Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Hacking 342

Hacking Marketing Cybercrime Accountability 342

Adam Levin

JULY 15, 2020

The discovery of a database for sale on the dark web suggests the 2019 data breach of MGM Resorts was significantly larger than initially reported. Access to the database was made available on a dark web cybercrime marketplace for roughly $3,000. It contains the personal information of more than 142 million guests of MGM hotels, according to technology reporting site ZDNet.

Data breaches 198

Data breaches Cybercrime Accountability Technology 198

Schneier on Security

JULY 15, 2020

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network administrators should perform the following tasks on a regular basis: Reduce the VPN gateway attack surface Verify that cryptographic algori

VPN 269

VPN Cybersecurity 269

Troy Hunt

JULY 17, 2020

I made it to 200! And look at that picture quality too ?? I'm streaming in 1080p rather than 4K and that's absolutely fine for content like this. I've finally gotten on top of the camera setup and the Elgato HDMI dongle to allow the camera to be seen as a webcam over HDMI. I really want to write this up in detail for next week's update because with the new PC as well, I'm super happy with how this all works together.

Social Engineering 191

Social Engineering Engineering Accountability 191

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JULY 14, 2020

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone.

DNS 268

DNS Backups System Administration Software 268

Tech Republic Security

JULY 17, 2020

A digital panel discussion sponsored by MIT's Sloan CIO Digital Learning Series covered a range of topics from protecting remote workers to phishing to how to manage risk.

CISO 203

CISO Cybersecurity Phishing Risk 203

Adam Levin

JULY 15, 2020

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. Most of the messages requested a transfer of Bitcoin with a promise of doubling all payments made within 30 minutes of posting.

Hacking 167

Hacking Social Engineering Scams Accountability 167

Jane Frankland

JULY 13, 2020

COVID-19 has spread around the world at lightning speed since it emerged at the tail end of 2019 in Wuhan, China. Due to the pandemic, and the impact it’s having on businesses, last week I offered a free, online masterclass for entrepreneurs. I wanted to teach them how to deal constructively with a crisis and how to build their resilience. Having had over twenty-two years of business experience, including business turnaround and recovery, I wanted to ensure other entrepreneurs could move forward

Small Business 130

Small Business Banking Healthcare Technology 130

Tech Republic Security

JULY 16, 2020

Malicious actors are posing as Netflix, Hulu, and more, to launch phishing attacks, steal passwords, launch spam, and distribute viruses.

Malware 207

Malware Phishing Passwords 207

Schneier on Security

JULY 13, 2020

A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist.

Accountability 254

Accountability 254

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Adam Levin

JULY 15, 2020

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. Most of the messages requested a transfer of Bitcoin with a promise of doubling all payments made within 30 minutes of posting.

Hacking 130

Hacking Social Engineering Scams Accountability 130

Daniel Miessler

JULY 13, 2020

THIS WEEK’S TOPICS: Americans in China, TikTok Banning, Chinese Critics, BlueLeaks, Router Security, COVID Accelerating Trends, Twitter Subscriptions?, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Tech Republic Security

JULY 16, 2020

Campaigns exploiting COVID-19 remained popular last quarter, but cybercriminals also relied on tried and true subjects, says KnowBe4.

Phishing 208

Phishing 208

Adam Shostack

JULY 13, 2020

The EFF has filed an amicus brief on the Computer Fraud and Abuse Act: Washington, D.C.—The Electronic Frontier Foundation (EFF) and leading cybersecurity experts today urged the Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA)—and protect the security research we all rely on to keep us safe—by holding that accessing computers in ways that violate terms of service (TOS) does not violate the law.

Computers and Electronics 130

Computers and Electronics Cybersecurity 130

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

JULY 14, 2020

A four-rotor Enigma machine -- with rotors -- is up for auction.

Encryption 300

Encryption 300

Security Affairs

JULY 15, 2020

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link]. I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun. “We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers&#

Advertising 142

Advertising Hacking Government Banking 142

Tech Republic Security

JULY 17, 2020

If you're looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool.

Malware 174

Malware Cybersecurity 174

WIRED Threat Level

JULY 16, 2020

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting.

Hacking 145

Hacking Accountability 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

JULY 17, 2020

With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.

Hacking 136

Hacking Social Engineering Accountability Engineering 136

Security Affairs

JULY 13, 2020

Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@Au

Mobile 135

Mobile InfoSec Data breaches Advertising 135

Tech Republic Security

JULY 14, 2020

The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.

Identity Theft 212

Identity Theft Data breaches 212

Adam Shostack

JULY 14, 2020

I enjoyed being a guest on Software Engineering Radio: Adam Shostack on Threat Modeling. It’s a substantial, in depth interview, running nearly 80 minutes, and covering a wide variety of topics.

Engineering 100

Engineering Software 100

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Jane Frankland

JULY 13, 2020

Last year, the world’s largest non-profit membership association of certified cybersecurity professionals, (ISC)², announced the findings of its Cybersecurity Workforce Study. For the first time, they estimated that the cybersecurity workforce was almost 3 million, and a growth of 145% (just over 4 million) was needed to close the skills gap and better defend organisations worldwide.

Cybersecurity 100

Cybersecurity Government Engineering Technology 100

Security Affairs

JULY 14, 2020

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. A credible actor is selling details of 142 million MGM hotel guests on the dark web , the news was reported in exclusive by ZDNet.

Data breaches 120

Data breaches Advertising Hacking Cybercrime 120

Tech Republic Security

JULY 15, 2020

Government agencies were most heavily hit by ransomware during the first quarter, says Positive Technologies.

Ransomware 199

Ransomware Accountability Government Technology 199

Threatpost

JULY 16, 2020

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

Phishing 134

Phishing Social Engineering Engineering 134

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

WIRED Threat Level

JULY 12, 2020

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier.

Authentication 120

Authentication Accountability 120

Security Affairs

JULY 17, 2020

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France. The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity.

Business Services 119

Business Services Ransomware Mobile Telecommunications 119

Tech Republic Security

JULY 17, 2020

Nearly a third of professionals said they have to remediate email-based attacks every day, GreatHorn found.

Phishing 198

Phishing 198

Threatpost

JULY 13, 2020

A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.

Scams 114

Scams 114

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk