November, 2022

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism.

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Holiday Shopping Online: Safety on Black Friday, Cyber Monday

Lohrman on Security

What are the latest online security tips as we head into another holiday season? What’s the best cyber advice, and what shopping trends should you watch out for

191
191

Data Breach Misattribution, Acxiom & Live Ramp

Troy Hunt

If you find your name and home address posted online, how do you know where it came from? Let's assume there's no further context given, it's just your legitimate personal data and it also includes your phone number, email address. and over 400 other fields of data.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The Last Watchdog

Ever feel like your smart home has dyslexia? Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability. Related: Why standards are so vital. Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations. The technology industry hopes that Matter arises as the lingua franca for the Internet of Things.

Expert published PoC exploit code for macOS sandbox escape flaw

Security Affairs

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Regu?a

More Trending

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Krebs on Security

Vyacheslav “Tank” Penchukov , the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.

2022 Midterm Election Cybersecurity: Are We Ready?

Lohrman on Security

As we head into the pivotal 2022 midterm elections this week, how prepared are states to ensure votes are properly counted and protected from cyber attacks? Here’s a roundup of recent developments

Better Supporting the Have I Been Pwned API with Zendesk

Troy Hunt

I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging from all the usual stuff (namely trawling through masses of data breaches) to all new stuff, in particular expanding and enhancing the public API.

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Email Servers and Satellites will become key cyber-attack targets in 2023

CyberSecurity Insiders

Kaspersky, a security firm having roots in Russia, has released a prediction filled report stating email servers and satellites becoming key cyber attack targets in the year 2023.

Another Event-Related Spyware App

Schneier on Security

Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event.

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect.

Scams 208

Where Next for Blockchain Technology After FTX Collapse?

Lohrman on Security

The bankruptcy filing by crypto giant FTX, along with the dramatic drop in the value of most cryptocurrencies in 2022, has raised new questions regarding the future of blockchain technology.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

The Have I Been Pwned API Now Has Different Rate Limits and Annual Billing

Troy Hunt

A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Today, it's finally here!

GUEST ESSAY: How humans and machines can be melded to thwart email-borne targeted attacks

The Last Watchdog

Phishing emails continue to plague organizations and their users. Related: Botnets accelerate business-logic hacking. No matter how many staff training sessions and security tools IT throws at the phishing problem, a certain percentage of users continues to click on their malicious links and attachments or approve their bogus payment requests. A case in point: With business losses totaling a staggering $2.4

Top cybersecurity threats for 2023

Tech Republic Security

Next year, cybercriminals will be as busy as ever. Are IT departments ready? The post Top cybersecurity threats for 2023 appeared first on TechRepublic. Security malware phishing ransomware

An Untrustworthy TLS Certificate in Browsers

Schneier on Security

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

$1200 for acceleration on a Merc

Javvad Malik

Mercedes is one of the latest car companies to think, “hey, what do we do in a global downturn when new sales are low… I know, let’s limit some features on our car, then when people buy them, charge them extra to unlock it via a subscription model. If it’s worked for SaaS, it can work for us!” ” According to their site , a mere $1200 a month can give you a “noticeable improvement in acceleration of 0.8

Get Pwned, for 30% Less!

Troy Hunt

We've had great feedback from people who have gotten Pwned. Loads of people had told us how much they've enjoyed it and would like to get their friends Pwned too. Personally, I think everyone should get Pwned!

182
182

GUEST ESSAY: The rising need to defend against super hackers, master thieves and digital ghosts

The Last Watchdog

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically? Related: Cyber spying on the rise. Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

F5 fixed 2 high-severity Remote Code Execution bugs in its products

Security Affairs

Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS.

Defeating Phishing-Resistant Multifactor Authentication

Schneier on Security

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise.

Lawsuit Seeks Food Benefits Stolen By Skimmers

Krebs on Security

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state.

Top 6 security risks associated with industrial IoT

Tech Republic Security

Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.

IoT 149

Weekly Update 320

Troy Hunt

I feel like life is finally complete: I have beaches, sunshine and fast internet!

All Cyberattacks Have This in Common

CyberSecurity Insiders

We’re all aware that cybercrime is everywhere. FUD to the max. When things become commonplace, we start to become numb to the news. We are no longer surprised or shocked that these things happen, or who they happen to. There is no instruction manual to perfect security.

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users.

Russian Software Company Pretending to Be American

Schneier on Security

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian.

Patch Tuesday, November 2022 Election Edition

Krebs on Security

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp.

GUEST ESSAY — Security practices companies must embrace to stop AI-infused cyber attacks

The Last Watchdog

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically? Related: Bio digital twin can eradicate heart failure. Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.