Sat.Oct 31, 2020 - Fri.Nov 06, 2020

Zoom Snooping: How Body Language Can Spill Your Password

Threatpost

Researchers figure out how to read what people are typing during a Zoom call using shoulder movements. Hacks Privacy blurring Cisco WebEx Hangouts keystroke keystroke inference pixilation Side-channel attack skype video conferencing video security zoom

Beware a New Google Drive Scam Landing in Inboxes

WIRED Threat Level

Scammers are luring people into Google Docs in an attempt to get them to visit potentially malicious websites. Security Security / Security Advice

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

List of data breaches and cyber attacks in October 2020 – 18.4 million records breached

IT Governance

With 117 publicly reported security incidents, October 2020 is the leakiest month we’ve ever recorded. The good news is that those data breaches and cyber attacks accounted for just 18,407,479 breached records.

DOJ Seizes $1 Billion Worth of Bitcoin Linked to Silk Road

Data Breach Today

Prosecutors Says Stolen Cryptocurrency Tied to Mysterious Digital Wallet The U.S. Justice Department is looking to seize more than $1 billion worth of bitcoin that investigators have linked to the notorious Silk Road darknet marketplace.

285
285

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Why Paying to Delete Stolen Data is Bonkers

Krebs on Security

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted.

More Trending

The FBI Says ‘Boogaloo Boys’ Bought 3D-Printed Gun Parts

WIRED Threat Level

A criminal complaint alleges that a West Virginia man disguised the plastic components as wall hangers and sold hundreds of them online. Security Security / Security News

Marriott Hit With $24 Million GDPR Privacy Fine Over Breach

Data Breach Today

Privacy Regulator in UK Cautions Organizations to Conduct Thorough Due Diligence Hotel giant Marriott has been hit with the second largest privacy fine in British history, after it failed to contain a massive, long-running data breach. But the final fine of $23.8

GDPR 285

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

A data breach broker is selling account databases of 17 companies

Security Affairs

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

This Ballot-Count Livestream Is the Only Thing Worth Watching

WIRED Threat Level

Take a deep breath and enjoy democracy at work. Security Security / National Security

Feds Release More Details on Emails Allegedly Sent By Iran

Data Breach Today

FBI, CISA Release IP Addresses And Other Technical Details Linked To Emails The FBI and CISA have released more technical details, including IOCs and IP addresses, which investigators say tie Iranian hackers to a series of threatening emails sent to some Democratic voters in the weeks leading up to the 2020 elections.

281
281

Rising Ransomware Breaches Underscore Cybersecurity Failures

Dark Reading

Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone

Nuclear Regulation Authority shut down email systems after a cyber attack

Security Affairs

Japan’s Nuclear Regulation Authority (NRA) issued a warning of temporary suspension of its email systems, likely caused by a cyber attack. The Japan’s Nuclear Regulation Authority (NRA) temporarily suspended its email systems, the interruption is likely caused by a cyber attack.

Access 114

How to Build Customer-Centric Products With Fast Feedback Loops

Check out our latest guide and learn the benefits of fast feedback loops and how you can use them to inform your product decisions, so you can confidently build products that meet your customers’ needs.

Feds Seize $1 Billion in Stolen Silk Road Bitcoins

WIRED Threat Level

A hacker identified only as Individual X had been sitting on a cryptocurrency gold mine for seven years before the IRS came knocking. Security Security / Security News

Mining 113

Additional Hacking Tools Tied to North Korean-Linked Group

Data Breach Today

Cybereason Finds Kimsuky Group Using Fresh Spying Tools, Infrastructure Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis.

258
258

Determining What Video Conference Participants Are Typing from Watching Shoulder Movements

Schneier on Security

Accuracy isn’t great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants.

Paper 112

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Security Affairs

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Zoom Finally Has End-to-End Encryption. Here's How to Use It

WIRED Threat Level

You can lock down your meetings like never before—even if you have to give up a few features to do so. Security Security / Security Advice

DOJ Seizes 27 More Iranian-Operated Domains

Data Breach Today

4 Domains Targeted US Citizens With Pro-Iranian Propaganda, Prosecutors Say The U.S. Justice Department has seized 27 website domains operated by Iran's Islamic Revolutionary Guard Corps to conduct a covert influence campaign targeting the U.S. and other citizens from around the world

252
252

Containers for Data Analysis Are Rife With Vulnerabilities

Dark Reading

Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say

112
112

Maze ransomware is going out of the business

Security Affairs

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

New Windows Zero-Day

Schneier on Security

Google’s Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver.

IT 108

Marriott and BA's Reduced Privacy Fines: GDPR Realpolitik

Data Breach Today

Final Fines Set Precedent, Avoid Court Cases, Likely Reflect EU Penalty Benchmarks Large, recently levied privacy fines against the likes of British Airways, H&M and Marriott show regulators continuing to bring the EU's General Data Protection Regulation to bear after businesses get breached.

GDPR 249

Microsoft & Others Catalog Threats to Machine Learning Systems

Dark Reading

Thirteen organizations worked together to create a dictionary of techniques used to attack ML models and warn that such malicious efforts will become more common

112
112

Apple addresses three actively exploited iOS zero-days

Security Affairs

Apple released iOS 14.2 that addressed three zero-day vulnerabilities in its mobile OS that have been abused in attacks in the wild. Apple has addressed three iOS zero-day vulnerabilities actively exploited in attacks the wild and affecting iPhone, iPad, and iPod devices.

Remote Testing and Feedback: The Key to Customer Empathy

Remote testing and feedback is the key to customer empathy. Through remote qualitative testing, you can uncover and understand how real people respond to your products and experiences.

One Clear Message From Voters This Election? More Privacy

WIRED Threat Level

Ballot measures were approved in California to restrict commercial use of user data and in Michigan to require warrants for searches of electronic information. Business Business / National Affairs Security

Rackspace Hosted Email Flaw Actively Exploited by Attackers

Data Breach Today

Fraudsters Have Been Using SMTP Multipass Flaw for Business Email Compromise Schemes Attackers have been actively exploiting a flaw in Rackspace's hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams, warns IT security testing consultancy 7 Elements.

9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

Dark Reading

This year has been the ultimate test of business resilience, and if anything is now clear, it's this: It's time for security pros to rewrite their playbooks in preparation a more dangerous wave of attacks

IT 108