November, 2020

How Ransomware Defense is Evolving With Ransomware Attacks

Dark Reading

As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice

Researchers show how to steal a Tesla Model X in a few minutes

Security Affairs

Boffins have demonstrated how to steal a Tesla Model X in a few minutes by exploiting vulnerabilities in the car’s keyless entry system.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes

Threatpost

While 2021 will present evolving threats and new challenges, it will also offer new tools and technologies that will we hope shift the balance towards the defense.

List of data breaches and cyber attacks in October 2020 – 18.4 million records breached

IT Governance

With 117 publicly reported security incidents, October 2020 is the leakiest month we’ve ever recorded. The good news is that those data breaches and cyber attacks accounted for just 18,407,479 breached records.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Marriott Hit With $24 Million GDPR Privacy Fine Over Breach

Data Breach Today

Privacy Regulator in UK Cautions Organizations to Conduct Thorough Due Diligence Hotel giant Marriott has been hit with the second largest privacy fine in British history, after it failed to contain a massive, long-running data breach. But the final fine of $23.8

GDPR 277

More Trending

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned.

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages.

IoT 174

The EU’s draft Data Governance Act: an own goal?

Data Protector

The EU’s draft Data Governance Act is designed to facilitate the greater sharing of non-Personal data within the EU. Such big data ought to provide new insights and benefit the lives of EU citizens, the EU thinking goes.

ISP Security: Do We Expect Too Much?

Dark Reading

With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Data of 27 Million Texas Drivers Compromised in Breach

Data Breach Today

Misconfigured Database Might Have Led to Data Breach, Security Experts Say An unauthorized person appears to have gained entry to insurance software firm Vertafore and compromised the driver's license information of over 27 million Texas citizens.

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

WIRED Threat Level

The company is rolling out a patch today for the vulnerabilities, which allowed one researcher to break into one in 90 seconds and drive away. Security Security / Cyberattacks and Hacks

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Related: CEOs quit Tweeting to protect their companies A confluence of technical and social developments points to username-and-password logons becoming obsolete over the next few years.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online.

How Cyberattacks Work

Dark Reading

Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier

Ticketmaster Fined $1.7 Million for Data Security Failures

Data Breach Today

Following Alerts of Potential Fraud, Ticketmaster Took 9 Weeks to Spot Big Breach Ticketmaster UK has been fined $1.7 million by Britain's privacy watchdog for its "serious failure" to comply with the EU's General Data Protection Regulation.

The FBI Says ‘Boogaloo Boys’ Bought 3D-Printed Gun Parts

WIRED Threat Level

A criminal complaint alleges that a West Virginia man disguised the plastic components as wall hangers and sold hundreds of them online. Security Security / Security News

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Body Found in Canada Identified as Neo-Nazi Spam King

Krebs on Security

The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke , a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports.

STEPS FORWARD: Math geniuses strive to make a pivotal advance — by obfuscating software code

The Last Watchdog

Most of time we take for granted the degree to which fundamental components of civilization are steeped in mathematics. Everything from science and engineering to poetry and music rely on numeric calculations. Albert Einstein once observed that “pure mathematics is, in its way, the poetry of logical ideas.” Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor.

Nuclear Regulation Authority shut down email systems after a cyber attack

Security Affairs

Japan’s Nuclear Regulation Authority (NRA) issued a warning of temporary suspension of its email systems, likely caused by a cyber attack. The Japan’s Nuclear Regulation Authority (NRA) temporarily suspended its email systems, the interruption is likely caused by a cyber attack.

Access 112

9 New Tactics to Spread Security Awareness

Dark Reading

Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

How a Game Developer Leaked 46 Million Accounts

Data Breach Today

WildWorks Data Breach Shows Danger of Sharing Sensitive Keys Over Chat Chat and collaboration software tools such as Slack are critical for software development teams.

This Ballot-Count Livestream Is the Only Thing Worth Watching

WIRED Threat Level

Take a deep breath and enjoy democracy at work. Security Security / National Security

Be Very Sparing in Allowing Site Notifications

Krebs on Security

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device.

2020 Was a Secure Election

Schneier on Security

Over at Lawfare: “ 2020 Is An Election Security Success Story (So Far).” ” What’s more, the voting itself was remarkably smooth.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs

Security Affairs

A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs.

Security Researchers Sound Alarm on Smart Doorbells

Dark Reading

A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them

Risk 110

'Return to Office' Phishing Emails Aim to Steal Credentials

Data Breach Today

Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office