Schneier on Security
SEPTEMBER 17, 2020
There’s a new unpatched Bluetooth vulnerability : The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short). When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two separate authentication keys for that phone: one for a “Bluetooth Low Energy” device, and one for a device using what’s known as the “Basic Rate/Enhanced Data Rate” standard.
Krebs on Security
SEPTEMBER 17, 2020
The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 17, 2020
Attackers buy stolen data from other criminals, while the Maze group publishes data captured by other gangs, says Positive Technologies.
Adam Shostack
SEPTEMBER 17, 2020
There’s a good, long article at MartinFowler.com “ A Guide to Threat Modelling for Developers.” It’s solid work and I’m glad its out there. And I want to do something I don’t usually do, which is quibble with footnotes. Jim writes in footnote 2: Adam Shostack, who has written extensively on threat modelling and has provided feedback on this guide takes credit for the three question structure.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 17, 2020
A new Gartner report found only 12% of chief information security officers (CISOs) met the criteria for being considered highly effective.
Security Affairs
SEPTEMBER 17, 2020
The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. This technique was first adopted by Ragnar Locker gang in May, at the time the Ragnar Locker was deploying Windows XP virtual machines to encrypt victim’s files while bypassing security measures.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 17, 2020
University Hospital New Jersey (UHNJ) has suffered a ransomware attack, SunCrypt ransomware operators also leaked the data they have stolen. Systems at the University Hospital New Jersey (UHNJ) were encrypted with the SunCrypt ransomware, threat actors also stolen documents from the institution and leaked it online. The incident took place in September.
SecureWorld News
SEPTEMBER 17, 2020
He discovered the power of cyberattacks by accident. You see, he was a just typical teenager who liked to game. He spent hours each day playing Call of Duty on his PlayStation. "It was times where people were able to, like, freeze my PS3 or kick me offline. Then after that came, like, my PS3 getting frozen. Which was kind of a mega surprise. I didn't know someone had the power to do that.".
Security Affairs
SEPTEMBER 17, 2020
A major hospital in Duesseldorf was hit by a cyber attack, a woman who needed urgent admission died after she had to be hijacked to another city. The news is shocking, German authorities revealed that a cyber attack hit a major hospital in Duesseldorf, the Duesseldorf University Clinic, and a woman who needed urgent admission died after she had to be taken to another city for treatment. “The Duesseldorf University Clinic’s systems have been disrupted since last Thursday.” states the
Dark Reading
SEPTEMBER 17, 2020
Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 17, 2020
Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) flaws in the popular content management system (CMS). Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) vulnerabilities in the popular content management system (CMS). The most severe issue, tracked as CVE-2020-13668, is a critical reflected XSS issue affecting Drupal 8 and 9.
Dark Reading
SEPTEMBER 17, 2020
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
SecureWorld News
SEPTEMBER 17, 2020
Dunkin's donut holes are delicious. But the holes in the company's cybersecurity program are expensive. New York Attorney General Letitia James just announced the settlement of a data breach lawsuit between the AG's office and Dunkin' Donuts. Dunkin' Donuts cybersecurity lawsuit details. According to state investigators, Dunkin' Donuts failed to respond to a series of successful cyber attacks that left tens of thousands of customer's online accounts vulnerable.
Threatpost
SEPTEMBER 17, 2020
The official app store is taking on spy- and surveillance-ware, along with apps that could be used to mount political-influence campaigns.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
SEPTEMBER 17, 2020
US Department of Justice announced indictments against 5 Chinese nationals alleged members of a state-sponsored hacking group known as APT41. The United States Department of Justice this week announced indictments against five Chinese nationals believed to be members of the cyber-espionage group known as APT41 ( Winnti , Barium , Wicked Panda and Wicked Spider ).
WIRED Threat Level
SEPTEMBER 17, 2020
The Internet Archive and the infrastructure company are teaming up to make sure sites never fully go down.
Threatpost
SEPTEMBER 17, 2020
The attack on the Newhall District in Valencia is part of a wave of ransomware attacks on the education sector, which shows no sign of dissipating.
Dark Reading
SEPTEMBER 17, 2020
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
InfoWorld on Security
SEPTEMBER 17, 2020
Microsoft is looking to help developers continuously fuzz-test code prior to release, via the open source OneFuzz framework. Described as a self-hosted fuzzing-as-a-service platform, OneFuzz enables developer-driven fuzzing to identify software vulnerabilites during the development process. Source code for OneFuzz is due to arrive on GitHub on September 18. [ Also on InfoWorld: How to improve CI/CD with shift-left testing ].
Threatpost
SEPTEMBER 17, 2020
Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity.
Dark Reading
SEPTEMBER 17, 2020
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
Threatpost
SEPTEMBER 17, 2020
Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
SEPTEMBER 17, 2020
So far, at least, the threat group has not let public scrutiny slow it down, security researchers say.
Threatpost
SEPTEMBER 17, 2020
Mozi’s spike comes amid a huge increase in overall IoT botnet activity.
Dark Reading
SEPTEMBER 17, 2020
Co-founder and CTO Christian Beedgen explains what this means for the future of the cloud-based data analytics company.
Trend Micro
SEPTEMBER 17, 2020
The United States Justice Department announced that it was charging five Chinese citizens with hacking crimes committed against over 100 institutions in the United States and abroad. These five individuals were reportedly connected to the hacking group known as APT41.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
SEPTEMBER 17, 2020
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
Kali Linux
SEPTEMBER 17, 2020
We have been humbled by the amazing response to our recent launch of Win-KeX. After its initial release, we asked ourselves if that is truly the limit of what we can achieve or could we pull off something incredible to mark the 25th anniversary of Hackers? What about “a second concurrent session as root”, “seamless desktop integration with Windows”, or - dare we dream - “sound”?
ForAllSecure
SEPTEMBER 17, 2020
So you’re in your SOC, your security operations center. You spend your time defending all aspects of the organization, then one day this hacker comes in and sees that blindspot, the one you can’t see, that one corner of the network that is exposed, that is vulnerable. For all the time and money spent, you’re still pwned. That’s not good. In your role, you have to see that everything is secure, 24/7, and think of every crazy attack vector, but for a hacker, they only have to find that one fault--
Troy Hunt
SEPTEMBER 17, 2020
I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. I'm a massive proponent of Let's Encrypt's and Cloudflare's missions to secure the web and of browser paradigms such as HSTS and upgrade-insecure-requests via content security policies to help make it a reality.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
359 
Let's personalize your content