C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F
-
Ruhr University Bochum shuts down servers after ransomware attack [Sergiu Gatlan, Bleeping Computer]
-
Pandemic Could Accelerate Passwordless Authentication [Steve Zurier, Dark Reading / Informa]
- see also: 5 common password mistakes you should avoid
- and: Protect your accounts with smarter ways to sign in on World Passwordless Day
-
Apple, Google push makers of coronavirus apps not to record user location [David Ingram, NBC News]
-
Zoom acquires Keybase to beef up encryption, ease security questions [Jeff Stone, Cyberscoop / Scoop News Group]
-
Cyber Subterfuge and Curious Sharks Threaten the World’s Subsea Fiber-Optic Cables [Alison Diana, Dark Reading / Informa]
-
Maze Ransomware and its Various Campaigns Continue to Threaten the Cyber World – E Hacking News [Rootdaemon]
- see also: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
-
Microsoft and Intel project converts malware into images before analyzing it [Catalin Cimpanu, Zero Day]
-
GitHub Code Scanning aims to prevent vulnerabilities in open source software [Zeljka Zorz, Help Net Security]
-
6 common container security mistakes to avoid [Bob Violino, CSO / IDG Communications]
-
Build a Culture of Holistic Risk Awareness Throughout Your Workforce [Michelle Greenlee, Security Intelligence / IBM]
-
The 4 Stages to a Successful Vulnerability Management Program [Mitch Parker, Tripwire]
-
For 8 years, a hacker operated a massive IoT botnet just to download Anime videos [Catalin Cimpanu, Zero Day]
-
Resource Guide for Cybersecurity During the COVID-19 Pandemic [Center for Internet Security]
- see also: Privacy Preserving Protocols to Trace Covid19 Exposure
- and: Cyber volunteers release blocklists for 26,000 COVID-19 threats
-
Learning from Home While School’s Out: Cybersecurity Education for Kids [Greg Herbold and Kim Yohannan, Palo Alto Networks]
- see also: Cybersecurity Lab – highly recommended for kids Gr8-12
- PBS Kids Cyberchase – for the younger ones
- Cyber School – Free to attend, live & online cyber security school for school pupils around the world
- KnowBe4 Children’s Interactive Cybersecurity Activity Kit – offline activity books
-
Nearly a Million WP Sites Targeted in Large-Scale Attacks [Ram Gall , Wordfence]
- see also: Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
-
Convincing Office 365 phishing uses fake Microsoft Teams alerts [Sergiu Gatlan, Bleeping Computer]
- original report: Abnormal Attack Stories: Microsoft Teams Impersonation
-
Cisco Webex phishing uses fake cert errors to steal credentials [Sergiu Gatlan, Bleeping Computer]
-
LockBit, the new ransomware for hire: A sad and cautionary tale [Dan Goodin, Ars Technica / Condé Nast]
-
Hackers exploit Salt RCE bugs in widespread attacks, PoCs public [Ionut Ilascu, Bleeping Computer]
- see also: Search provider Algolia discloses security incident due to Salt vulnerability
-
What to do when you receive an extortion email [Thomas Reed, Malwarebytes]
-
Can you trust attachments with unfamiliar extensions? [Zeljka Zorz, Help Net Security]
-
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use [Thomas Brewster, Forbes]
-
Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 [Catalin Cimpanu, Zero Day]
-
Windows 7 end-of-life security mitigation [John Zage, Trusted CI]
-
The Shadowserver Foundation Threat Report: A Spotlight on Africa [Shadowserver]
-
Mobile as Attack Vector Using MDM [Aviran Hazum et al, Check Point Research]
-
Honeysploit: Exploiting the Exploiters [Curtis Brazzell, Medium]
- see also: Professional data leakage: How did that security vendor get my personal data?
-
COVID-19 Security Resource Library [Stay Safe Online / NCSA]
- see also: How to avoid a coronavirus scam
-
Consumers benefit as video call vendors scramble to revamp security in a COVID-19 world [Charlie Osborne, Zero Day]
-
Contact-Tracing Apps Must Respect Privacy, Scientists Warn [Mathew J. Schwartz, Information Security Media Group]
-
Cybersecurity Prep for the 2020s [Dave Meltzer, Dark Reading / Informa Tech]
- see also: 10 ways to get more from your security budget
- and: The Key to Successfully Managing Cyber Risk: Speed
-
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk [Threat Protection Intelligence Team, Microsoft]
- see also: Phishing kit prices skyrocketed in 2019 by 149%
-
The Windows 10 security guide: How to protect your business [Ed Bott, The Ed Bott Report / Zero Day]
-
The Evolution of AppSec: Past, Present and Future [Veracode / IDG Communications]
-
Hackers selling 267 million Facebook records on hacker forum [Waqas / HackRead]
-
Warwick University was hacked and kept breach secret from students and staff [Alexander Martin, Sky News]
-
The missing MITRE ATT&CK matrix for Linux cloud servers [Intezer]
-
Taiwan High-Tech Ecosystem Targeted by Foreign APT Group [CyCraft Technology Corp, Medium]
-
Mastering Communication in Cyber Intelligence Activities: A Concise User Guide [Boris Giannetto and Pierluigi Paganini, Security Affairs]
-
17 New US School Districts and Colleges Compromised by Ransomware, a Total of 94 in the Past 15 Months [Armor]
- see also: Backup or Disaster Recovery for Protection Against Ransomware?
-
COVID-19 Exploited by Malicious Cyber Actors [CISA / US DHS]
- see also: CERT-GIB: Phishers prefer Tesla, top 3 malware strains in COVID-19 phishing campaigns, and pandemic-related dilemmas faced by hacker underground
-
ZOMG it’s ZOOM [Mick Douglas, SANS Webcasts]
- see also: The Facts Around Zoom and Encryption for Meetings/Webinars
- and: Zoom removes meeting IDs from app title bar to improve privacy
-
New Phishing Campaign Spoofs WebEx to Target Remote Workers [Ashley Tran, Cofense]
-
Mass school closures in the wake of the coronavirus are driving a new wave of student surveillance [Drew Harwell, The Washington Post]
-
NASA sees an “exponential” jump in malware attacks as personnel work from home [Dan Goodin, Ars Technica / Condé Nast]
-
Introducing New SANS 3MinMax Series with Certified Instructor Kevin Ripa [Kevin Ripa, SANS]
-
Introducing our new book “Building Secure and Reliable Systems” [Royal Hansen, Google]
- get it here: landing.google.com/sre/books/
-
A client-side perspective on web security [Edward Amoroso (TAG Cyber) and Aanand Krishnan (Tala Security), Help Net Security]
-
Microsoft and Google postpone insecure authentication removal [Sergiu Gatlan, Bleeping Computer]
-
Debunking Myths about Quantum Cryptography [John Prisco, Quantum Xchange / Infosecurity Magazine]
-
Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations [Lawrence Abrams, Bleeping Computer]
-
Brace for more cybercrime as you work from home, experts warn [Carin Smith, fin24]
-
Distributed disruption: Coronavirus multiplies the risk of severe cyberattacks [Marc Wilczek, Link11 / Help Net Security]
- see also: Catching the Virus Cybercrime, Disinformation and the COVID-19 Pandemic
-
Microsoft: How one Emotet infection took out this organization’s entire network [Liam Tung, Zero Day]
- see also: This Is Not Your Father’s Ransomware
- and: 5 Ways Enterprises Inadvertently Compromise Their Network Security
-
Threat actor selling access to a Canadian university’s domain [Howard Solomon, IT World Canada]
- see also: University of Warwick hiding data security risks from students and staff
-
This is how you deal with route leaks [Radar by Qrator]
- see also: Not just another BGP Hijack
- and: Internet Society Expands Program for Secure Internet Routing Framework
-
Zoom banned from New York City schools due to privacy and security flaws [Ainsley Harris, Fast Company / Mansueto Ventures]
- see also: How to block ‘Zoom bombing’ in higher ed
- and: The internet is now rife with places where you can organize Zoom-bombing raids
- and Move Fast and Roll Your Own Crypto
- and: ‘War Dialing’ Tool Exposes Zoom’s Password Problems
-
Top Email Protections Fail in Latest COVID-19 Phishing Campaign [Elizabeth Montalbano, Threatpost]
- see also: Threat Actors Evade Proofpoint and Microsoft 365 ATP Protection to Capitalize on COVID-19 Fears
- and: Why Humans Are Phishing’s Weakest Link
-
Active Directory Attacks Hit the Mainstream [Jason Crabtree, Dark Reading]
- see also: Kerberos Tickets on Linux Red Teams
-
NATO Report Warns of New Authoritarian Chinese Splinternet [Phil Muncaster, Infosecurity Magazine / Reed Exhibitions]
-
The Zero Trust Learning Curve: Deploying Zero Trust One Step at a Time [John Kindervag, Palo Alto Networks]
- see also: Implementing a Zero Trust Architecture
- and: Take the Zero Trust Assessment and see where you are in your journey
-
Offense and Defense – A Tale of Two Sides: Bypass UAC [Anthony Giandomenico, Fortinet]
-
The Internet is drowning in COVID-19-related malware and phishing scams [Dan Goodin, Ars Technica / Condé Nast]
- see also: Fighting Coronavirus-Themed Ransomware and Malware
- Phishing Attack Says You’re Exposed to Coronavirus, Spreads Malware
- Fake Corona Antivirus Software Used to Install Backdoor Malware
- CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware
- coronavirus-covid-19-SARS-CoV-2-IoCs
-
Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps [Lawrence Abrams, Bleeping Computer]
-
Free Cyber Safety Resources during COVID-19 [Guest Authors, Tripwire]
- see also: Stay Healthy, Stay Secure
-
Hackers Take Advantage of Zoom’s Popularity to Push Malware [Sergiu Gatlan, Bleeping Computer]
- see also: Zoom Cancels All Work On New Features After Latest Security Alerts
- and: Zoom, the video conferencing app everyone is using, faces questions over privacy
- Who’s Zooming Who? Guidelines on How to Use Zoom Safely
-
FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic [Kristen Setera, FBI Boston]
-
Security and Microsoft Teams – Addressing Threats to Teams Meetings [Microsoft]
-
Public health vs. personal privacy: Choose only one? [Tony Anscombe, WeLiveSecurity / ESET]
-
Unauthorised Data Access Alert [University of Utah Health]
-
Integrating Cybersecurity and Enterprise Risk Management (ERM) [draft] [NIST]
- see also: Untangling Third-Party Risk
- and: Quantifying Cyber Risk: Why You Must & Where to Start
-
Three More Ransomware Families Create Sites to Leak Stolen Data [Lawrence Abrams, Bleeping Computer]
-
Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant [Eric Saraga, Varonis]
-
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits [FireEye]
-
6 ways attackers are exploiting the COVID-19 crisis [Dan Swinhoe, CSO / IDG Communications]
-
SANS Security Awareness Work-from-Home Deployment Kit [SANS Institute]
- see also: Working from Home during COVID-19? What You and Your Organization Need to Consider
-
COVID-19: With everyone working from home, VPN security has now become paramount [Catalin Cimpanu, Zero Day / CBS Interactive]
- see also: Alert (AA20-073A) – Enterprise VPN Security
-
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings [Jeff Greene, NIST NCCoE]
- see also: List of Free Software and Services During Coronavirus Outbreak
-
How coronavirus COVID-19 is accelerating the future of work [Larry Dignan, Zero Day / CBS Interactive]
-
They Come in the Night: Ransomware Deployment Trends [Kelli Vanderlee, FireEye]
- see also: Human-operated ransomware attacks: A preventable disaster
-
There Are Plenty of Phish in the Sea [Alastair Paterson, SecurityWeek / Wired Business Media]
- see also: Phishing Victims From a CDN’s Point of View
-
RiskSense Spotlight Report Finds WordPress and Apache are Most Weaponized Web and Application Frameworks [RiskSense]
- see also: WordPress to add auto-update feature for themes and plugins
-
Shadowserver 2020 Urgent Need – Just The Summary [Shadowserver]
-
Making the case for hardware 2FA in the enterprise [J.M. Porup, CSO / IDG Communications]
- see also: Enroll security keys on more devices
-
Hacking a network, using an ‘invisibility cloak’ – Is it that simple? [Pierluigi Paganini / Sepio Systems, Security Affairs]
-
The Biggest Gap in Cybersecurity is Empathy [Jack Danahy, Alert Logic]
-
University of Kentucky Defeats Month-Long Cyber-Attack [Sarah Coble, Infosecurity / Reed Exhibitions]
- see also: Inside a massive cyber hack that risks compromising leaders across the globe
-
Top cybersecurity facts, figures and statistics for 2020 [Josh Fruhlinger, CSO / IDG Communications]
-
Ransomware Attackers Use Your Cloud Backups Against You [Lawrence Abrams, Bleeping Computer]
- see also: Ransomware: These sophisticated attacks are delivering ‘devastating’ payloads, warns Microsoft
-
Coronavirus-themed scams and attacks intensify [Zeljka Zorz, Help Net Security]
- see also: How Threat Actors are Abusing Coronavirus Uncertainty
-
How Security Leaders at Starbucks and Microsoft Prepare for Breaches [Kelly Sheridan, Dark Reading / Informa]
-
How to write an effective information security policy [Mary K. Pratt, CSO / IDG Communications]
-
Securing Content Management Systems [Australian Cyber Security Centre]
-
Microsoft: 99.9% of compromised accounts did not use multi-factor authentication [Catalin Cimpanu, Zero Day / CBS Interactive]
-
Time to Stop Overlooking DNS Security [Mark Fieldhouse, NS1 / Infosecurity / Reed Exhibitions]
-
The War of Passwords: Compliance vs NIST [Rita Nygren, Tripwire]
-
Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef [Kieren McCarthy, The Register]
-
Personal information of students, faculty at B.C. university exposed in recent data breach [Carly Yoshida-Butryn, CTV News / Bell Media]
- see also: Names, birthdays, email addresses of thousands potentially exposed in SFU data breach
-
Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices [Lawrence Abrams, Bleeping Computer]
- see also: DoppelPaymer Ransomware Launches Site to Post Victim’s Data
- and: Ransomware victims are paying out millions a month. One particular version has cost them the most
-
Ransomware Response: Mature Cybersecurity Must Involve Data Analytics [James Stanger, CompTIA]
-
Hackers are actively exploiting zero-days in several WordPress plugins [Catalin Cimpanu, Zero Day]
- see also: Critical Bugs in WordPress Plugins Let Hackers Take Over Sites
-
Hackers Use Windows 10 RDP ActiveX Control to Run TrickBot Dropper [Ionut Ilascu, Bleeping Computer]
-
‘Cloud Snooper’ Attack Bypasses Firewall Security Measures [Sergei Shevchenko, Sophos]
-
Educating Educators: Microsoft’s Tips for Security Awareness Training [Kelly Sheridan, Dark Reading]
-
CWE list now includes hardware security weaknesses [Zeljka Zorz, Help Net Security]
- find it here: cwe.mitre.org/
-
Your phone wakes up. Its assistant starts reading out your text messages. To everyone around. You panic. How? Ultrasonic waves [Katyanna Quach, The Register]
-
Introducing Dispatch [Kevin Glisson, Marc Vilanova and Forest Monsen, Netflix]
-
Chrome 80 update cripples top cybercrime marketplace [Catalin Cimpanu, Zero Day]
- see also: New Deep-Linking Feature in Google Chrome 80 Sparks Privacy Concerns
- and: Web Browser Privacy: What Do Browsers Say When They Phone Home?
-
Russian spies are attempting to tap transatlantic undersea cables [Pierluigi Paganini, Security Affairs]
-
How a Hacker’s Mom Broke Into a Prison—and the Warden’s Computer [Lily Hay Newman, WIRED / Condé Nast]
-
Zim hacker granted bail to attend Swiss hackathon [Samuel Mungadze, IT Web]
-
Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security [Sergiu Gatlan, Bleeping Computer]
- see also: Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
-
8.4 million: Number of DDoS attacks researchers saw last year alone [Help Net Security]
-
5 Strategies to Secure Cloud Operations Against Today’s Cyber Threats [Chris Christou and Brad Beaulieu, Dark Reading]
-
Admins beware! Microsoft gives heads-up for ‘disruptive’ changes to authentication in Office 365 email service [Tim Anderson, The Register]
-
Are CISOs ready for zero trust architectures? [Vladimir Jirasek, Foresight Cyber / Help Net Security]
- see also: To Rank or Not to Rank Should Never Be a Question
-
Top 10 web hacking techniques of 2019 [James Kettle, PortSwigger Research]
-
Whodat? Enumerating Who “owns” a Workstation for IR [Rob VandenBrink, SANS ISC]
-
The Ecosystem of Phishing: From Minnows to Marlins [Photon Research Team / Digital Shadows]
-
Up close and personal with Linux malware [Tomáš Foltýn, WeLiveSecurity / ESET]
- see also: The Linux Foundation identifies most important open-source software components and their problems
-
Cybersecurity alliance launches first open source messaging framework for security tools [Charlie Osborne, Zero Day]
-
New Mozart Malware Gets Commands, Hides Traffic Using DNS [Lawrence Abrams, Bleeping Computer]
-
Is your phone listening to you? [Jake Moore, WeLiveSecurity / ESET]]
-
Data Encryption on Android with Jetpack Security [Jon Markoff, Google Security Blog]
-
Jon Callas: Encryption is a technology that rearranges power [Mirko Zorz, Help Net Security]