Sat.Nov 13, 2021 - Fri.Nov 19, 2021

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

The Last Watchdog

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Risk 183
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Is XDR Overhyped?

Dark Reading

Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category

Why I Hate Password Rules

Schneier on Security

The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~. 3hzg=Q~.

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

IT 258

More Trending

Zero Trust: An Answer to the Ransomware Menace?

Dark Reading

Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense

Is Microsoft Stealing People’s Bookmarks?

Schneier on Security

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late.

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Krebs on Security

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.

Cloud 210

Iranian Hackers Are Going After US Critical Infrastructure

WIRED Threat Level

A hacking group is targeting a broad range of organizations, taking advantage of vulnerabilities that have been patched but not yet updated. Security Security / Cyberattacks and Hacks

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

Cyber Conflict Between US and Iran Heats Up

Dark Reading

The United States, United Kingdom, and Australia warn attacks from groups linked to Iran are on the rise, while the Iranian government blames the US and Israel for an attack on gas pumps

The rise of millionaire zero-day exploit markets

Security Affairs

Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups.

Top IoT Security Solutions of 2021

eSecurity Planet

IoT security is where endpoint detection and response ( EDR ) and enterprise mobility management ( EMM ) meet the challenges of a rapidly expanding edge computing infrastructure. As the enterprise attack surface grows, IoT is yet another attack vector organizations aren’t fully prepared to defend.

IoT 90

DuckDuckGo Wants to Stop Apps From Tracking You on Android

WIRED Threat Level

The privacy-focused tech company's latest update promises to block invasive data collection across your whole phone. Security Security / Privacy

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

5 Things ML Teams Should Know About Privacy and the GDPR

Dark Reading

Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process

GDPR 109

GitHub addressed two major vulnerabilities in the NPM package manager

Security Affairs

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed.

TechLaw Australia podcast: The shifting landscape of privacy and data governance in the Asia Pacific region

DLA Piper Privacy Matters

Author: Sinead Lynch. At DLA Piper we advise clients that develop or create technology, are enabled by technology, or whose business model is fundamentally based on technology.

Amazon's Dark Secret: It Has Failed to Protect Your Data

WIRED Threat Level

Voyeurs. Sabotaged accounts. Backdoor schemes. For years, the retail giant has handled your information less carefully than it handles your packages. Backchannel Security Security / Privacy

LinkedIn + ZoomInfo Recruiter: Better Data for Better Candidates

Check out our latest ebook for a guide to the in-depth, wide-ranging candidate and company data offered by ZoomInfo Recruiter — and make your next round of candidate searches faster, more efficient, and ultimately more successful.

North Korean Hacking Group Targets Diplomats, Forgoes Malware

Dark Reading

The TA406 group uses credential harvesting to target diplomats and policy experts in the United States, Russia, China, and South Korea, rarely resorting to malware

107
107

Canadian teenager stole $36 Million in cryptocurrency via SIM Swapping

Security Affairs

A Canadian teen has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency. A Canadian teenager has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency from an American individual.

IT 97

Weekly Update 270

Troy Hunt

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it.

IT 86

Powering digital business

OpenText Information Management

The best-run organizations are defined by their ability to drive technology-led transformations. The challenges of the past two years have demonstrated how technology has enabled organizations to be agile, productive, and creative.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

6 Tips To Keep in Mind for Ransomware Defense

Dark Reading

Ransomware is everywhere, including the nightly news. Most people know what it is, but how do ransomware attackers get in, and how can we defend against them

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Security Affairs

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services.

IoT 96

Companies Get Better at Fighting Ransomware Despite Escalating Threats

eSecurity Planet

In a year in which ransomware attacks seem to get worse by the day, companies have made surprising progress defending themselves against attacks.

Scheduled Internal Audits… Get the Most Out of Your Inventory Software.

RFID Global Solution, Inc.

For many ISO-certified asset management systems, a well-maintained internal inventory schedule is a requirement for compliance. However, any business that wants to make sure it is running efficiently should consider performing regular internal inventories as part of its operational processes.

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

8 Tips To Keep in Mind for Ransomware Defense

Dark Reading

Ransomware is everywhere, including the nightly news. Most people know what it is, but how do ransomware attackers get in, and how can we defend against them

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat.

How Hackers Use Payloads to Take Over Your Machine

eSecurity Planet

A payload is a piece of code that executes when hackers exploit a vulnerability. In other words, it’s an exploit module. It’s usually composed of a few commands that will run on the targeted operating system (e.g., key-loggers) to steal data and other malicious acts.