Thursday, October 1, 2020
Internet Storm Center Infocon Status

LATEST

#DTXNOW: Time to Remove Security from IT

#DTXNOW: Time to Remove Security from IT Speaking on a session titled “Is top level security possible on a shoestring budget?” as part of Digital Transformation Expo, security specialists were asked by moderator Jeremy White what their top tips were...
SC Magazine

Phishing pages leverage CAPTCHAs to fool users, evade detection

Cyberattackers targeting the hospitality industry were recently observed using a phishing page that featured CAPTCHA technology as a way to elude detection, as well as to give potential victims a false sense of security that the malicious site was...

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams IT and security teams must learn how to navigate to uncertain environments in order to build lasting resilience, according to Jordan Schroeder, deputy MD & managing CISO at Hefestis, speaking...

InterPlanetary Storm: Cross-platform P2P botnet infects computers and IoT devices

IoT botnets have come a long way since Mirai showed its devastating potential in 2016 with distributed denial-of-server attacks that exceeded in strength anything seen before then. Myriad malware programs now infect poorly secured or vulnerable routers, IP cameras,...
TechRepublic

Cisco researchers explain how disinformation tactics use your emotions to spread lies about the election

Before you share an "is this true?" post on social media, ask these questions to figure out if the post is designed to engage your emotions or your brain.
The Register

Huawei’s UK code reviewers say the company is still crap at basic software security

Last year telcos scrambled to plug 'critical user-facing vuln' in Chinese network kit UK.gov security researchers examining Huawei source code have so far verified just eight firmware binaries out of more than 60 used across Britain's mobile phone networks,...
ZDNet

With API attacks rising, Cloudflare launches a free API security tool

Claudflare launches API Shield, a new service to protect web APIs against attacks.
TechRepublic

Cybersecurity Awareness Month: Train employees to be first line of defense

This October looks quite different from previous years, as IT oversees staff who are no longer centrally located, creating a larger attack surface for bad actors. Awareness is key, experts say.
IBM Security

Integrating Security Awareness Training Into Employee Onboarding

Training your team on security awareness is an essential part of a successful security program. And, new employee onboarding is an optimal time to introduce your staff to your security best practices. This is in large part due to the...
ZDNet

Imperva acquires database security startup jSonar

jSonar secured a $50 million investment from Goldman Sachs only a few months ago.
Graham Cluley

What to do first when your company suffers a ransomware attack

For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals. There’s no magic...
SecurityWeek

New RiskLens Solution Helps Organizations Optimize Cybersecurity Spending

Cyber risk management solutions provider RiskLens on Thursday announced a new capability designed to help organizations improve investment and budget decisions. read more

October is National Cybersecurity Awareness Month

Original release date: October 1, 2020October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners—including the National Cyber Security Alliance—to ensure every American...
Tripwire

Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks

A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring. On September 30, Honorable William H. Alsup, U.S. District Judge for the Northern District of California, sentenced Yevgeniy Alexandrovich Nikulin,...
Bruce Schneier

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...
SecurityWeek

Anthem to Pay Nearly $40M Settlement Over 2015 Cyberattack

Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people. read more

#BeCyberSmart – why friends don’t let friends get scammed

Friends don't let friends get scammed. Because cybercrime hurts us all.
IBM Security

Why a Security Maturity Model Can Transform How You Use Analytics

With cyberattacks and breaches on the rise, security should be a major concern for all companies. In particular, enabling the development of an analytics maturity model is a useful addition to your traditional security information and event management (SIEM)-based...
SecurityWeek

Twitter Removes Iran-Linked Accounts Aimed at Disrupting U.S. Presidential Debate

Twitter on Wednesday announced that it removed 130 accounts originating from Iran that were aimed at disrupting the first 2020 U.S. presidential debate. The accounts, the social media platform reveals, were removed after the Federal Bureau of Investigation (FBI) alerted...
isBuzz

Cybersecurity Awareness Month 2020: Key Insights From Industry Experts

Now in its 17th year, Cybersecurity Awareness Month continues to play a critical role in raising awareness of the online threats faced by both organisations and individuals alike. This year’s theme – ‘Think Before U Click’ (#ThinkB4UClick) focuses on...
The Hacker News

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to...

Experts Warn of $15 Million Global BEC Campaign

Experts Warn of $15 Million Global BEC Campaign Security experts have discovered a major new Business Email Compromise (BEC) campaign that has already stolen over $15 million from a possible 150 organizations. Israeli incident response specialist Mitiga was first called...
The Hacker News

Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich...
SC Magazine

Emerging Products: Deception Network Tools

SC Labs tested nine deception networks tools for October that have dramatically improved in their ability to help organizations proactively detect, hunt and respond to threats. (Source: Attivo) SC Labs took another look at deception network tools this month....

What it takes to be a transformational CISO

Brian Kelly, back when he was CISO of Quinnipiac University, felt the pressure to take a different tack. To read this article in full, please click here(Insider Story)
630FollowersFollow

LEADERS

Graham Cluley

What to do first when your company suffers a ransomware attack

For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals. There’s no magic...
Bruce Schneier

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...
Graham Cluley

A complete stranger controlled this woman’s home security system, but they’re not the one she’s angry with

Imagine being contacted by a complete stranger via Facebook, and them telling you that they have complete control over the security system in your new home. Read more in my article on the Hot for Securiy blog.
Graham Cluley

Smashing Security podcast #198: Chucky the coffee maker

Coffee machines catching ransomware, Blacklight shines a torch on website tracking, and a woman is freaked out that a complete stranger can turn off her home's security system. All this and much more is discussed in the latest edition of...
Bruce Schneier

Negotiating with Ransomware Gangs

Really interesting conversation with someone who negotiates with ransomware gangs: For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy...