❌ As Black Friday Looms, IoT Gadgets Take the Risk Spotlight ❌

Ahead of the holiday shopping bonanza, the security community is talking to consumers about IoT security.

📖 Read

via "Threatpost | The first stop for security news".

❌ Podcast: Breaking Down the Magecart Threat (Part One) ❌

In the first part of our podcast series, we talked to Rapid7's chief data scientist about how Magecart has changed.

📖 Read

via "Threatpost | The first stop for security news".

❌ Zero-Trust Frameworks: Securing the Digital Transformation ❌

Zero trust refers to the notion of evaluating  the security risk of devices and users within the context of any given moment, without automatically conferring access based on credentials.

📖 Read

via "Threatpost | The first stop for security news".

⚠ The passwordless web explained ⚠

Naked Security attempts to demystify passwordless web authentication.

📖 Read

via "Naked Security".

🔐 Why military veterans might be key to closing the cybersecurity jobs gap 🔐

Discover why it might be prudent to hire veterans who are already trained in cybersecurity and understand the concepts of militarization.

📖 Read

via "Security on TechRepublic".

⚠ Hacker says USPS ignored serious security flaw for over a year ⚠

A security researcher claims the US Postal Service ignored a security flaw affecting 60 million users, until it was contacted by a journalist.

📖 Read

via "Naked Security".

⚠ Mobile and IoT attacks – SophosLabs 2019 Threat Report ⚠

As internet users migrate from desktop and laptop computers to mobile and Internet of Things (IoT) platforms, cybercriminals are too.

📖 Read

via "Naked Security".

⚠ Cryptocurrency ‘minting’ flaw could have leached money from exchanges ⚠

Ethereum's complexity proves to be a rich source of bugs, again.

📖 Read

via "Naked Security".

🔐 Google, Mozilla working on letting web apps edit files despite warning it could be 'abused in terrible ways' 🔐

The firms, known for their Chrome and Firefox web browsers, are heading a group that is devising a way for users to save changes they make using web apps.

📖 Read

via "Security on TechRepublic".

❌ ThreatList: One-Third of Firms Say Their Container Security Lags ❌

More than one-third of respondents in a new survey haven’t started or are just creating their security strategy plans.

📖 Read

via "Threatpost | The first stop for security news".

❌ Old Printer Vulnerabilities Die Hard ❌

New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers.

📖 Read

via "Threatpost | The first stop for security news".

🔐 5 reasons to improve cybersecurity by updating software 🔐

Wake up, cybersecurity pros, and don't let your business be an easy target for cybercriminals. Learn why keeping digital infrastructure up-to-date should be an essential part of cybersecurity strategy.

📖 Read

via "Security on TechRepublic".

❌ Threatpost News Wrap Podcast for Nov. 23 ❌

From Ford data security speculation to the VisionDirect data breach, the Threatpost editors talk about this week's biggest stories.

📖 Read

via "Threatpost | The first stop for security news".

🔐 8 tips for avoiding phishing, malware, scams, and hacks while holiday shopping online 🔐

The holiday season isn't just busy for shoppers--it's busy for cybercriminals, too. Here's a holiday shopping safety guide with advice on how to stay safe online.

📖 Read

via "Security on TechRepublic".

<b>&#9000; How to Shop Online Like a Security Pro &#9000;</b>

<code>‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online.</code><code>Media</code><code>Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple reason that there are tons of completely fake e-commerce sites out there looking to separate the unwary from their credit card details.</code><code>Even people who shop mainly at big-name online stores can get scammed if they’re not wary of too-good-to-be-true offers. For example, KrebsOnSecurity got taken for hundreds of dollars just last year after trying to buy a pricey Sonos speaker from an established Amazon merchant who was selling it new and unboxed at huge discount.</code><code>I later received an email from the seller, who said his Amazon account had been hacked and abused by scammers to create fake sales. Amazon ultimately refunded the money, but if this happens to you around the holidays it could derail plans to get all your shopping done before the expected gift-giving day arrives.</code><code>Here are some other safety and security tips to keep in mind when shopping online:</code><code>-WHEN IN DOUBT, CHECK ‘EM OUT: If you don’t know much about the online merchant that has the item you wish to buy, take a few minutes to investigate its reputation. After all, it’s not uncommon for bargain basement phantom Web sites to materialize during the holiday season, and then vanish forever not long afterward.</code><code>If you’re buying from an online store that is brand new, the risk that you will get scammed increases significantly.  How do you know the lifespan of a site selling that must-have gadget at the lowest price? One easy way to get a quick idea is to run a basic WHOIS search on the site’s domain name. The more recent the site’s “created” date, the more likely it is a phantom store.</code><code>-USE A CREDIT CARD: It’s nearly impossible for consumers to tell how secure a main street or online merchant is, and safety seals or attestations that something is “hacker safe” are a guarantee of nothing. In my experience, such sites are just as likely to be compromised as e-commerce sites without these dubious security seals.</code><code>No, it’s best just to shop as if they’re all compromised. With that in mind, if you have the choice between using a credit or debit card, shop with your credit card.</code><code>Sure, the card associations and your bank are quick to point out that you’re not liable for fraudulent charges that you report in a timely manner, whether it’s debit or a credit card. But this assurance may ring hollow if you wake up one morning to find your checking accounts emptied by card thieves after shopping at a breached merchant with a debit card.</code><code>Who pays for the fees levied against you by different merchants when your checks bounce? You do. Does the bank reimburse you when your credit score takes a ding because your mortgage or car payment was late? Don’t hold your breath.</code><code>-PADLOCK, SCHMADLOCK: For years, consumers have been told to look for the padlock when shopping online. Maybe this was once sound advice. But to my mind, the “look for the lock” mantra has created a false sense of security for many Internet users, and has contributed to a dangerous and widespread misunderstanding about what the lock icon is really meant to convey.</code><code>To be clear, you absolutely should run away from any e-commerce site that does not include the padlock (i.e., its Web address does not begin with “https://”).  But the presence of a padlock icon next to the Web site name in your browser’s address bar does not mean…

❌ Spotify Phishers Hijack Music Fans’ Accounts ❌

The credentials could be used to glean a variety of intel on the victims.

📖 Read

via "Threatpost | The first stop for security news".

⚠ Monday review – the hot 18 stories of the week ⚠

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

📖 Read

via "Naked Security".

⚠ Spectre mitigation guts Linux 4.20 performance ⚠

One of Intel’s fixes for the Spectre variant 2 chip flaw appears to have taken a big bite out of the performance of the latest Linux kernel.

📖 Read

via "Naked Security".

⚠ His phone went dark, then $1m was sucked out in SIM-swap crypto-heist ⚠

A 21-year-old allegedly SIM-swapped Silicon Valley execs’ phones to steal cryptocurrency, including one man's $1m tuition fund for his kids.

📖 Read

via "Naked Security".

⚠ That Black Mirror episode with the social ratings? It’s happening IRL ⚠

Not picking up after your dog will cost you 10 points, for example, in China's Black Mirror-esque plan to socially score citizens.

📖 Read

via "Naked Security".

🔐 LinkedIn used 18M non-member emails to target Facebook ads. Were you a victim? 🔐

A Data Protection Commissioner investigation found that LinkedIn violated data protection policies shortly before onset of GDPR.

📖 Read

via "Security on TechRepublic".