Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.

Accountability 361

Accountability Hacking Authentication Marketing 361

Troy Hunt

AUGUST 28, 2020

Since I recorded this morning, I've had an absolute breakthrough - I CAN OPEN MY GARAGE DOOR WITH MY WATCH ! I know, I know, it shouldn't be this hard and that's a lot of the point I'm making in this week's video. Having said that, some parts have been hard because I've made simple mistakes , but the nature of the IoT ecosystem as it stands today predisposes you to mistakes because there's so freakin' many moving parts that all need to be aligned.

InfoSec 313

InfoSec IoT Passwords 313

Schneier on Security

AUGUST 27, 2020

Cory Doctorow has writtten an extended rebuttal of The Age of Surveillance Capitalism by Shoshana Zuboff. He summarized the argument on Twitter. Shorter summary: it's not the surveillance part, it's the fact that these companies are monopolies. I think it's both. Surveillance capitalism has some unique properties that make it particularly unethical and incompatible with a free society, and Zuboff makes them clear in her book.

Surveillance 279

Surveillance 279

Adam Levin

AUGUST 26, 2020

Zoom’s service outage on August 24 caused a ripple effect felt in schools and companies across the world. Students were unable to attend classes via remote learning, meetings were cancelled and for roughly three hours users were wondered if the now-ubiquitous platform had been brought down by hackers. Although the company later released an announcement attributing the outage to an “application-level bug,” it made clear that most of us are not prepared for an interruption to a service we’ve grown

Education 246

Education Backups Social Engineering Engineering 246

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

AUGUST 26, 2020

At the height of his cybercriminal career, the hacker known as “ Hieupc ” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer sk

Identity Theft 354

Identity Theft Computers and Electronics Hacking Accountability 354

Tech Republic Security

AUGUST 27, 2020

The BeagleBoyz have made off with nearly $2 billion since 2015, and they're back to attacking financial institutions after a short lull in activity.

Banking 218

Banking Government 218

The Last Watchdog

AUGUST 25, 2020

Long before this awful pandemic hit us, cloud migration had attained strong momentum in the corporate sector. As Covid19 rages on, thousands of large to mid-sized enterprises are now slamming pedal to the metal on projects to switch over to cloud-based IT infrastructure. A typical example is a Seattle-based computer appliance supplier that had less than 10 percent of its 5,000 employees set up to work remotely prior to the pandemic.

Cyber Risk 182

Cyber Risk Software Risk Cloud Migration 182

Krebs on Security

AUGUST 27, 2020

Yesterday’s piece told the tale of Hieu Minh Ngo , a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services.

Identity Theft 344

Identity Theft Retail Government Banking 344

Tech Republic Security

AUGUST 27, 2020

Global tech professionals reveal recruiting projects fueled by budgets prioritizing staff education, according to a recent IT trends report from Netwrix.

Education 218

Education 218

Schneier on Security

AUGUST 25, 2020

Interesting paper: " Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories ": We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third parties. This work replicates and extends the 2012 paper Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns [ 48 ].

Data collection 252

Data collection Risk 252

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Adam Levin

AUGUST 25, 2020

A messaging app popular with activists and protesters around the globe was found to have several major vulnerabilities that could compromise user privacy. Bridgefy is a mesh messaging app that lets users send and receive texts to others nearby without requiring an internet connection. While the developers of the app say it’s ideal for communicating during large gatherings, natural disasters, or in school settings, the app’s publicized security and encryption features have made it a favorite for

Encryption 173

Encryption Authentication Internet Internet 173

Security Affairs

AUGUST 28, 2020

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. The new variant also exploits SMBGhost bug in Windows systems, and is also able to target servers running Redis and Hadoop instances.

Malware 145

Malware Passwords Authentication Internet 145

Tech Republic Security

AUGUST 25, 2020

The burgeoning smart home device market has given rise to digital intrusion and potential energy market manipulation on a massive scale.

IoT 218

IoT Marketing 218

Schneier on Security

AUGUST 26, 2020

Interesting story of an Amazon supplier fraud: According to the indictment, the brothers swapped ASINs for items Amazon ordered to send large quantities of different goods instead. In one instance, Amazon ordered 12 canisters of disinfectant spray costing $94.03. The defendants allegedly shipped 7,000 toothbrushes costing $94.03 each, using the code for the disinfectant spray, and later billed Amazon for over $650,000.

Accountability 251

Accountability Cybercrime 251

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

AUGUST 27, 2020

New Zealand Exchange officials say the motive for the attacks is unclear.

DDOS 140

DDOS 140

Security Affairs

AUGUST 27, 2020

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. Original post: [link]. Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. Printers? Not so much.

Hacking 145

Hacking IoT Firmware Internet 145

Tech Republic Security

AUGUST 24, 2020

A new report from Microsoft suggests that cloud-based technologies and Zero Trust architecture will become mainstays of businesses' cybersecurity investments going forward.

Architecture 218

Architecture Cybersecurity Technology 218

Schneier on Security

AUGUST 24, 2020

DiceKeys is a physical mechanism for creating and storing a 192-bit key. The idea is that you roll a special set of twenty-five dice, put them into a plastic jig, and then use an app to convert those dice into a key. You can then use that key for a variety of purposes, and regenerate it from the dice if you need to. This week Stuart Schechter, a computer scientist at the University of California, Berkeley, is launching DiceKeys, a simple kit for physically generating a single super-secure key th

Passwords 251

Passwords Cryptocurrency Password Management Authentication 251

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Threatpost

AUGUST 24, 2020

APIs make your systems easier to run -- and make it easier for hackers, too.

Cybercrime 140

Cybercrime InfoSec Hacking Cybersecurity 140

Security Affairs

AUGUST 26, 2020

FBI authorities arrested a Russian national in the U.S. after attempting to recruit an employee at a targeted company to plant a malware. US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. The man was arrested on August 22 and appeared in court on August 24.

Malware 145

Malware DDOS Advertising Hacking 145

Tech Republic Security

AUGUST 24, 2020

SecAdmins working to protect infrastructure, whether in a defensively or offensively, may find these programming languages helpful in safeguarding apps, systems, and hardware from threats.

218

218

WIRED Threat Level

AUGUST 23, 2020

FritzFrog has been used to try and infiltrate government agencies, banks, telecom companies, and universities across the US and Europe.

Banking 137

Banking Government Hacking 137

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

AUGUST 28, 2020

The Democratic National Committee advises against sharing too much work and personal information on popular dating apps.

135

135

Security Affairs

AUGUST 28, 2020

Elon Musk confirmed that Russian hackers attempted to recruit an employee to install malware into the network of electric car maker Tesla. Recently US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. The man was arrested on August 22 and appeared in court on August 24.

Malware 145

Malware Surveillance Hacking Spyware 145

Tech Republic Security

AUGUST 24, 2020

Tech consultants and journalists have their own conflicting opinions about the best way to manage access in a world full of security risks.

Password Management 217

Password Management Risk Passwords 217

Threatpost

AUGUST 26, 2020

Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.

Data breaches 134

Data breaches 134

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

AUGUST 28, 2020

Key to this new definition is the principle that security programs are designed to minimize business risk, not to achieve 100% no-risk.

CISO 132

CISO Risk 132

Security Affairs

AUGUST 28, 2020

The Iran-linked Charming Kitten APT group leveraged on WhatsApp and LinkedIn to carry out phishing attacks, researchers warn. Clearsky security researchers revealed that Iran-linked Charming Kitten APT group is using WhatsApp and LinkedIn to conduct spear-phishing attacks. Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organi

Phishing 145

Phishing Accountability Advertising Media 145

Tech Republic Security

AUGUST 27, 2020

Small municipalities suffer the majority of ransomware, but they aren't the only ones suffering as ransoms rise and payouts become more common.

Ransomware 217

Ransomware Government 217

Threatpost

AUGUST 28, 2020

Researchers warn that a phishing scam is targeting Instagram users via direct messages on the app.

Scams 130

Scams Phishing Media Mobile 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!