2020

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom.

Spear-Phishing Campaign Uses COVID-19 to Spread LokiBot

Data Breach Today

FortiGuard Labs Researchers Find WHO Images Used As Lure Again A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot. FortiGuard Labs researchers find that cybercriminals are once again using WHO images as a lure

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.”

How to Keep Your Zoom Chats Private and Secure

WIRED Threat Level

Trolls. Prying bosses. Zoom's a great video chat platform, but a few simple steps also make it a safe one. Security Security / Security Advice

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Security and Privacy Implications of Zoom

Schneier on Security

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My My own university, Harvard, uses it for all of its classes.) Over that same period, the company has been exposed for having both lousy privacy and lousy security.

More Trending

FBI Warns of Fake CDC Emails in COVID-19 Phishing Alert

Dark Reading

Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks

Why I Didn’t Join a Software Company

Weissman's World

If I heard it once, I heard it a dozen times since announcing my move to Valora Technologies the other week: “So, you’re going to work for a software company!” To which my response has been, “Kind of, but not really.”

IT 156

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned.

The Difficulty of Disclosure, Surebet247 and the Streisand Effect

Troy Hunt

This is a blog post about disclosure, specifically the difficulty with doing it in a responsible fashion as the reporter whilst also ensuring the impacted organisation behaves responsibly themselves.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Hackers Were Inside Citrix for Five Months

Krebs on Security

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents.

Crafty Web Skimming Domain Spoofs “https”

Krebs on Security

Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data.

Morrisons Not Liable for Breach Caused by Rogue Employee

Data Breach Today

Employees' Attempt to Receive Financial Compensation Dismissed by Supreme Court Supermarket giant Morrisons is not liable for a data breach caused by a rogue employee, Britain's Supreme Court has ruled, bringing to a close the long-running case - the first in the country to have been filed by data breach victims.

MY TAKE: Why we should all now focus on restoring stability to US-Iran relations

The Last Watchdog

As tensions escalate between the U.S. and Iran it’s vital not to lose sight of how we arrived at this point. Related: We’re in the golden age of cyber spying Mainstream news outlets are hyper focused on the events of the past six days. A Dec.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

The Best and Worst Browsers for Privacy, Ranked

WIRED Threat Level

A new study examines how Google Chrome, Mozilla Firefox, Apple Safari, Brave, Edge, and Yandex collect user data. . Security Security / Privacy

TSA Admits Liquid Ban Is Security Theater

Schneier on Security

The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces.

A bug in Tor Browser allows execution of JavaScript even in Safest security level

Security Affairs

Tor Project maintainers warned users about a severe flaw in the Tor browser that may execute JavaScript code on sites it should not. The Tor Project announced a major bug in the Tor browser that may cause the execution of JavaScript code on sites for which users have specifically blocked JavaScript.

New Ransomware Variant Developed Entirely as Shellcode

Dark Reading

PwndLocker is harder to detect than other crypto-malware, Crypsis Group says

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Booter Boss Busted By Bacon Pizza Buy

Krebs on Security

A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today.

The Web’s Bot Containment Unit Needs Your Help

Krebs on Security

Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit , effectively unleashing a pent-up phantom menace on New York City.

Zoom Stops Transferring Data by Default to Facebook

Data Breach Today

Privacy Gaffe Blamed on Facebook's iOS Software Development Kit Zoom has apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app.

Patch Tuesday, January 2020 Edition

Krebs on Security

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Coronavirus Widens the Money Mule Pool

Krebs on Security

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “ money mules ” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer.

IT 221

Alarming Trend: More Ransomware Gangs Exfiltrating Data

Data Breach Today

Criminals Increasingly Leak Stolen Data to Force Bitcoin Payoff As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked.

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

The Last Watchdog

DevOps is now table stakes for any company hoping to stay competitive. Speed and agility is the name of the game. And everyone’s all-in.

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network.

Bug Bounty Programs Are Being Used to Buy Silence

Schneier on Security

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny.

Washington Governor Signs Facial Recognition Law

Data Breach Today

Privacy Advocates Criticize Measure That Microsoft Supported Washington's governor has signed a new law that regulates the use of facial recognition technology. But some privacy advocates say the measure, which was backed by Microsoft, doesn't do enough to protect individuals' rights

Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records

Dark Reading

The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019

Does Your Domain Have a Registry Lock?

Krebs on Security

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it.