Cyber Security Informer

Exploring IoT Communication Protocols for Enhanced Cybersecurity

Security Boulevard

DECEMBER 20, 2023

In the era of interconnected devices, the Internet of Things (IoT) has revolutionized the way we live and work. However, with this convenience comes the pressing need for robust cybersecurity measures to safeguard sensitive information and ensure the integrity of the IoT ecosystem.

IoT

IoT Cybersecurity Internet Internet

Inside the Massive Alleged AT&T Data Breach

Troy Hunt

MARCH 18, 2024

It is undoubtedly in the hands of thousands of internet randos. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. But I have proven, with sufficient confidence, that the data is real and the impact is significant. For my part, I've got 4.8M

Data breaches

Data breaches Encryption Identity Theft InfoSec

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

When I hear crazy long-term predictions I always think two things: either the prediction is going to be obvious, or it’s going to be wrong. The Real Internet of Things, January 2017. Watching people en masse for terrorism, when people can easily that there isn’t that much terrorism actually happening, is a harder fight.

Surveillance

Surveillance Government Education Engineering

Satellites are critical infrastructure and need to be cybersecured

Malwarebytes

MARCH 29, 2022

SpaceX’s Starlink satellite Internet program plans to send more than a thousand new satellites into orbit every year. Commercial satellites, like Starlink, provide us with the ability to have things like Internet access, television, GPS, and scientific information about the weather and other processes in the atmosphere and on the surface.

Cybersecurity

Cybersecurity Internet Internet Technology

The Bug Report – December 2021

McAfee

JANUARY 5, 2022

However, if your organization is using this software, you probably should have followed the disclosure last month, lest your “/etc/passwd” files are now known to the whole internet. You’ve made it to 2022! And even better, you found your way to ATR’s monthly security digest where we discuss our favorite vulnerabilities of the last 30 days.

Software

Software Network Security Authentication Internet

Threat Intelligence and Protections Update Log4Shell CVE-2021-44228

McAfee

DECEMBER 22, 2021

The log4j vulnerability is helping threat actors to push Kinsing malware via encoded payloads to vulnerable services exposed to the internet. It is found in a heavily utilized java open-source logging framework known as log4j. CVE-2021-44228 – Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation.

Malware

Malware Risk Internet Internet

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. However, with more than 30 billion IoT devices expected to be connected to the internet by 2026, attacks against them can have wide-ranging impacts.

IoT

IoT DDOS Malware Internet

How Internet Security Evolved in Tandem with iGaming

Hacker Combat

JULY 27, 2020

For a non-biological entity, the internet is an area filled with constant and unstoppable evolution. Instead, many bingo games relied on downloadable clients from online casinos, which were much more tightly controlled, doing things many websites at the time couldn’t. But how did we get here? A Change in Browsers.

Internet

Internet Internet Software Technology

Backdoor in XZ Utils That Almost Happened

Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. There are libraries for everything: displaying objects in 3D, spell-checking, performing complex mathematics, managing an e-commerce shopping cart, moving files around the internet—everything.

Software

Software Engineering Internet Internet

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Troy Hunt

APRIL 5, 2023

This breach has been flagged as "sensitive" which means it is not publicly searchable , rather you must demonstrate you control the email address being searched before the results are shown. That's the short version, here's the whole story: Ever heard that saying about how "data is the new oil"?

Marketing

Marketing Passwords Authentication Accountability

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

We overview what kind of attacks are now carried out by cybercriminals and what influenced this change — including such factors as changes in vulnerability market and browser safety. Moreover, trends that are visible in one country, more often than not resurface in other places and among new cybercriminal gangs.

Cybercrime

Cybercrime Banking Malware Ransomware

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

Accept-Language: en-US,en;q=0.5. Security researchers from WizCase have discovered several vulnerabilities in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS. NAS devices have become the storage device of choice for many small and medium businesses (SMB). But is it secure enough to protect your companies data?

Firmware

Firmware IoT VPN Authentication

BlackMatter Ransomware Analysis; The Dark Side Returns

McAfee

SEPTEMBER 22, 2021

As with previous ransomware, the operators steal files and private information from compromised servers and request an additional ransom to not publish on the internet. As with previous ransomware, the operators steal files and private information from compromised servers and request an additional ransom to not publish on the internet.

Ransomware

Ransomware Encryption Malware Passwords

BlackMatter Ransomware Analysis; The Dark Side Returns

McAfee

SEPTEMBER 22, 2021

As with previous ransomware, the operators steal files and private information from compromised servers and request an additional ransom to not publish on the internet. As with previous ransomware, the operators steal files and private information from compromised servers and request an additional ransom to not publish on the internet.

Ransomware

Ransomware Encryption Malware Passwords

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse. TARGETED PHISHING.

Passwords

Passwords Password Management Phishing Scams

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

“The victim profile remains the most striking thing,” Monahan wrote. In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “They truly all are reasonably secure.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Here's Why [Insert Thing Here] Is Not a Password Killer

Troy Hunt

NOVEMBER 5, 2018

These days, I get a lot of messages from people on security related things. But on a fairly regular basis, I get an email from someone which effectively boils down to this: Hey, have you seen [insert thing here]? This is where we need to recognise that decisions around things like auth schemes go well beyond technology merits alone.

Passwords

Passwords Authentication Data breaches Accountability

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

EMOTET spread in Chile targeted financial and banking services. SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware.

Banking

Banking Malware Antivirus Cyber threats

Main phishing and scamming trends and techniques

SecureList

DECEMBER 6, 2022

The term “phishing” was coined back in 1996, when cybercriminals attacked users of America Online (AOL), the largest internet provider at that time. The term “phishing” was coined back in 1996, when cybercriminals attacked users of America Online (AOL), the largest internet provider at that time.

Scams

Scams Phishing Social Engineering Banking

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

Threat modeling can be applied to a wide range of things, including software, applications, systems, networks, distributed systems, Internet of Things (IoT) devices, and business processes. This also makes testing and validation straightforward. Security is not binary or absolute. Table of contents 1. Threat Modelling 1.1.

IoT

IoT Firmware Mobile Manufacturing

Black Hat USA 2022: Creating Hacker Summer Camp

Cisco Security

AUGUST 29, 2022

In part one of this issue of our Black Hat USA NOC (Network Operations Center) blog, you will find: Adapt and Overcome. Building the Hacker Summer Camp network, by Evan Basta. The Cisco Stack’s Potential in Action, by Paul Fidler. Port Security, by Ryan MacLennan, Ian Redden and Paul Fiddler. The Buck Stops Here. Full stop.

Engineering

Engineering Wireless Malware DNS

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Security Boulevard

AUGUST 2, 2022

ThreatLabz has discovered a new strain of a large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) techniques along with several evasion tactics. Similar AiTM phishing techniques were used in another phishing campaign described by Microsoft recently here. Key points. Phishing campaign overview.

Phishing

Phishing Energy and Utilities Authentication Accountability

Questions about the Massive South African "Master Deeds" Data Breach Answered

Troy Hunt

OCTOBER 19, 2017

This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. It's an explosive situation with potentially severe ramifications and I've been bombarded by questions about it over the last 48 hours. This post explains everything I know.

Data breaches

Data breaches Government Backups Internet

Wave of Cyberattacks in France: What We Know

SecureWorld News

OCTOBER 26, 2020

[ #ALERTE #Cybersécurité ] Vague de #cyberattaques en #défiguration en cours ciblant de nombreux sites Internet Français. The translation is as follows: "[#Alerte Cybersecurity] Wave of #cyberattaques in # disfigurement in progress targeting many French Internet sites.". October 25, 2020. So the tensions are running high.

Malware

Malware Internet Internet Hacking

Gab Has Been Breached

Troy Hunt

MARCH 3, 2021

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned as I write this), and for the most part, the situation with Gab is just another day on the internet. A couple of days ago, I posted a thread about their alleged breach. Gab's approach. This is normal.

Passwords

Passwords Data breaches InfoSec Risk

Cyber Security Informer

Exploring IoT Communication Protocols for Enhanced Cybersecurity

Inside the Massive Alleged AT&T Data Breach

Trending Sources

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Satellites are critical infrastructure and need to be cybersecured

The Bug Report – December 2021

Threat Intelligence and Protections Update Log4Shell CVE-2021-44228

Attacks Escalating Against Linux-Based IoT Devices

How Internet Security Evolved in Tandem with iGaming

Backdoor in XZ Utils That Almost Happened

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

BlackMatter Ransomware Analysis; The Dark Side Returns

BlackMatter Ransomware Analysis; The Dark Side Returns

The Life Cycle of a Breached Database

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Here's Why [Insert Thing Here] Is Not a Password Killer

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Main phishing and scamming trends and techniques

IoT Secure Development Guide

Black Hat USA 2022: Creating Hacker Summer Camp

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Questions about the Massive South African "Master Deeds" Data Breach Answered

Wave of Cyberattacks in France: What We Know

Gab Has Been Breached

Stay Connected