Sat.Jun 13, 2020 - Fri.Jun 19, 2020

Zoom Will Be End-to-End Encrypted for All Users

Schneier on Security

Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. This is a change; I wrote about the initial decision here.).we we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe -- free and paid -- while maintaining the ability to prevent and fight abuse on our platform.

What Will Cybersecurity's 'New Normal' Look Like?

Dark Reading

The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Conditional Access – Deployment Best Practices

Daymark

Conditional Access in Azure AD provides a level of security required to maintain appropriate controls over who can access confidential and privileged information. It was the topic of discussion at our most recent “ Ask the Engineer Q&A Roundtable ” where attendees learned tips for a successful Conditional Access deployment and got answers to their specific questions. Security Azure Microsoft

When Security Takes a Backseat to Productivity

Krebs on Security

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” ” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

Krebs on Security

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.

IT 185

More Trending

Dating Apps Exposed 845GB of Explicit Photos, Chats, and More

WIRED Threat Level

3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users. Security Security / Security News

Delivery Hero Confirms Foodora Data Breach

Data Breach Today

Personal Details on 727,000 Accounts in 14 Countries Leaked Delivery Hero, the online food delivery service, has confirmed a data breach of its Foodora brand. Breached information includes personal details for 727,000 accounts - names, addresses, phone numbers, precise location data and hashed passwords - in 14 countries

Turn on MFA Before Crooks Do It For You

Krebs on Security

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident.

IT 210

NEW TECH: Cequence Security’s new ‘API Sentinel’ helps identify, mitigate API exposures

The Last Watchdog

Application Programming Interfaces – APIs. Without them digital transformation would never have gotten off the ground. Related: Defending botnet-driven business logic hacks APIs made possible the astounding cloud, mobile and IoT services we have today. This happened, at a fundamental level, by freeing up software developers to innovate on the fly. APIs have exploded in enterprise use over the past several years.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Bank Card "Master Key" Stolen

Schneier on Security

South Africa's Postbank experienced a catastrophic security failure. The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre. According to a number of internal Postbank reports, which the Sunday Times obtained, the master key was then stolen by employees.

Gamaredon Group Using Fresh Tools to Target Outlook

Data Breach Today

Suspected Russia-Linked Hackers Have Previously Focused on Ukraine The Gamaredon hacking group is now using a new set of malicious tools to compromise Microsoft Outlook as a way of sending spear-phishing emails to victims' contact lists, according to security firm ESET. This hacking group, which appears to have ties to Russia, has primarily targeted Ukraine for years

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

Krebs on Security

For the past year, a site called Privnotes.com has been impersonating Privnote.com , a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read.

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

79 Netgear router models are vulnerable to a severe unpatched security vulnerability that can be exploited by remote attackers to take over devices. Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Hosting Provider Hit With Largest-Ever DDoS Attack

Dark Reading

Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai

86

Claire's: Magecart E-Commerce Hackers Stole Card Data

Data Breach Today

Magecart Gangs Targeting Larger Organizations During Lockdown, Researcher Warns Jewelry retailer Claire's says Magecart attackers hits its e-commerce store, hosted on Salesforce Commerce Cloud, and stole an unspecified number of customers' payment card details. Security firm Sansec, which discovered the breach, says Magecart attacks have grown more targeted during lockdown

Retail 188

Theft of CIA's "Vault Seven" Hacking Tools Due to Its Own Lousy Security

Schneier on Security

The Washington Post is reporting on an internal CIA report about its "Vault 7" security breach: The breach -- allegedly committed by a CIA employee -- was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release " Vault 7 ," and U.S.

T-Mobile suffered a major outage in the US allegedly caused by a massive DDoS attack

Security Affairs

Wireless carrier T-Mobile suffered a major outage in the United States, that impacted service at other carriers, due to a “massive” DDoS attack. Wireless carrier T-Mobile suffered a massive DDoS attack that caused a major outage in the United States that impacted service at other carriers due to a “massive” DDoS attack. This DDoS attack is serious. It has taken down Instagram, Facebook, T-Mobile, Verizon, and Twitch… 2020 is something else.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

How to Secure Machine Learning

Dark Reading

Part two of a series on avoiding potential security risks with ML

Risk 81

Google Removes More Than 70 Malicious Chrome Extensions

Data Breach Today

Researchers Find Extensions Could Steal Credentials and Security Tokens Google has removed more than 70 malicious Chrome extensions after researchers with security firm Awake Security discovered the extensions could be used to steal users' credentials and security tokens

Marketers Have Given Up on Context, And Our National Discourse Is Suffering

John Battelle's Searchblog

It’s getting complicated out there. Marketers – especially brand marketers: Too many of you have lost the script regarding the critical role you play in society. And while well-intentioned TV spots about “getting through this together” are nice, they aren’t a structural solution. It’s time to rethink the relationship between marketers, media companies (not “content creators,” ick), and the audience. So let’s talk about it.

AWS mitigated largest DDoS attack ever of 2.3 Tbps

Security Affairs

AWS announced it has mitigated a 2.3 Tbps DDoS attack, the largest ever, which surpassed the previous record of 1.7 Tbps that took place in March 2018. Amazon announced it has mitigated the largest ever DDoS attack of 2.3 Tbps, the news is surprising if we consider that the previous record was of 1.7 Tbps that took place in March 2018. The 2.3 Tbps attack was neutralized by the Amazon AWS Shield service in mid-February this year.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Ryuk Continues to Dominate Ransomware Response Cases

Dark Reading

Analysis reveals how Ryuk's operators are changing their techniques and using new means to break in

Even Ethical Hackers Abuse Cloud Services

Data Breach Today

Creating Cloud-Hosted Attack Infrastructures a Common Practice, Academic Researchers Find Many ethical hackers and other security professionals, such as penetration testers, have weaponized cloud platforms to host online attack infrastructure or have used the platforms to conduct reconnaissance, according security researchers at Texas Tech University

Cloud 182

Social engineering: what it is and how to avoid it

IT Governance

Cyber criminals have many tricks up their sleeves when it comes to compromising sensitive data. They don’t always rely on system vulnerabilities and sophisticated hacks. They’re just as likely to target the an organisation’s employees. The attack methods they use to do this are known as social engineering. What is social engineering? Social engineering is a collective term for ways in which fraudsters manipulate people into performing certain actions.

IT 73

New Cisco Webex Meetings flaw allows attackers to impersonate users

Security Affairs

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information. “A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system.”

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

3 Things Wilderness Survival Can Teach Us About Email Security

Dark Reading

It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it

IT 81

Alerts: Vulnerabilities in 6 Medical Devices

Data Breach Today

DHS Warns of Security Issues in Devices from Baxter, BD and Biotronik Federal authorities are sounding the alarm about cybersecurity vulnerabilities in six medical devices from three manufacturers. The device makers are providing risk mitigation advice

How to Clean Up Your Old Posts on Twitter, Facebook, and Instagram

WIRED Threat Level

These tips and tools will help you scrub your social media profiles clean, or give you a fresh start without giving up your username and followers. Security Security / Privacy