Troy Hunt

OCTOBER 28, 2020

Been a lot of "victim blaming" going on these last few days. The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty. Here's where it all started: This is a great example of how bad people are at reading and understanding even the domain part of the URL then making decisions based on that which affect their security and privacy (see the answer under the pol

Phishing 363

Phishing Password Management Passwords Internet 363

Schneier on Security

OCTOBER 27, 2020

Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names. We’ve long known that redacting is hard in the modern age, but most of the failures to date have been a result of not realizing that covering digital text with a black bar doesn’t always remove the text from the underlying digital file.

Engineering 362

Engineering 362

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.

Hacking 358

Hacking Ransomware Banking Accountability 358

Javvad Malik

OCTOBER 29, 2020

There’s often a lot of debate as to what the best security or hacking movie is. Many people talk about Hackers, or Sneakers, or try and slip Mr Robot into the mix. But they are all way way waaaaay off the mark. I was reminded of this by Phil Cracknell who posted on linkedin that in his opinion the Kevin Costner, Whitney Houston classic, Bodyguard was the best infosec movie.

CISO 246

CISO InfoSec Banking Ransomware 246

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Troy Hunt

OCTOBER 29, 2020

Almost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You Can't Remember. I had come to the realisation that I simply had too many accounts across too many systems to ever have any chance of creating decent unique passwords I could remember. So, I set out to find a password manager and 10 Christmas holidays ago now, I spent the best 50 bucks ever: I choose 1Password way back then and without a shadow of a doubt, it has b

Password Management 362

Password Management Passwords Software Accountability 362

Schneier on Security

OCTOBER 30, 2020

Sunoo Park and Kendra Albert have published “ A Researcher’s Guide to Some Legal Risks of Security Research.” From a summary : Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions (DMCA §1201), electronic privacy law (ECPA), and cryptography export controls, as well as broader legal areas such as contract and trade secret law.

Risk 354

Risk Technology Hacking 354

Daniel Miessler

OCTOBER 28, 2020

I have an unpopular opinion about the security conference scene. Basically, it’s the opposite of what John Strand said here: Can we all agree that pre-recorded Conference talks are horrible? I mean… Why? — strandjs (@strandjs) October 28, 2020. I see this sentiment a lot from a lot of people in infosec, and I think I’ve figured it out.

InfoSec 229

InfoSec Education Information Security 229

Troy Hunt

OCTOBER 30, 2020

It was a bit of a slow start this week. "Plan A" was to use the new GoPro with the Media Mod (including light and lapel mic) and do an outdoor session. This should really be much easier than it was with multiple issues ranging from connectivity drops to audio sync to simply not having a GoPro to tripod adaptor. I'll need to get on top of that before my big Xmas holiday trip and none of these are insurmountable problems, but this stuff should be easy!

Media 293

Media Passwords 293

Schneier on Security

OCTOBER 28, 2020

Senator Ron Wyden asked, and the NSA didn’t answer : The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others. These so-called back doors enable the NSA and other agencies to scan large amounts of traffic without a warrant.

Firewall 330

Firewall Surveillance Government Internet 330

Krebs on Security

OCTOBER 28, 2020

On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime t

Ransomware 279

Ransomware Healthcare Computers and Electronics Cybercrime 279

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

OCTOBER 29, 2020

One policy expert says cybersecurity measures should be an expected item that comes with every purchase, like the safety measures in your car.

Government 218

Government Cybersecurity 218

Security Affairs

OCTOBER 30, 2020

Google researchers disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. Security researchers from Google have disclosed a zero-day vulnerability in the Windows operating system, tracked as CVE-2020-17087, that is currently under active exploitation. Ben Hawkes, team lead for Google Project Zero team, revealed on Twitter that the vulnerability was chained with another Chrome zero-day flaw, tracked as CVE-2020-15999 , that Google re

Advertising 145

Advertising Hacking Information Security Malware 145

Schneier on Security

OCTOBER 29, 2020

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users: I found out that I can visit Waze from any web browser at waze.com/livemap so I decided to check how are those driver icons implemented. What I found is that I can ask Waze API for data on a location by sending my latitude and longitude coordinates. Except the essential traffic information, Waze also sends me coordinates of other drivers who are nearby.

278

278

WIRED Threat Level

OCTOBER 25, 2020

There are plenty of reasons to declutter your online traces. Here's how to tidy up.

145

145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

OCTOBER 28, 2020

Wandera finds malicious network traffic and configuration vulnerabilities on mobile devices as popular entry points for cybercriminals.

Healthcare 218

Healthcare Risk Mobile Cybersecurity 218

Security Affairs

OCTOBER 29, 2020

FBI and the DHS’s CISA agencies published a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia. The FBI, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) has issued a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia.

Healthcare 145

Healthcare Ransomware Cybercrime Advertising 145

Dark Reading

OCTOBER 26, 2020

An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.

140

140

WIRED Threat Level

OCTOBER 28, 2020

The feature is convenient, but it can also leak sensitive data, consume bandwidth, and drain batteries. And some sites are worse than others.

140

140

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

OCTOBER 27, 2020

For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.

Data privacy 217

Data privacy 217

Security Affairs

OCTOBER 27, 2020

Multinational energy company Enel Group has been hit by Netwalker ransomware operators that are asking a $14 million ransom. Systems at the multinational energy company Enel Group has been infected with Netwalker ransomware , it is the second ransomware attack suffered by the energy giant this year. Netwalker ransomware operators are asking a $14 million ransom for the decryption key, the hackers claim to have stolen several terabytes from the company and threaten to leak them if the ransom will

Ransomware 145

Ransomware Advertising Data breaches Malware 145

Dark Reading

OCTOBER 28, 2020

Third-party Web trackers might be following your website visitors' every step. How can new tools like Blacklight help you stop them in their tracks?

135

135

WIRED Threat Level

OCTOBER 25, 2020

The Project Zero reverse engineer shuts down some of the world's most dangerous exploits—along with antiquated hacker stereotypes.

Engineering 134

Engineering 134

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

OCTOBER 29, 2020

BEC campaigns continue to shift their targets from C-suite executives and finance employees to group mailboxes, says Abnormal Security.

195

195

Security Affairs

OCTOBER 24, 2020

Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams. Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a phishing campaign that pretends to be automated message from Microsoft Teams. The bait message uses fake notifications of a “missed chat” from Microsoft Teams, the campaigns aims at stealing Office 365 recipients’ login credentials.

Phishing 145

Phishing Advertising Passwords Hacking 145

Dark Reading

OCTOBER 30, 2020

Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.

Phishing 134

Phishing 134

WIRED Threat Level

OCTOBER 29, 2020

As Covid-19 infections spike in many parts of the US, malware gangs are wreaking havoc on the health care system.

Ransomware 123

Ransomware Malware Hacking 123

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

OCTOBER 27, 2020

Passwords are a constant struggle for businesses and IT departments. There are other ways to stay safe.

Passwords 192

Passwords 192

Security Affairs

OCTOBER 25, 2020

Abaddon is the first RAT that uses the freeware instant messaging and VoIP app and digital distribution platform Discord as a command & control server. Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control.

Malware 145

Malware Advertising Ransomware Encryption 145

Dark Reading

OCTOBER 27, 2020

More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.

Firewall 134

Firewall Technology 134

Threatpost

OCTOBER 30, 2020

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers.

Government 122

Government Hacking Cybersecurity 122

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!