Krebs on Security
MAY 23, 2020
When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S. states struggle to combat a tsunami of phony Pandemic Unemployment Assistance (PUA) claims.
The Last Watchdog
MAY 26, 2020
Doing authentication well is vital for any company in the throes of digital transformation. Digital commerce would fly apart if businesses could not reliably affirm the identities of all humans and all machines, that is, computing instances, that are constantly connecting to each other across the Internet. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 27, 2020
Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors. Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I marked out the ports and what they are known for (with a few blanks for ones I am unfamiliar with): 5900: VNC. 5901: VNC port 2. 5902: VNC port 3. 5903: VNC port 4. 5279: 3389: Windows remote desktop / RD
Troy Hunt
MAY 29, 2020
First time back in a restaurant! Wandering down my local dining area during the week, I was rather excited to see a cafe that wasn't just open, but actually had spare seating. Being limited to only 10 patrons at present, demand is well in excess of supply and all you have to do is leave some contact info in case someone else in the restaurant tests positive at a later date.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Krebs on Security
MAY 28, 2020
The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail.
Tech Republic Security
MAY 29, 2020
Zero trust means rethinking the safety of every bit of tech on a network. Learn five steps to building a zero trust environment.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
MAY 29, 2020
If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profoundly and permanently disrupted by the coronavirus pandemic. The tech giants are partnering on a tool for public good, but critics worry it will ultimately get used for predatory surveillance Related: Europe levies big fines for data privacy missteps If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profou
Adam Levin
MAY 26, 2020
Over 25 million user logins and passwords from a popular math app are being offered for sale on the dark web following a data breach. Mathway, a popular app for iOS and Android devices, recently uncovered evidence of the breach after a hacking group announced it was selling Mathway user data on the dark web for roughly $4,000 in Bitcoin. . ShinyGroup, a hacking group notorious for selling compromised data, announced that they had breached Mathway in January 2020.
Tech Republic Security
MAY 29, 2020
People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.
Schneier on Security
MAY 29, 2020
The 5GBioShield sells for £339.60, and the description sounds like snake oil : its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF [electromagnetic field] emitting device".
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
MAY 26, 2020
70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. According to the Veracode’s annual State of Software Security report, 70 percent of mobile and desktop applications being used today have at least one security flaw that is the result of the use of an open-source library.
WIRED Threat Level
MAY 23, 2020
The Unc0ver tool works on all versions of iOS from 11 to 13.5, the current release.
Tech Republic Security
MAY 28, 2020
The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security.
Schneier on Security
MAY 26, 2020
This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
MAY 29, 2020
Security experts from Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. A few weeks ago, threat intelligence firm Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. According to the experts, the leak includes government data of an entire country, it was leaked online by a reputable actor that goes online with moniker ‘Toogod.”. “A few weeks ago, our researchers came across a leaked databa
InfoWorld on Security
MAY 26, 2020
Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.
Tech Republic Security
MAY 27, 2020
An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States.
Schneier on Security
MAY 29, 2020
Note that this is " announced ," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling out on Android in March and is now bringing to iOS, uses machine learning analysis of communications across Faceb
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
MAY 25, 2020
Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to have been hacked and their databases have been leaked online. Researchers from intelligence firm Cyble made the headlines again, this time they have discovered online the databases of three hacking forums. The three forums are Sinful Site , SUXX.TO and Nulled , they were all hacked. Databases of three #Hacking #Forums ( [link] , [link] , and [link] ) Got Breached.
WIRED Threat Level
MAY 28, 2020
In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim.
Tech Republic Security
MAY 28, 2020
Scammers are increasingly exploiting file sharing sites such as Google Docs and Microsoft Sway to steal user credentials, according to Barracuda Networks.
Dark Reading
MAY 26, 2020
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your organization has fallen victim and is going to pay. Here's how to handle it.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
MAY 29, 2020
Threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks, Kaspersky reported. Researchers from Kaspersky’s ICS CERT unit reported that threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks. The experts first observed the attacks in early 2020, while in early May, threat actors targeted organizations in Japan, Italy, Germany and the UK.
Daniel Miessler
MAY 25, 2020
THIS WEEK’S TOPICS: Twitter Bots, Face Recognition Headsets, Chrome Bug Memories, Virtual Currency, White House OPSEC, Realtime Language Translation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. Subscribe To Podcast. Show Notes.
Tech Republic Security
MAY 29, 2020
In the digital age, paper files--even those containing sensitive information--are not usually considered as high a security risk. Experts say that's a mistake.
Threatpost
MAY 27, 2020
The new malware family was seen pretending to be an official Italian app, called Immuni.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
MAY 23, 2020
Officials revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims. The Florida Department of Economic Opportunity revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims. It has notified 98 people that have been impacted by the incident, government representatives didn’t disclose when the breach took place either the number of the affected indivi
WIRED Threat Level
MAY 23, 2020
These built-in features definitely protect your data, but they can help keep your inbox tidy too.
Tech Republic Security
MAY 29, 2020
Security concerns remain prominent across all network environments, with some unique to the network edge, SDN, and other services. Get some tips from industry insiders.
Threatpost
MAY 27, 2020
Passwords and other credentials have been listed on Have I Been Pwned as attack rumors circulate.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
356 
Let's personalize your content