Original release date: August 19, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified a malware variant—referred to as BLINDINGCAN—used by North Korean actors.
Japan has launched a new flying car that gets us closer to the day when flying is possible for anyone. Japan’s SkyDrive Inc., among the myriads of “flying car” projects around the world, has carried out a successful though modest test flight with one person aboard.
Will Trump pardon Snowden? And why is this question suddenly coming up now? The issue popped up as Marcel Kolaja and more than two dozen members of the EU Parliament sent an open letter to President Trump, asking him to consider Snowden a whistleblower who deserves protection instead of a criminal who deserves prosecution. Snowden, a former contractor at the NSA, is charged with espionage… Read more
The DOJ just unsealed charges in a bombshell case that everyone in cybersecurity should read. We go inside an FBI cyber sting that reveals high-dollar bribery efforts by ransomware operators. These bribes can turn employees into malicious insiders who secretly help launch an attack on your organization. The court documents read like a John Grisham novel: the money, the deceit, the opportunity for revenge—it is all here. But this case is real, with real lessons for InfoSec. This scheme came to the surface on July 16, prosecutors say, when Russian national Egor Kriuchkov used WhatsApp to message an employee at a company he wanted to attack. According to industry publication Electrek, the target was Tesla… Read more
At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good.
Without early threat detection, you may not know your website has been hit by a DDoS attack until it slows down or stops, says NordVPN Teams.
Original release date: August 20, 2020
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.
Using natural language models to identify Business Email Compromise (BEC)
On August 18, 2020, the Wordfence Live team covered 10 WordPress Security Mistakes You Might be Making. This companion blog post reviews the recommendations we provided to avoid these mistakes and better secure your WordPress environment. Read entire article and /or watch video
After ten years of asking and the longest forum thread in the company’s history, 1Password is heading to Linux.
Data breaches are frequent and far reaching, putting your credit information at risk. The only way to ensure no one can access your credit file without your permission is with a credit freeze or credit lock. Learn the difference and how you can use them to protect your credit file.
Between working at the office, or school, or remotely, the principles of security can become something of a moving target. For some, this creates an uncertainty with making sure that the right policies are applied. Reducing risk on at-home networks, keeping information secure during virtual meetings and having a strong password policy are some best practices that can be implemented quickly and effectively from wherever you are working.