Schneier on Security

JUNE 17, 2020

Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.).we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe -- free and paid -- while maintaining the ability to prevent and fight abuse on our platform.

Encryption 92

Encryption Authentication Privacy Risk 92

Dark Reading

JUNE 18, 2020

The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward?

Cybersecurity 131

Cybersecurity 131

Daymark

JUNE 15, 2020

Conditional Access in Azure AD provides a level of security required to maintain appropriate controls over who can access confidential and privileged information. It was the topic of discussion at our most recent “ Ask the Engineer Q&A Roundtable ” where attendees learned tips for a successful Conditional Access deployment and got answers to their specific questions.

Access 94

Access Security IT 94

Krebs on Security

JUNE 17, 2020

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division.

Security 306

Security Data breaches Security awareness Passwords 306

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

JUNE 18, 2020

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web. On June 16, authorities in Michigan arrested 29-year-old Justin Sean Johnson in connection with a 43-count indictment on charges of conspiracy, wire fraud and aggravated identi

IT 344

IT Archiving Personal data Access 344

WIRED Threat Level

JUNE 15, 2020

3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users.

Security 145

Security 145

Data Breach Today

JUNE 15, 2020

Personal Details on 727,000 Accounts in 14 Countries Leaked Delivery Hero, the online food delivery service, has confirmed a data breach of its Foodora brand. Breached information includes personal details for 727,000 accounts - names, addresses, phone numbers, precise location data and hashed passwords - in 14 countries.

Data breaches 358

Data breaches Passwords IT 358

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control.

IT 363

IT Authentication Passwords Access 363

The Last Watchdog

JUNE 17, 2020

Application Programming Interfaces – APIs. Without them digital transformation would never have gotten off the ground. Related: Defending botnet-driven business logic hacks APIs made possible the astounding cloud, mobile and IoT services we have today. This happened, at a fundamental level, by freeing up software developers to innovate on the fly. APIs have exploded in enterprise use over the past several years.

Digital transformation 178

Digital transformation Risk Financial Services Military 178

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

JUNE 18, 2020

79 Netgear router models are vulnerable to a severe unpatched security vulnerability that can be exploited by remote attackers to take over devices. Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models.

Security 145

Security Communications IT Information Security 145

Data Breach Today

JUNE 13, 2020

Suspected Russia-Linked Hackers Have Previously Focused on Ukraine The Gamaredon hacking group is now using a new set of malicious tools to compromise Microsoft Outlook as a way of sending spear-phishing emails to victims' contact lists, according to security firm ESET. This hacking group, which appears to have ties to Russia, has primarily targeted Ukraine for years.

Phishing 321

Phishing Security 321

Krebs on Security

JUNE 13, 2020

For the past year, a site called Privnotes.com has been impersonating Privnote.com , a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the mess

Phishing 243

Phishing Encryption Passwords IT 243

AIIM

JUNE 18, 2020

There are literally thousands of file formats available – which can lead to lots of confusion when trying to select the best file format for your business applications. Different file formats work better to meet certain business requirements, and selecting the wrong format can cause issues for organizations, their customers, their legal team, etc. To help make this type of decision easier, we’ve outlined some very common file formats used in almost every organization.

Archiving 144

Archiving Marketing Access Compliance 144

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

JUNE 16, 2020

Wireless carrier T-Mobile suffered a major outage in the United States, that impacted service at other carriers, due to a “massive” DDoS attack. Wireless carrier T-Mobile suffered a massive DDoS attack that caused a major outage in the United States that impacted service at other carriers due to a “massive” DDoS attack. This DDoS attack is serious. It has taken down Instagram, Facebook, T-Mobile, Verizon, and Twitch… 2020 is something else. pic.twitter.com/ztU59XMWu3 — Jordan Daley (

Communications 145

Communications Marketing Security IT 145

Data Breach Today

JUNE 15, 2020

Magecart Gangs Targeting Larger Organizations During Lockdown, Researcher Warns Jewelry retailer Claire's says Magecart attackers hits its e-commerce store, hosted on Salesforce Commerce Cloud, and stole an unspecified number of customers' payment card details. Security firm Sansec, which discovered the breach, says Magecart attacks have grown more targeted during lockdown.

Retail 312

Retail Cloud Security IT 312

The Guardian Data Protection

JUNE 15, 2020

Smittestopp had limited effect because of the small number of users, says data agency Coronavirus – latest updates See all our coronavirus coverage Norway’s health authorities said they suspended an app designed to help trace the spread of coronavirus after the country’s data protection agency said it was too invasive of privacy. Launched in April, the smartphone app Smittestopp (“infection stop”) was set up to collect movement data to help authorities trace the spread of Covid-19, and inform us

Privacy 144

Privacy IT 144

John Battelle's Searchblog

JUNE 17, 2020

It’s getting complicated out there. Marketers – especially brand marketers: Too many of you have lost the script regarding the critical role you play in society. And while well-intentioned TV spots about “getting through this together” are nice, they aren’t a structural solution. It’s time to rethink the relationship between marketers, media companies (not “content creators,” ick), and the audience.

Marketing 137

Marketing IT Risk Security 137

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

JUNE 17, 2020

AWS announced it has mitigated a 2.3 Tbps DDoS attack, the largest ever, which surpassed the previous record of 1.7 Tbps that took place in March 2018. Amazon announced it has mitigated the largest ever DDoS attack of 2.3 Tbps, the news is surprising if we consider that the previous record was of 1.7 Tbps that took place in March 2018. The 2.3 Tbps attack was neutralized by the Amazon AWS Shield service in mid-February this year.

Access 145

Access IT Security Information Security 145

Data Breach Today

JUNE 19, 2020

Researchers Find Extensions Could Steal Credentials and Security Tokens Google has removed more than 70 malicious Chrome extensions after researchers with security firm Awake Security discovered the extensions could be used to steal users' credentials and security tokens.

Security 310

Security 310

WIRED Threat Level

JUNE 14, 2020

These tips and tools will help you scrub your social media profiles clean, or give you a fresh start without giving up your username and followers.

Privacy 137

Privacy Security 137

IT Governance

JUNE 19, 2020

Cyber criminals have many tricks up their sleeves when it comes to compromising sensitive data. They don’t always rely on system vulnerabilities and sophisticated hacks. They’re just as likely to target the an organisation’s employees. The attack methods they use to do this are known as social engineering. What is social engineering? Social engineering is a collective term for ways in which fraudsters manipulate people into performing certain actions.

IT 137

IT Phishing Sales Security 137

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

JUNE 19, 2020

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information. “A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system.” r

Authentication 144

Authentication Access Security IT 144

Data Breach Today

JUNE 19, 2020

Creating Cloud-Hosted Attack Infrastructures a Common Practice, Academic Researchers Find Many ethical hackers and other security professionals, such as penetration testers, have weaponized cloud platforms to host online attack infrastructure or have used the platforms to conduct reconnaissance, according security researchers at Texas Tech University.

Cloud 303

Cloud Security 303

WIRED Threat Level

JUNE 17, 2020

Amid worldwide protests over racism and police violence, lawmakers are once again turning to the devices as a tool for reform.

Privacy 136

Privacy Security 136

Troy Hunt

JUNE 19, 2020

Today, almost one year after the release of version 5 , I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964? (just over 3%). As with previous releases, I've made the call to push the data now simply because there were enough new records to justify the overhead in doing so.

Passwords 133

Passwords IT 133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group. The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizati

Security 144

Security Government IT Information Security 144

Data Breach Today

JUNE 15, 2020

Check Point Research Claims Firm Sold CloudEyE Dropper Trojan An Italian cybersecurity company allegedly was a front for a criminal gang selling access to a dropper Trojan known as CloudEyE, according to analysts at the security firm Check Point Research.

Security 294

Security Cybersecurity Access 294

The Guardian Data Protection

JUNE 17, 2020

Investigation finds cases being closed when complainants refuse ‘digital strip search’ Rape investigations are being systematically dropped after victims refuse to hand over their mobile phones for analysis, an investigation has found. Freedom of information requests reveal that about one in five complainants decline to submit to what has been termed a “digital strip search”.

Privacy 132

Privacy 132