3 Tips Venmo Users Should Follow to Keep Their Transactions Secure
You’ve probably heard of Venmo, the quick and convenient peer-to-peer mobile payments app. From splitting the check when eating out with friends to dividing the cost of bills, Venmo is an incredibly easy way to share money. However, users’ comfort with the app can sometimes result in a few negligent security practices. In fact, computer […] more…Indegy Launches Industrial Cybersecurity-as-a-Service Offering
Indegy on Thursday announced the general availability of CIRRUS, a new industrial cybersecurity-as-a-service (ICSaaS) offering. CIRRUS is designed to help organizations of all sizes monitor and protect their operational technology (OT) environments using cloud technologies and real-time threat intelligence sharing. read more more…Cryptocurrency-Mining Botnet Malware Arrives Through ADB and Spreads Through SSH
by Jindrich Karasek We observed a new cryptocurrency-mining botnet malware that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant we previously reported. This bot’s design allows it to spread […] more…Cryptocurrency Mining Botnet Arrives Through ADB and Spreads Through SSH
by Jindrich Karasek We observed a new cryptocurrency mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant we previously reported. This botnet’s design allows it to spread […] more…Expanding Our Vision to Expand the Cybersecurity Workforce
I recently had the opportunity to testify before Congress on how the United States can grow and diversify the cyber talent pipeline. It’s great that members of Congress have this issue on their radar, but at the same time, it’s concerning that we’re still having these discussions. A recent (ISC) Study puts the global cybersecurity […] more…Free Cloudflare Tool Helps CAs Securely Issue Certificates
Internet performance and security firm Cloudflare on Tuesday announced the availability of a free API designed to help certificate authorities (CAs) securly issue certificates by ensuring that malicious actors cannot complete the domain control validation process via BGP hijacking and DNS spoofing attacks. read more more…Researcher Scrapes and Posts 7 Million Venmo Transactions
Venmo is a peer-to-peer mobile app designed to make it easy to send and receive payments from friends. It is owned by PayPal — and it is no stranger to security issues. read more more…Stop Discarding Devices Frequently- It’s Risky for Mother Earth as Well As Your Cybersecurity
“Aunty, do you happen to have any waste paper at home? I need them for my Environment Day project,” chirped a bright little thing standing at my door early Sunday morning. “I am sure I have. What is your project this year?” “Oh! I want to emphasize on ‘Reduce. Reuse. Recycle.’ by making durable paper […] more…Rowhammer variant RAMBleed allows attackers to steal secrets from RAM
Researchers have devised a new attack that allows unprivileged code running on computers to steal secrets, such as cryptographic keys, that are stored in what should be protected memory regions. The attack is possible because of a known design issue with modern DRAM chips that has been exploited in the past to modify protected data. […] more…Improving Cyber Resilience with Threat Intelligence
According to the SANS CTI 2019 survey results, 72% of organizations either consume or produce Threat Intelligence. Although most organizations have Intelligence data, they struggle with defining requirements and managing Cyber Threat Intelligence (CTI) as a program with measurable output. This likely results from threat data and intelligence being perceived as a technical function unrelated […] more…What kids get up to online
Today’s children navigate the Internet better than adults. They are not afraid to try out new technology, and are quick to grasp new trends and sometimes invent their own. New social networks, mobile games, music, and gadgets are all part and parcel of their daily lives. But just because they feel at home online does […] more…Mozilla makes anti-tracking the Firefox default
Mozilla this week began to switch on an aggressive anti-tracking technology in Firefox that it has touted since 2015. With a June 4 update to Firefox 67, Mozilla turned on Enhanced Tracking Protection (ETP) by default for new users. Existing customers simply updating their browsers may enable ETP themselves. The default-of-on will be extended to […] more…OMB Publishes Memorandum on U.S. Federal Data Strategy
“Data is the new oil,” said mathematician Clive Humby in 2006 when designing a supermarket clubcard. But like crude oil, it is what can be extracted (in this case, information) that is truly valuable and drives both government and business. For information to be valuable, it must come from as much accurate data as possible. […] more…Microsoft dismisses new Windows RDP ‘bug’ as a feature
Researchers have found an unexpected behavior in a Windows feature designed to protect remote sessions. more…Apple bans ads, third-party tracking in apps meant for kids
The new policy: Ditch third-party trackers in apps designed for youngsters, lest the app get booted out of the App Store. more…Apple battles Facebook and Google with rival sign in service
Apple’s WWDC was full of surprises including a new feature designed to make signing up for websites more private: Sign In with Apple. more…More information
- Russian Court Remands Hackers in Custody
- Async video messaging: Another route to productive remote work
- Joomla websites attacked en masse using recently patched exploits
- Million-dollar fine for sneaky Bitcoin botnet builders
- Intel Patches High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers
- Sophos synchronizes endpoint, network security
- Looking for silver linings in the CVE-2020-0601 crypto vulnerability
- Why you need Apple support to secure the C-suite
- Jury finds former journalist guilty of aiding Anonymous in media hacking case
- Computers get a better way to detect threats