Hackers | Fabricants | Magazines | Virus / Malware
Schneier
IT Security
- 8 mai 2018Putting FUD Back in Information Security
FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […] - 16 avril 2018Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix
A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […] - 1 avril 2018Information Security and the Zero-Sum Game
A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […] - 16 mars 2018Google’s new Gaming Venture: A New Player?
Google in Gaming – Facts and Speculation In January 2018, game industry veteran Phil Harrison announced that he was joining Google as a Vice President and GM. With Harrison’s long history of involvement with video game companies – having previously worked with Sony and Microsoft’s Xbox division – this immediately prompted speculation and rumours about […] - 9 février 2018Bubble Economies and the Sustainability of Mobile Gaming
Old Bubbles and New Bubbles Gaming is a technology-based market, and tech markets are no strangers to economic bubbles and the effects of them bursting. The market recession of the early 2000s, most commonly known as the Dotcom Crash, is probably the biggest and most influential ‘burst bubble’ of the internet era. The Dotcom Bubble […]
TAO Security
- 16 juillet 2020I Did Not Write This Book
Fake Book Someone published a « book » on Amazon and claimed that I wrote it! I had NOTHING to do with this. I am working with Amazon now to remove it, or at least remove my name. Stay away from this garbage!Update: Thankfully, within a day or so of this post, the true author of this work removed it from Amazon. It has not returned, at least as far as I have seen.Copyright 2003-2020 Richard Bej … - 4 mai 2020New Book! The Best of TaoSecurity Blog, Volume 1
I’m very pleased to announce that I’ve published a new book!It’s The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It’s available now in the Kindle Store, and if you’re a member of Kindle Unlimited, it’s currently free. I may also publish a print version. If you’re interested, please tell me on Twitter.The book lists at 332 pages and is over 83,000 … - 7 avril 2020If You Can't Patch Your Email Server, You Should Not Be Running It
CVE-2020-0688 Scan Results, per Rapid7tl;dr — it’s the title of the post: « If You Can’t Patch Your Email Server, You Should Not Be Running It. »I read a disturbing story today with the following news: »Starting March 24, Rapid7 used its Project Sonar internet-wide survey tool to discover all publicly-facing Exchange servers on the Internet and the numbers are grim.As they found, ‘at least 357,629 ( … - 2 avril 2020Seeing Book Shelves on Virtual Calls
I have a confession… for me, the best part of virtual calls, or seeing any reporter or commentator working for home, is being able to check out their book shelves. I never use computer video, because I want to preserve the world’s bandwidth. That means I don’t share what my book shelves look like when I’m on a company call. Therefore, I thought I’d share my book shelves with the world.My big cat … - 27 mars 2020Skill Levels in Digital Security
Two posts in one day? These are certainly unusual times.I was thinking about words to describe different skill levels in digital security. Rather than invent something, I decided to review terms that have established meaning. Thanks to Google Books I found this article in a 1922 edition of the Archives of Psychology that mentioned four key terms:The novice is a (person) who has no trade abili …
Information Security Buzz
- 7 août 2020LogMeIn Introduces New LastPass Security Dashboard and Dark Web Monitoring, Delivering a Complete Command Center for Managing Digital Security
London, UK – August 5th, 2020 – LastPass by LogMeIn today unveiled a new Security Dashboard, providing end-users with a complete overview of the security of their online accounts and actionable steps to strengthen their online security. Building on the original LastPass Security Challenge, the new LastPass Security Dashboard now includes dark web monitoring, a new feature available to LastPass Pre … - 6 août 2020Twitter Hack Virtual Bail Hearing Hacked By Porn
A bail hearing by Zoom for the 17-year-old who hacked some of the world’s highest-profile Twitter accounts last month was interrupted by participants showing porn, according to Bloomberg.Graham Ivan Clark, who was arrested last week and hacking into many notable Twitter accounts, was represented by lawyers asking a Florida court to lower their client’s bail. … The ISBuzz Post: This Post Twit … - 6 août 2020Experts Reaction On 900 Pulse Secure Enterprise VPN Passwords Leaked
A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. The list has been … The ISBuzz Post: This Post Experts Reaction On 900 … - 6 août 2020Experts On Google said it took down ten influence operation campaigns in Q2 2020
Google’s Threat Analysis Group has published its bulletin outlining the coordinated influence operation campaigns that were terminated on its platform in Q2 2020. The ISBuzz Post: This Post Experts On Google said it took down ten influence operation campaigns in Q2 2020 appeared first on Information Security Buzz. … - 6 août 2020Expert Commentary: Canon ransomware attack
Please find below expert commentary on th news that Canon experienced a ransomware attack, similar to LG and Xerox. The ISBuzz Post: This Post Expert Commentary: Canon ransomware attack appeared first on Information Security Buzz. …
gHacks
- 7 août 2020Nvidia driver trimmer NVSlimmer updated to version 0.9
It has been a while since we wrote about the excellent NVSlimmer tool here on Ghacks. NVSlimmer is a handy program for owners of NVIDIA graphics cards as it gives more control over the driver installation process. Basically, what it does is remove certain components from the Nvidia driver that you feed it. It is up to you to remove or keep components, but you may be surprised to find out that the … - 7 août 2020Three Reasons not to upgrade to the new Firefox for Android browser right now
Mozilla has been working on a new mobile browser for Google’s Android operating system for some time now. The idea was to create a browser from scratch that uses modern frameworks and technologies to compete with the likes of Chrome on Android. The browser has been available as Nightly and Beta channel versions for some time, and has just recently been released as a Stable version. Staged migratio … - 7 août 2020Record your screen or capture screenshots quickly with Kalmuri
Most screenshot programs that we have reviewed here, e.g. Holzshots, PicPick, or ScreenPresso have been limited to capturing images. For screen recording, we’ve relied on different applications such as ScreenRec. Kalmuri is a freeware program that offers both functionalities, in a very user-friendly way. The program is portable and the archive contains a single file, an executable that is just abo … - 6 août 2020View the summary of each component in your computer with CobraTek PC Info
Many years ago, I relied on Speccy for obtaining the specifications of the system that I was working with, as it was both user-friendly and informative. Over time, I’ve come across better tools which offer more details. CobraTek PC Info is a freeware tool that offers the best of both worlds, simplicity and technical information. The program displays a splash screen when you run it, you can disabl … - 6 août 2020Ghacks Deals: Goose VPN Lifetime Subscription (or 2-year, 4-year)
Goose VPN is a VPN service that is based in the Netherlands that does not restrict the number of devices that you may use at the same time. It has a network of 25 countries at the time of writing, and clients for Windows, Mac, iOS and Android, a 30-day free trial option to test the network extensively, and promises that it does not log or throttle bandwidth. You can grab a 2-year, 4-year or lifeti …
SecurityWeek
- 7 août 2020Trump Bans Dealings With Chinese Owners of TikTok, WeChat
President Donald Trump on Thursday ordered a sweeping but unspecified ban on dealings with the Chinese owners of consumer apps TikTok and WeChat, although it remains unclear if he has the legal authority to actually ban the apps from the U.S. read more … - 7 août 2020Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks
The Kr00k vulnerability disclosed earlier this has only been found to impact devices using Wi-Fi chips from Broadcom and Cypress, but researchers revealed this week that similar flaws have been discovered in chips made by Qualcomm and MediaTek. read more … - 7 août 2020Capital One Fined $80 Million in Data Breach
The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank’s credit card holders. read more … - 7 août 2020Researchers Revive 'Foreshadow' Attack by Extending It Beyond L1 Cache
Researchers revealed late on Thursday that the mitigations and patches rolled out in 2018 for the Foreshadow vulnerabilities affecting Intel processors can fail to prevent attacks. read more … - 6 août 2020Intel Investigating Data Leak of Technical Documents, Tools
Intel is investigating reports that a claimed hacker has leaked 20GB of data coming from the chip giant, which appear to be related to source code and developer documents and tools. read more …
Help Net Security
- 7 août 2020Researchers flag two zero-days in Windows Print Spooler
In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach Labs. A month later, the two researchers found a way to bypass the patch and re-exploit the vulnerability on the latest Windows version. Microsoft assigned this vulnerability a new identification number – CVE-2020-1337 … - 7 août 2020August 2020 Patch Tuesday forecast: Planning for the end?
There doesn’t seem to be an end in sight to the COVID-19 crisis, but there are some important end-of-life/end-of-support dates we should be aware of when it comes to software. Before we dig into this month’s forecast of updates, I want to spend a little time on the importance of planning ahead to avoid the high costs associated with extended support contracts, or sometimes worse, modifying your ne … - 7 août 2020New infosec products of the week: August 7, 2020
Radiflow launches CIARA, a ROI-driven risk assessment and management platform for industrial organizations CIARA is a fully automated tool for assets data collection, data-driven analysis and transparent risk metrics calculation including risk scoring per zone and business process based on business impact. The new platform is a response to the growing digitization of the production floor that has … - 7 août 2020Open source tool Infection Monkey allows security pros to test their network like never before
Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework. Infection Monkey is a self-propagating testing tool that hundreds of information technology teams from across the world use to test network adherence to the zero … - 7 août 2020DDoS attacks in April, May and June 2020 double compared to Q2 2019
Findings from Link11’s H1 2020 DDoS Report reveal a resurgence in DDoS attacks during the global COVID-19 related lockdowns. In April, May and June 2020, the number of attacks registered by Link11’s Security Operations Center (LSOC) averaged 97% higher than the during the same period in 2019, peaking at a 108% increase in May 2020. Key findings from the annual report include: Multivector att …
Naked Security – Sophos
- 7 août 2020Business Email Compromise – fighting back with machine learning
Machine learning models are immune to blandishments, threats, flattery and so – so why not set them against social engineers? - 6 août 2020Porn blast disrupts bail hearing of alleged Twitter hacker
An alleged hacker’s bail hearing held online via Zoom with screen sharing enabled… what could possibly go wrong? - 4 août 2020GandCrab ransomware hacker arrested in Belarus
Suspect is alleged to have extorted more than 1000 people, mostly in India, US, Ukraine, UK, Germany, France, Italy and Russia. - 3 août 2020Monday review – our recent stories revisited
Get yourself up to date with everything we've written in the last seven days – it's weekly roundup time. - 1 août 2020Twitter hack – three suspects charged in the US
Three people have been fingered for the recent Twitter hack in which 45 high-profle accounts were taken over. - 31 juillet 2020Travel company CWT avoids ransomware derailment by paying $4.5m blackmail demand
US travel company CWT has reportedly coughed up $4.5m to ransomware crooks who stole data and scrambled files. - 30 juillet 2020Servers at risk from “BootHole” bug – what you need to know
We explain the « BootHole » vulnerability – as usual, in plain English and without hype. Find if you’re affected and what to do. - 29 juillet 2020US tax service says, “2FA is a must!”
We know it’s an old drum, but we’re not tired of beating it yet: 2FA is your friend. - 28 juillet 2020Firefox 79 is out – it’s a double-update month so patch now!
It’s a Blue Moon month for Firefox – the second full update in July! - 27 juillet 2020ProLock ransomware – new report reveals the evolution of a threat
Ransomware crooks keep adjusting their approach to make their demands more compelling, even against companies that say they’d never pay up.
SearchSecurity
CSO | Security News
- 7 août 2020What is security's role in digital transformation?
Two years ago, digital transformations had kicked into high gear, with new processes and product development moving ahead at breakneck speed. As IT and business fast-tracked initiatives like agile and DevOps to improve speed to market, security considerations were often left in the dust. At the time, Gartner predicted that 60% of digital businesses would suffer major service failures by 2020 due t … - 7 août 2020The CSO guide to top security conferences, 2020
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and w … - 6 août 2020What the use of open banking means for identity networks
When you think of Payment Services Directive 2 (PSD2), what likely springs to mind is the implementation of the Secure Customer Authentication rule (SCA). SCA was brought in as an additional check during certain financial transactions to help prevent fraud. However, PSD2 also ushered in the era of “open banking” through APIs. [ Find out how IAM solutions from CA and Oracle compare. | Get the lates … - 6 août 202015 signs you've been hacked — and how to fight back
In today’s threatscape, antimalware software provides little peace of mind. In fact, antimalware scanners are horrifically inaccurate, especially with exploits less than 24 hours old. Malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable. All you have to do is drop off any suspected malware file a … - 5 août 2020What is a dictionary attack? And how you can easily stop them
Dictionary attack definitionA dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords. The fact people often use simple, easy-to-remember passwords across multiple accounts means dictionary attacks can be successful while requiring fewer resources to execute. [ Find out if your data and passwords are bei …
Graham Cluley
- 6 août 2020A scam letter! Warn your vulnerable loved ones to be on their guard
The good news is that if scammers are having to use techniques like this to get in front of potential victims, anti-spam defences and user awareness about email scams must be better than ever.
The bad news is that if such letters continue to be sent, someone somewhere obviously thinks scams like this can still make them a tidy profit.
- 6 août 2020Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities? You need Recorded Future Express, a new browser extension from the experts at […]
- 6 août 2020Porn-wielding Zoom bombers disrupt Twitter hack court hearing
Uh-oh… someone didn’t lock their Zoom meeting down properly. That’s probably particularly important when the person charged is an alleged hacker.
- 6 août 2020Smashing Security podcast #190: Twitter hack arrests, email bad behaviour, and Fawkes vs facial recognition
Special guest Geoff White can’t resist using the podcast to promote his new book, “Crime Dot Com”, but other than that we also discuss the creepy (and apparently legal) way websites can find out your email and postal address even if you don’t give it to them, take a look at how the alleged Twitter hackers were identified, and learn about Fawkes – the technology fighti … - 31 juillet 2020Twitter says a “phone spear phishing” attack helped hackers – what’s that?
What’s a phone spear phishing attack? Twitter shares some more details related to its serious security breach earlier this month which saw celebrity accounts tweeting a cryptocurrency scam.
Cybersecurity Insiders
- 7 août 2020Vulnerability scanning explained
This blog was written by a third party author What is vulnerability scanning? Vulnerability scanning is the process of detecting and classifying potential points of exploitation in network devices, computer systems, and applications. This is done by inspecting the same attack areas used by both internal and external threat actors—such as firewalls, applications, and services that are deploye … - 7 août 2020Secure remote access explained
This blog was written by a third party author As the business world adjusts to the chaotic landscape of today’s economy, securing access from remote devices and endpoints has never been more critical. Equally critical is the requirement for organizations and their employees to practice good security hygiene. With the rising number of endpoints (laptops, servers, tablets, smartphones) requiri … - 7 août 2020deepwatch Named Winner as Top 100 Cybersecurity Startup for 2020
DENVER–(BUSINESS WIRE)– #growth–deepwatch is thrilled to be a winner of the prestigious Black Unicorn Awards 2020 Top 100 CyberSec Startups! The post deepwatch Named Winner as Top 100 Cybersecurity Startup for 2020 appeared first on Cybersecurity Insiders. … - 7 août 2020Cybersecurity Pioneer Cyemptive Technologies Warns of the Danger of Relying on Backups to Restore Systems Following a Ransomware Attack and Provides the First Reliable Solution to Correct This Problem
SNOHOMISH, Wash.–(BUSINESS WIRE)– #cybersecurity–Cyemptive Technologies Warns of Danger of Relying on Backups to Restore Systems Following Ransomware Attack; Provides First Reliable Solution The post Cybersecurity Pioneer Cyemptive Technologies Warns of the Danger of Relying on Backups to Restore Systems Following a Ransomware Attack and Provides the First Reliable Solution to Co … - 7 août 2020BlueVoyant and TELMEX Scitum Announce Strategic Cybersecurity Alliance
NEW YORK–(BUSINESS WIRE)–BlueVoyant and TELMEX Scitum, two leading cybersecurity companies, have today announced an exclusive alliance for Mexico under which TELMEX Scitum will integrate BlueVoyant’s services into its portfolio. This new partnership allows TELMEX Scitum to introduce a more robust offering for managed security, detection and response in Mexico and the broader Lati …
The CyberWire
- 7 août 2020IP losses at Intel, IP theft from Taiwan's chip industry. Russians, Iranians, invited to snitch to Uncle Sam. Coordinated inauthenticity. Homoglyph attacks.
IP losses at Intel, IP theft from Taiwan’s chip industry. Russians, Iranians, invited to snitch to Uncle Sam. Coordinated inauthenticity. Homoglyph attacks. - 6 août 2020Capital One fined in 2019 breach. Enterprise VPN server exploited. Maze ransomware gang claims it successfully hit Canon.
Capital One fined $80 million for 2019 data breach. Unpatched VPN server may have exposed retailer’s data. Canon said to have been hit with Maze ransomware. - 6 août 2020Misinformation and disinformation about Beirut. Coordinated influence campaigns. Content attribution. A case of catphishing.
Mis- and disinformation about the Beirut explosion. Coordinated, cross-platform trolling. Content attribution. Doxing for election influence in the UK. China’s efforts to compromise Vatican networks. A catphish succumbs to COVID-19? - 6 août 2020US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.
The US announces five new lines of effort for the Clean Network program, and none of them are exactly mash notes for Beijing. The US is also offering rewards of up to ten million dollars for information about foreign computer crimes aimed at interfering with US elections. Australia’s new cybersecurity strategy is out. Maze may have hit Canon. Rob Lee from Dragos addresses speculation of an ICS sup … - 6 août 2020US measures against Chinese incursion into networks and markets. Rewards for tips on election hackers. Australia's cyber strategy is out.
Clean Network’s new lines of effort. Rewards for Justice offers up to $10 million for info on election hackers. Australia’s Cyber Security Strategy 2020 is out.
IT Security Guru
- 7 août 2020Hospitals impacted after hackers target ventilator manufacture during Covid-19
A notorious ransomware gang has been hitting a key manufacturer of coronavirus ventilators in the US. The DoppelPaymer gang have threatened Boyce Technologies with releasing valuable data if the ransom is not paid – as it stands, the ransom amount has not been disclosed. It’s unfortunate to hear Boyce Technologies, an FDA-approved ventilator manufacturer, has had critical information stolen given … - 7 août 2020Intel data breach results in confidential info leaked
Intel, the U.S. based global chip provider is investigating a data breach after highly confidential and restricted information was leaked onto online sharing website, MEGA. The data was uploaded to MEGA by software engineer, Till Kottman after receiving the documents from an anonymous hacker who allegedly hacked Intel earlier this year. After analysis, the information has been verified and authent … - 7 août 2020Capital One hit with $80 million fine following 2019 data breach
It was announced yesterday that Capital One has been ordered by the Office of the Comptroller of the Currency (OCC) to pay an $80 million fine after the company suffered a massive data breach in 2019. It is estimated that the breach impacted more than 100 million Capital One customers, with names and addresses of individuals from both the US and Canada. It is believed that the cybercriminals behin … - 6 août 2020The rise of Community-Powered Threat Hunting
Next-Gen SIEM provider, Securonix has announced availability of its SearchMore functionality that helps operations teams better detect and respond to threats that bypass preventative and detection controls. The company states that “SearchMore delivers the industry’s first Community-Powered Threat Hunting capability and provides the ability to search on real-time, streaming data, as well as l … - 6 août 2020Who are the new heads at NCSC and MI6?
Lindy Cameron, the first woman CEO of the National Cyber Security Centre – a public facing division of GCHQ and primary technical authority on cybersecurity – is replacing its first CEO, Ciaran Martin, when he steps down on 31 August. Cameron will then formally become CEO in October following a handover period. Cameron has excellent credentials for the role with more than twenty years’ exper …
The Security Ledger
- 6 août 2020Episode 187: Filtergate is DRM for Water
In this episode of the podcast (#187), sponsored by Virsec, we talk with journalist and author Cory Doctorow of BoingBoing.net about the recent GE Filtergate incident and how DRM is invading our homes. Also, Satya Gupta the Chief Technology Officer of the firm VirSec joins us to talk about how application runtime monitoring is gaining traction in…Read the whole entry… » Related Stor … - 4 août 2020China Attacks Surge as Cyber Criminals Capitalize on COVID-19
COVID-19 has created a perfect storm for cybercriminals and nation-state hackers from China and elsewhere, according to research released Tuesday from VMWare and Carbon Black. The post China Attacks Surge as Cyber Criminals Capitalize on COVID-19 appeared first on The Security Ledger. Related StoriesNew LastPass report finds consumer behavior affects the workplaceAs Cybercrooks Specialize, More Sn … - 29 juillet 2020“Boothole” Bootloader Flaw Breaks Security on Most Linux, Windows Devices
A newly discovered vulnerability dubbed ‘Boothole’ compromises the foundation of device security for “virtually all Linux distributions” and some Microsoft’s Windows devices that employ « Secure Boot » feature, according to a new report. The post “Boothole” Bootloader Flaw Breaks Security on Most Linux, Windows Devices appeared…Read the whole entry… » Related StoriesFirms … - 26 juillet 2020As Cybercrooks Specialize, More Snooping, Less Smash and Grab
Cybercriminals are becoming more specialized as they try to extract the maximum value out of email account compromises, a new report by researchers at UC Berkeley and the security firm Barracuda Networks has found. The post As Cybercrooks Specialize, More Snooping, Less Smash and Grab appeared first on The Security Ledger. Related StoriesNew LastPass report finds consumer behavior affects the work … - 23 juillet 2020Spotlight Podcast: QOMPLX CISO Andy Jaquith on COVID, Ransomware and Resilience
In this Spotlight podcast* we’re joined by Andrew Jaquith, the CISO at QOMPLX to talk about how the COVID pandemic is highlighting longstanding problems with cyber risk management and cyber resilience. We also talk about how better instrumenting of information security can help companies get a grip on fast-evolving cyber risks like…Read the whole entry… » Related StoriesSpotlight Po …
GovInfoSecurity.com
- Researchers: IoT Botnets Could Influence Energy Prices
Paper Describes How Connected Devices Could Be Used to Manipulate MarketsHigh-wattage IoT devices and appliances, such as connected refrigerators, air conditioners and heaters, could be turned into massive botnets by malicious actors and used to influence energy prices, according to an academic study released at Black Hat 2020. … - Capital One Fined $80 Million Over 2019 Breach
Report Finds Bank Failed to Properly Assess Risk of Moving Data to the CloudA federal banking regulator has fined Capital One $80 million, citing numerous security shortfalls before the 2019 data breach that exposed the financial and personal information of over 100 million individuals in the U.S. and Canada. … - Trump Signs Executive Orders Banning TikTok, WeChat
Social Media Platform Ban Will Go Into Effect Within 45 DaysPresident Donald Trump, citing national security concerns, has signed two executive orders that will ban the Chinese-owned social media platforms TikTok and WeChat from the U.S. within 45 days. The orders appear designed to accelerate the sale of the two platforms to American firms. … - 'Zero Trust': A Strategy for Success
Panel Provides Tips on Creating a Frictionless Experience for Remote WorkersAn effective « zero trust » strategy requires creating a frictionless experience for the remote workforce, according to a panel of security experts, who describe the essential elements. … - DoD: Notice of Proposed Rulemaking on Privacy Training
The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members.
Infosec Island
- 8 juillet 2020Augmented Reality Will Compromise the Privacy and Safety of Attack Victims
In the coming years, new technologies will further invade every element of daily life with sensors, cameras and other devices embedded in homes, offices, factories and public spaces. A constant stream of data will flow between the digital and physical worlds, with attacks on the digital world directly impacting the physical and creating dire consequences for privacy, well-being and personal safety … - 8 juillet 2020Ending the Cloud Security Blame Game
Like many things in life, network security is a continuous cycle. Just when you’ve completed the security model for your organization’s current network environment, the network will evolve and change – which will in turn demand changes to the security model. And perhaps the biggest change that organizations’ security teams need to get to grips with is the cloud. This was hi … - 13 juin 2020Edge Computing Set to Push Security to the Brink
In the coming years, the requirement for real-time data processing and analysis will drive organizations to adopt edge computing in order to reduce latency and increase connectivity between devices – but adopters will inadvertently bring about a renaissance of neglected security issues. Poorly secured edge computing environments will create multiple points of failure, and a lack of security … - 13 juin 2020Make It So: Accelerating the Enterprise with Intent-Based Network Security
Sometimes, it seems that IT and security teams can’t win. They are judged on how quickly they can deploy their organization’s latest application or digital transformation initiative, but they’re also expected to safeguard those critical applications and data in increasingly complex hybrid networks – and in an ever more sophisticated threat landscape. That’s not an eas … - 1 mai 2020Threat Horizon 2022: Cyber Attacks Businesses Need to Prepare for Now
The digital and physical worlds are on an irreversible collision course. By 2022, organizations will be plunged into crisis as ruthless attackers exploit weaknesses in immature technologies and take advantage of an unprepared workforce. At the same time, natural forces will ravage infrastructure. Over the coming years organizations will experience growing disruption as threats from the digital wor …
The K-12 Cybersecurity Resource Center
- 16 juillet 2020Working Together to Stay Cyber-Secure During a Pandemic
COVID-19 has demonstrated the importance of continuity in education. But with increasing reliance on remote learning due to the novel coronavirus outbreak, school districts are even more vulnerable to cyberattack. Continue reading Working Together to Stay Cyber-Secure During a Pandemic at The K-12 Cybersecurity Resource Center. … - 15 juillet 2020Time for Congress to Amend CIPA, Boost Cybersecurity Education
What could the federal government do to stoke demand for cybersecurity awareness programs in schools? Continue reading Time for Congress to Amend CIPA, Boost Cybersecurity Education at The K-12 Cybersecurity Resource Center. … - 29 juin 2020FBI Warns Schools on Ransomware, RDP Vulnerabilities
According to news reports from Politico and ZDNet, the FBI has issued a warning about ransomware attacks targeting school districts. Continue reading FBI Warns Schools on Ransomware, RDP Vulnerabilities at The K-12 Cybersecurity Resource Center. … - 17 mai 2020CISA: Secure Video Conferencing for Schools
The Cybersecurity & Infrastructure Security Agency (CISA) has released new guidance for school audiences on the subject of how to securely implement online videoconferencing. Continue reading CISA: Secure Video Conferencing for Schools at The K-12 Cybersecurity Resource Center. … - 13 mai 20202020…So Far
The difference in publicly-disclosed K-12 cybersecurity incidents before and after the widespread shift to remote learning due to the COVID-19 pandemic is like night and day. Continue reading 2020…So Far at The K-12 Cybersecurity Resource Center. …
Iain Fraser Journalist
InfoSec News
- 13 juillet 2020MGySgt Scott Stalker’s 2020 Reading List
MGySgt Scott H. Stalker’s 2020 Reading List By William Knowles @c4i Senior Editor InfoSec News July 8, 2020 One of the interesting parts of the COVID-19 pandemic with the number of experts on television and online video conferences have been what books are on their bookshelves. I’ve found myself on more than a few occasions taking screenshots to look and decipher them later. One longstandin … - 8 juillet 2020Citrix patches 11 critical bugs
Citrix patches 11 critical bugs By William Knowles @c4i Senior Editor InfoSec News July 8, 2020 In a breath of fresh air for this week, software vendor Citrix released patches for 11 vulnerabilities, quickly applying the lesson learned six months ago and not wanting a repeat with malicious hackers looking for ways to exploit the vulnerability. Citrix Chief Information Security Officer, Fermin J. S … - 6 juillet 2020USCYBERCOM urgently recommends F5 customers to patch CVE-2020-5902 and 5903 NOW
By William Knowles @c4i Senior Editor InfoSec News July 6, 2020 Just in case you accidentally had your work phone and duty pager in a Faraday bag all July 4th holiday weekend long, you have one heckuva surprise waiting for you! As F5 reminds everyone that 48 of Fortune 50 companies are F5 customers, F5 has published a security advisory warning to their customers to patch a critical flaw in their B … - 3 juillet 2020National Security Agency releases Securing IPsec Virtual Private Networks
By William Knowles @c4iSenior EditorInfoSec NewsJuly 3, 2020 On the heels of the tweet from USCYBERCOM earlier in the week advising users of Palo Alto Networks to patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. On Thursday, the National Security Agency released Securing IPsec Virtual Private Networks. Many organizations currently utilize IP Security (IPsec) V … - 19 juin 2020New Zealand CERT issues advisory on ransomware campaign
New Zealand CERT issues advisory on ransomware campaign By William Knowles Senior Editor InfoSec News June 18, 2020 The New Zealand Computer Emergency Response Team (CERT NZ) has released an advisory on a ransomware campaign leveraging remote access technologies. Unknown malicious cyber bad actors are targeting organizations’ networks through remote access tools, such as Remote Desktop Proto …
Internet Storm Center | SANS
Security Gladiators | Internet Security News
- 12 juin 2020Cyberattacks Target Civil Liberties Organizations
Amid global protests of police brutality, internet traffic data indicates that hackers have started to launch cyberattacks on prominent civil rights advocacy organizations in the U.S. Protests have erupted across the U.S. in the past two weeks over the death of George Floyd, an unarmed black man who was killed in police custody on Memorial … Read moreCyberattacks Target Civil Liberties Organizat … - 25 juillet 2019Top reasons you should NOT store passwords in your web browser
My password is 123456789. Yes. Because no matter how much security researchers try to warn us, there is simply always going to be online consumers who just don’t care and still use a password that is guaranteed to get hacked. Now, even though the above-mentioned password is not going to protect any of your accounts, … Read moreTop reasons you should NOT store passwords in your web browser The po … - 26 mai 2019How to select the best platform for your smart home
Today, we want to talk to people who have finally decided to take their first tentative steps into the world of smart homes. Or more specifically, the smart home market. Of course, we would also like to help people who would like to expand the extent of their smart homeNESS. In both the cases, regardless … Read moreHow to select the best platform for your smart home The post How to select the be … - 18 mars 2019PlayStation Vue Review (The complete guide that you need to read)
Whenever someone actually makes the decision of cutting the cord for good, the first thing that someone needs is an alternative. An alternative that is good enough to substitute everything that a regular and standard cable subscription offered. And we are here today to let you know of a platform that you can definitely have … Read morePlayStation Vue Review (The complete guide that you need to r … - 26 février 2019Password managers are not invulnerable. But don’t tell anyone
It turns out, doing the right thing is not always the best idea. What we mean to say is that the author of a recently-published research found out first hand that just because someone manages to examine various flaws in the market’s premier password managers does not mean that the platform on which that someone … Read morePassword managers are not invulnerable. But don’t tell anyone The po …