Security News

Open Rights Group has instructed lawyers to lodge a complaint with the UK's data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation. The complaint to the ICO relates to the failure by the NHS and Public Health England, which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment, which is required under the GDPR before processing of data in high-risk situations.

Empire Market is one of the most popular places to buy illegal goods on the dark web, transacting a little over $1,000,000 a week. Empire Market has over 52 thousand listings across 11 categories, but the Drugs & Chemicals category dwarfs the others by an order of magnitude.

Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page. The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.

Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page. The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

Most people often still have only two email addresses, one for work and a personal address, and they are often sitting targets for spammers, scammers and nuisance emailers in the digital equivalent of 'we know where you live'. When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.

Leveraging Bugcrowd's global network of uniquely-skilled and proven pen testers, Bugcrowd Classic Pen Test adds to the company's Pen Test Portfolio, helping organizations reduce testing timelines while meeting critical compliance requirements and adhering to security best practices. Bugcrowd's security platform has proven that strategic insertion of human ingenuity across the SDLC can increase critical findings, while reducing risk and business overhead. Bugcrowd Next Gen Pen Test, and now Classic Pen Test, both eliminate these challenges by providing immediate access to an on-demand global network of pay-per-engagement, or pay-per-finding pen testers, thoroughly vetted, intelligently matched, and expertly managed through the Bugcrowd platform.

Corporations and public sector organizations can now assess their workforce's exposure to dangerous phishing attacks, which are escalating as social distancing requires most employees to work from home. Managers can now characterize the weaknesses in their staff's ability to defend against phishing and online social engineering scams, thanks to "Can We Be Phished?", a new, freely available online assessment from Click Armor, the Continuous Cybersecurity Awareness Platform.

A recent survey of security operations effectiveness found that just 37 percent of security professionals have hard evidence to verify their security products are configured and operating correctly. It's critical that organizations implement an in-depth testing strategy to close these security gaps and cut the risk of being breached, rather than simply trusting and hoping their security products are performing as expected.