Krebs on Security
APRIL 23, 2020
Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.
Schneier on Security
APRIL 24, 2020
OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 23, 2020
Ranging from ethical hacking to cloud security, these certs make it easier to get promoted and negotiate a higher salary.
Daniel Miessler
APRIL 20, 2020
THIS WEEK’S TOPICS: Bay Area Lockdown Til May, The Swedish Approach, California Autopsies, Zoom Security Updates, Palantir Contacts, NSA Web Vulns, GreyNoise Services, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
APRIL 20, 2020
Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords. Hackers are offering for sale over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums, the archive doesn’t include passwords. Early March, the security expert Bob Diachenko uncovered an Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names.
Schneier on Security
APRIL 23, 2020
The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
APRIL 23, 2020
A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease.
Security Affairs
APRIL 19, 2020
The FBI announced that the number of cybercrime reports is spiked since the beginning of the Coronavirus (COVID-19) pandemic. Speaking at the Aspen Institute, FBI Deputy Assistant Director Tonya Ugoretz, announced that the bureau has observed a spike in cybercrime reports since the beginning of the C oronavirus pandemic. The FBI official explained that the number of reports has quadrupled compared to months before the COVID-19 outbreak. “The FBI has an Internet Crime Complaint Center, the
Schneier on Security
APRIL 21, 2020
This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from countries such as Iran, Egypt and Saudi Arabia.
Tech Republic Security
APRIL 24, 2020
Campaigns against government agencies, educational establishments, and healthcare providers aren't proving as successful as expected, says security firm Emsisoft.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
APRIL 24, 2020
After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked.
Security Affairs
APRIL 23, 2020
Google warns that nation-backed hackers are exploiting the COVID-19 pandemic to organizations involved in the fight against the pandemic. Google is warning that nation-state actors are exploiting the COVID-19 (Coronavirus) pandemic to target health care organizations and entities involved in the fight against the pandemic. Google’s Threat Analysis Group (TAG) shared its latest findings related to state-backed attacks and revealed that it has identified more than a dozen state-sponsored groups us
Schneier on Security
APRIL 20, 2020
Microsoft is training a machine-learning system to find software bugs : At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply more people to the problem. However, large volumes of semi-curated data are perfect for machine learning.
Tech Republic Security
APRIL 21, 2020
Many small- and mid-sized business owners say they lack of the time or resources to effectively battle ransomware, according to a survey from security provider Infrascale.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Thales Cloud Protection & Licensing
APRIL 21, 2020
As the U.S. federal government contends with a tidal wave of demands in the COVID-19 battle, agencies are pushed to unprecedented limits. Some good news: the U.S. government is excelling with digital transformation (DX) which is critical in this time of crisis as the cloud becomes a crucial dynamic with the world working remotely. New digital capabilities are enabling data to be more fully utilized.
Security Affairs
APRIL 21, 2020
The OpenSSL Project has released a security update for OpenSSL that addresses a DoS vulnerability tracked as CVE-2020-1967. The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. This is the first issue addressed in OpenSSL in 2020.
Lenny Zeltser
APRIL 19, 2020
You can now take my malware analysis and cybersecurity writing courses online in two formats at SANS Institute, depending on how you prefer to learn: OnDemand: Self-paced, recorded training with four months of access to course materials and labs. You’ll like this if you prefer to start, stop, or speed up training any time they want or who need the flexibility of extended access to the materials.
Tech Republic Security
APRIL 21, 2020
Designed to mimic legitimate users, these bots allow attackers to mine data, brute force login credentials, and harvest personal information, according to Imperva.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
APRIL 20, 2020
Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.
Security Affairs
APRIL 18, 2020
TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19 -themed malicious emails and attachments.
WIRED Threat Level
APRIL 22, 2020
Security researchers reveal a months-long, indiscriminate campaign targeting the iPhones of Chinese Muslims.
Tech Republic Security
APRIL 24, 2020
Telecommuting comes with its own set of cybersecurity risks. Kaspersky has announced a free training module to help remote teams make more informed cybersecurity decisions.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
APRIL 24, 2020
Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them.
Security Affairs
APRIL 22, 2020
China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity, QuoIntelligence (QuoINT) firm reported. Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity. The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007.
WIRED Threat Level
APRIL 19, 2020
In an exclusive interview with WIRED, FBI director Christopher Wray discusses a scourge that “moves at the speed of social media.”.
Tech Republic Security
APRIL 22, 2020
Zoom 5.0 is due to be launched within a week, bringing 256-bit encryption and new features for helping hosts stay in control of their meetings and their data.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
APRIL 21, 2020
To successfully mitigate evolving attacks, security teams must use the exact same AI tools that create those attacks in the first place.
Security Affairs
APRIL 18, 2020
Hacker claims to have breached the Aptoide app store users early this month and now leaked 20 million records out of 39 million Aptoide user records. A hacker has leaked this week details of 20 million users of the Aptoide app store, the claims to have breached the store early this months and to be in possession of 39 million Aptoids user records. The news was reported by ZDNet, the stolen data were published on a well-known hacking forum.
WIRED Threat Level
APRIL 22, 2020
More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report.
Tech Republic Security
APRIL 22, 2020
The Maze ransomware group is believed to be responsible for the attack, and it typically blackmails victims by demanding payment to decrypt stolen files.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
358 
Let's personalize your content