Tue.Nov 17, 2020

Be Very Sparing in Allowing Site Notifications

Krebs on Security

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device.

Twitter Hires Famed Hacker 'Mudge' as Security Head

Data Breach Today

Peiter Zatko Will Help Social Media Firm That Faces Security Concerns Twitter has hired network security expert Peiter Zatko to serve in the newly created position of head of security following a series of high-profile cyber incidents.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

An Inside Look at an Account Takeover

Dark Reading

AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise

Blockchain for Voting: A Warning From MIT

Data Breach Today

Researchers Say Blockchain Introduces More Problems Than It Solves Blockchain technology has been floated as a solution to enable remote, electronic voting.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Vulnerability Prioritization Tops Security Pros' Challenges

Dark Reading

Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right

More Trending

Microsoft's Making a Secure PC Chip—With Intel and AMD's Help

WIRED Threat Level

The Pluton security processor will give the software giant an even more prominent role in locking down Windows hardware. Security Security / Security News

Drug Infusion System Flaw Could Lead to Attack

Data Breach Today

Manufacturer BD and CISA Issue Warnings Medical device maker Becton Dickinson and federal authorities have issued alerts concerning an authentication weakness that, if exploited, could result in a denial-of-service attack on certain models of the BD Alaris PC Unit drug infusion and monitoring syste

246869 Windows systems are still vulnerable to the BlueKeep flaw

Security Affairs

In May 2019, Microsoft disclosed the BlueKeep vulnerability, more than a year later over 245,000 Windows systems still remain unpatched. Over a year ago Microsoft Patch Tuesday updates for May 2019 addressed nearly 80 vulnerabilities, including the BlueKeep flaw.

More Ransomware-as-a-Service Operations Seek Affiliates

Data Breach Today

Lure of Massive Profits, RaaS Newcomers Join Long List of Operators Over the past five years, ransomware-as-a-service offerings have largely evolved from putting automated toolkits into the hands of subscribers to recruiting affiliates and sharing profits.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

VoltPillager: Hardware-based fault injection attacks against Intel SGX enclaves

Security Affairs

Boffins devised a new attack, dubbed VoltPillager , that can break the confidentiality and integrity of Intel SGX enclaves by controlling the CPU core voltage.

Paper 80

Cold Storage Firm Reports Cybersecurity Incident

Data Breach Today

Company Reportedly In Talks to Help With COVID-19 Vaccines A cold storage firm that was reportedly in talks to help in the effort to distribute COVID-19 vaccines filed a Securities and Exchange Commission document on Monday saying that it's dealing with a cybersecurity incident that affected its network.

Researchers Scan for Supply-Side Threats in Open Source

Dark Reading

A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware

79

Is Teams Safe? Top Ten Teams Threats Explained

Data Breach Today

139
139

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Nearly Two Dozen AWS APIs Are Vulnerable to Abuse

Dark Reading

Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says

77

When are schools required to report personal data breaches?

IT Governance

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so.

Happy birthday, Security Affairs celebrates its ninth Anniversary today

Security Affairs

Happy BirthDay Security Affairs! Nine years together! I launched Security Affairs for passion in November 2011 and since then the blog read by millions of readers. Thank you!

IT 76

Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

Threatpost

Attackers can exploit the feature and send people’s data directly to remote servers, posing a privacy and security risk, researchers said. Vulnerabilities Web Security apple apps Big Sur desktop Developers firewall flaw macOS Privacy Security software VPN vulnerability

Risk 106

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Forget Imposters. Among Us Is a Playground for Hackers

WIRED Threat Level

The blockbuster game of deception has security holes that let cheaters run wild. Security Security / Cyberattacks and Hacks

To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective

Dark Reading

The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack

Risk 72

Zoom Takes on Zoom-Bombers Following FTC Settlement

Threatpost

The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster. With this in mind, all eyes should be on Black Friday.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

COVID-19 Antigen Firm Hit by Malware Attack

Threatpost

Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack. Critical Infrastructure Hacks Malware antigens biotech COVID-19 vaccine cyberattack healthcare cybersecurity malware Miltenyi Biotec vaccine

Do I Need Change Management? Four Common Situations

AIIM

How Do I Know I Need Change Management? The funny thing about Change Management is that it’s one of those things that you probably don’t know exists until you need it. Yes, I know that’s an odd thing to say, but hear me out on this.

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Security Affairs

Shellcode play an essential role in cyber attacks, the popular expert Unixfreaxjp explained how to utilize radare2 for variation of shellcode analysis.

EFF, Security Experts Condemn Politicization of Election Security

Dark Reading

Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Chinese APT FunnyDream targets a South East Asian government

Security Affairs

Researchers spotted a new China-linked APT, tracked as FunnyDream that already infected more than 200 systems across Southeast Asia.

Security Risks Discovered in Tesla Backup Gateway

Dark Reading

Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet

“At-Risk Meeting Notifier Zoom” feature alerts meeting organizers of Zoombombing risk

Security Affairs

The popular video conferencing application Zoom implemented the new “At-Risk Meeting Notifier” feature to warn of Zoombombing threat. Zoom announced the launch a new feature dubbed “At-Risk Meeting Notifier” to warn conference organizers of potential Zoombombing attacks.

Risk 66