair with cloud computing has hit a feverish pitch. Yet ignorance persists when it comes to a momentous challenge at hand: how to go about tapping the benefits of digital transformation while also keeping cyber exposures to a minimum level. Related: Why some CEOs have quit tweeting That’s the upshot of FireMon’s second annual State of Hybrid Cloud Security Report of 522 IT and security professionals, some 14 percent of whom occupy C-suite positions.

Digital transformation 115

Digital transformation Software Technology Network Security 115

Security Affairs

MARCH 20, 2020

Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizati

Phishing 138

Phishing Accountability Advertising DNS 138

Tech Republic Security

MARCH 19, 2020

Security company is using thermal imaging and AI to identify people with a temperature of 100 degrees.

201

201

Adam Levin

MARCH 16, 2020

The Federal Bureau of Investigation’s 2019 annual Internet Crime Report included 467,361 complaints about suspected internet crime with losses of $3.5 billion. Of those cases, 23,775 of them were business email compromises (BEC). $1.7 billion, or roughly half, of the total losses in 2019 were attributed to generic email account compromise (EAC) complaints.

Scams 130

Scams Identity Theft Phishing Accountability 130

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Thales Cloud Protection & Licensing

MARCH 19, 2020

The need to ensure the ability to work from anywhere is more important than ever. In today’s business environment, constant access to information and services is essential for communication and getting business done whether you are in sales, finance, marketing or the legal profession. This is especially true when we face global incidents like we face today.

VPN 131

VPN CISO Passwords Scams 131

Security Affairs

MARCH 14, 2020

A cyber attack hit one of the major COVID-19 testing laboratories in Czech, the Brno University Hospital in the city of Brno. While the Coronavirus (COVID-19) is spreading on a global scale, crooks and nation-state actors are launching Coronavirus-themed attacks against targets worldwide. The healthcare systems of any country are under pressure, for this reason, the news of a cyberattack against a hospital is regrettable.

Cyber Attacks 133

Cyber Attacks Cybercrime Advertising Media 133

Tech Republic Security

MARCH 19, 2020

The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying.

VPN 150

VPN Technology 150

Adam Levin

MARCH 16, 2020

Adam Levin provides tips on how to protect your smartphone and your data from hackers. The post It’s Time to Get Smarter About Our Smartphones – Third Certainty #14 appeared first on Adam Levin.

Mobile 130

Mobile 130

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk