Sat.Nov 14, 2020 - Fri.Nov 20, 2020

Microsoft's Making a Secure PC Chip—With Intel and AMD's Help

WIRED Threat Level

The Pluton security processor will give the software giant an even more prominent role in locking down Windows hardware. Security Security / Security News

An Inside Look at an Account Takeover

Dark Reading

AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Brace for DNS Spoofing: Cache Poisoning Flaws Discovered

Data Breach Today

Fixes Arriving to Safeguard DNS Against Newly Found 'SAD DNS' Side-Channel Attack Researchers are warning that many domain name system server implementations are vulnerable to a spoofing attack that allows attackers to redirect, intercept and manipulate traffic.

163
163

Be Very Sparing in Allowing Site Notifications

Krebs on Security

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

STEPS FORWARD: Math geniuses strive to make a pivotal advance — by obfuscating software code

The Last Watchdog

Most of time we take for granted the degree to which fundamental components of civilization are steeped in mathematics. Everything from science and engineering to poetry and music rely on numeric calculations. Albert Einstein once observed that “pure mathematics is, in its way, the poetry of logical ideas.” Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor.

More Trending

Data of 27 Million Texas Drivers Compromised in Breach

Data Breach Today

Misconfigured Database Might Have Led to Data Breach, Security Experts Say An unauthorized person appears to have gained entry to insurance software firm Vertafore and compromised the driver's license information of over 27 million Texas citizens.

Convicted SIM Swapper Gets 3 Years in Jail

Krebs on Security

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison.

On Blockchain Voting

Schneier on Security

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze : Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesn’t solve any problems civil elections actually have.

How Cyberattacks Work

Dark Reading

Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Ticketmaster Fined $1.7 Million for Data Security Failures

Data Breach Today

Following Alerts of Potential Fraud, Ticketmaster Took 9 Weeks to Spot Big Breach Ticketmaster UK has been fined $1.7 million by Britain's privacy watchdog for its "serious failure" to comply with the EU's General Data Protection Regulation.

A Facebook Messenger Flaw Could Have Let Hackers Listen In

WIRED Threat Level

The vulnerability was found through the company's bug bounty program, now in its tenth year. Security Security / Security News

IT 102

We infiltrated an IRC botnet. Here’s what we found

Security Affairs

The CyberNews.com Investigation team carried out an infiltration operation against an IRC botnet and reported it to CERT Vietnam to help take it down. Original post @ [link].

Facebook Messenger Flaw Enabled Spying on Android Callees

Dark Reading

A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge

109
109

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.

Ghostery’s New Search Engine Will Be Entirely Ad-Free

WIRED Threat Level

The tracker-blocking company will soon launch a privacy-friendly desktop browser as well. Security Security / Privacy

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Security Affairs

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection.

As Businesses Move to Multicloud Approach, Ransomware Follows

Dark Reading

The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change

Cloud 107

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

The Dark Side of AI: Previewing Criminal Uses

Data Breach Today

Threats Include Social Engineering, Insider Trading, Face-Seeking Assassin Drones "Has anyone witnessed any examples of criminals abusing artificial intelligence?" That's a question security firms have been raising.

Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women

WIRED Threat Level

A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored. Security Security / Security News

IT 89

October Mumbai power outage may have been caused by a cyber attack

Security Affairs

Authorities in India believe that a major power outage that occurred in October in Mumbai may have been caused by hackers.

How Industrial IoT Security Can Catch Up With OT/IT Convergence

Dark Reading

Ransomware can easily make a connection between IT and OT already. How can blue teams do the same

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Chinese Hackers Exploit Zerologon Flaw for Cyberespionage

Data Breach Today

Researchers: 'Cicada' Campaign Targeting Japanese Companies The Chinese hacking group "Cicada" is exploiting the critical Zerologon vulnerability in Windows Server as part of a cyberespionage campaign that's mainly targeting Japanese companies' locations around the world, according to the security firm Symantec.

A Ransomware Gang Bought Facebook Ads to Troll Its Victim

WIRED Threat Level

Covid-19 research hacking, the Pentagon's Photoshop antics, and more of the week's top security news. Security Security / Security News

New skimmer attack uses WebSockets to evade detection

Security Affairs

Experts spotted a new skimmer attack that used an alternative technique to exfiltrate payment information from payment cards. Researchers from Akamai discovered a new skimmer attack that is targeting several e-stores with a new technique to exfiltrate data.

Vulnerability Prioritization Tops Security Pros' Challenges

Dark Reading

Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Gaming Company Confirms Ragnar Locker Ransomware Attack

Data Breach Today

Capcom Says Over 350,000 Customer, Business Records Possibly Compromised Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records potentially compromised, including sales and shareholder data.

Inside the Cit0Day Breach Collection

Troy Hunt

It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data.

A flaw in Facebook Messenger could have allowed spying on users

Security Affairs

Facebook has addressed a security vulnerability in its Messenger for Android app that could have allowed attackers to spy on users.

IT 90