Thursday, July 19, 2018

Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs

Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.

Messenger Apps Top Risk Hit Parade

Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.

Make Security Boring Again

In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.

New Subscription Service Takes on Ransomware Protection

Training and response is the basis of a new offering that addresses ransomware and extortion attacks.

Microsoft Moves Up As Phishers’ Favorite Target for Brand Spoofing

Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.

From Bullets to Clicks: The Evolution of the Cyber Arms Race

Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.

White House Cybersecurity Strategy at a Crossroads

Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.

One-Third of Businesses Lack a Cybersecurity Expert

Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.

Cloud Security: Lessons Learned from Intrusion Prevention Systems

The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.

Nearly Half of Security Pros Reuse Passwords

Survey exposes poor security practices by the people who should know better.

SCADA/ICS Dangers & Cybersecurity Strategies

Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.

7 Nigerians Indicted for Fraud Operation on Dating Sites

Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.

Russian National Vulnerability Database Operation Raises Suspicions

Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.

Less Than Half of Cyberattacks Detected via Antivirus: SANS

Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.

Trump Dismisses Russian Interference Indictments in Presser with Putin

Russian President Vladamir Putin 'just said it's not Russia,' Trump said.

10 Ways to Protect Protocols That Aren’t DNS

Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.

India Telecom Regulator: Users Have Primary Data Rights

Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.

Time to Yank Cybercrime into the Light

Too many organizations are still operating blindfolded, research finds.

Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers

GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.

GandCrab Ransomware Continues to Evolve But Can’t Spread Via SMB Shares Yet

Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

Financial Industry Insiders Put the Keys to the Kingdom at Risk

Monitoring for Illicit Insider Activity Shouldn’t Focus Exclusively on Dark Web and Criminal Forums read more

Trends in malware – ransomware, cryptojacking, what next? [PODCAST]

Catch up with Day 3 of our Security SOS Week - here's the third episode of our week-long online security summit.

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services. Read more in my article on the Hot for Security blog.

Automated money-laundering scheme found in free-to-play games

The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff.