Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Hacking 363

Hacking Marketing Cybercrime Accountability 363

Schneier on Security

JULY 14, 2020

A four-rotor Enigma machine -- with rotors -- is up for auction.

Encryption 269

Encryption 269

Troy Hunt

JULY 17, 2020

I made it to 200! And look at that picture quality too ?? I'm streaming in 1080p rather than 4K and that's absolutely fine for content like this. I've finally gotten on top of the camera setup and the Elgato HDMI dongle to allow the camera to be seen as a webcam over HDMI. I really want to write this up in detail for next week's update because with the new PC as well, I'm super happy with how this all works together.

Social Engineering 243

Social Engineering Engineering Accountability 243

Tech Republic Security

JULY 15, 2020

Government agencies were most heavily hit by ransomware during the first quarter, says Positive Technologies.

Ransomware 218

Ransomware Accountability Government Technology 218

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

JULY 14, 2020

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone.

DNS 344

DNS Backups Software System Administration 344

Schneier on Security

JULY 15, 2020

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network administrators should perform the following tasks on a regular basis: Reduce the VPN gateway attack surface Verify that cryptographic algori

VPN 238

VPN Cybersecurity 238

Tech Republic Security

JULY 14, 2020

The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.

Identity Theft 218

Identity Theft Data breaches 218

WIRED Threat Level

JULY 16, 2020

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting.

Hacking 145

Hacking Accountability 145

Schneier on Security

JULY 17, 2020

Motherboard is reporting that this week's Twitter hack involved a bribed insider. Twitter has denied it. I have been taking press calls all day about this. And while I know everyone wants to speculate about the details of the hack, we just don't know -- and probably won't for a couple of weeks.

Hacking 219

Hacking 219

Security Affairs

JULY 13, 2020

Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@Au

Mobile 145

Mobile InfoSec Data breaches Advertising 145

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

JULY 17, 2020

A digital panel discussion sponsored by MIT's Sloan CIO Digital Learning Series covered a range of topics from protecting remote workers to phishing to how to manage risk.

CISO 217

CISO Cybersecurity Phishing Risk 217

Threatpost

JULY 17, 2020

With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.

Hacking 136

Hacking Social Engineering Accountability Engineering 136

Schneier on Security

JULY 13, 2020

A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist.

Accountability 218

Accountability 218

Security Affairs

JULY 15, 2020

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link]. I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun. “We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers&#

Advertising 145

Advertising Hacking Government Banking 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

JULY 16, 2020

Malicious actors are posing as Netflix, Hulu, and more, to launch phishing attacks, steal passwords, launch spam, and distribute viruses.

Malware 217

Malware Phishing Passwords 217

Threatpost

JULY 16, 2020

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

Phishing 134

Phishing Social Engineering Engineering 134

Daniel Miessler

JULY 13, 2020

THIS WEEK’S TOPICS: Americans in China, TikTok Banning, Chinese Critics, BlueLeaks, Router Security, COVID Accelerating Trends, Twitter Subscriptions?, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Security Affairs

JULY 14, 2020

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. A credible actor is selling details of 142 million MGM hotel guests on the dark web , the news was reported in exclusive by ZDNet.

Data breaches 145

Data breaches Advertising Hacking Cybercrime 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JULY 17, 2020

Nearly a third of professionals said they have to remediate email-based attacks every day, GreatHorn found.

Phishing 215

Phishing 215

Adam Shostack

JULY 13, 2020

The EFF has filed an amicus brief on the Computer Fraud and Abuse Act: Washington, D.C.—The Electronic Frontier Foundation (EFF) and leading cybersecurity experts today urged the Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA)—and protect the security research we all rely on to keep us safe—by holding that accessing computers in ways that violate terms of service (TOS) does not violate the law.

Computers and Electronics 130

Computers and Electronics Cybersecurity 130

WIRED Threat Level

JULY 12, 2020

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier.

Authentication 126

Authentication Accountability 126

Security Affairs

JULY 17, 2020

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France. The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity.

Business Services 144

Business Services Ransomware Mobile Advertising 144

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

JULY 17, 2020

If you're looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool.

Malware 214

Malware Cybersecurity 214

Threatpost

JULY 14, 2020

Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.

DNS 119

DNS 119

WIRED Threat Level

JULY 17, 2020

Concerns about the Chinese government shouldn't be dismissed, experts say. But banning TikTok would be a drastic measure.

Risk 123

Risk Government 123

Security Affairs

JULY 17, 2020

Experts that want to to study phishing attack schema and Kit-composition can use the recently PhishingKitTracker, which is updated automatically. If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits. A phishing kit is not a phishing builder, but a real implementation (actually re-implementation) of a third party website built to lure your victim.

Phishing 142

Phishing Advertising Banking Hacking 142

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JULY 14, 2020

Code running on sites can be exploited to steal or leak data via client-side attacks enabled by the programming language, says Tala Security.

214

214

Threatpost

JULY 16, 2020

Companies should forget about auditing where data resides and who has access to it.

Data breaches 117

Data breaches InfoSec Mobile Hacking 117

WIRED Threat Level

JULY 15, 2020

The Atlas of Surveillance shows which tech law enforcement agencies across the country have acquired. It's a sobering look at the present-day panopticon.

Surveillance 116

Surveillance 116

Security Affairs

JULY 12, 2020

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. Google announced the update of its Google Ads Enabling Dishonest Behavior policy to “prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.

Surveillance 141

Surveillance Spyware Advertising Marketing 141

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!