Schneier on Security

OCTOBER 23, 2020

There is a new report on police decryption capabilities: specifically, mobile device forensic tools (MDFTs). Short summary: it’s not just the FBI that can do it. This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia.

Mobile 282

Mobile Engineering Encryption 282

Tech Republic Security

OCTOBER 23, 2020

The report comes as officials in Georgia revealed more information about a ransomware attack that affected a digital voter database.

Ransomware 167

Ransomware 167

Threatpost

OCTOBER 23, 2020

Dr. Reddy's, the contractor for Russia’s “Sputinik V” COVID-19 vaccine and a major generics producer, has had to close plants and isolate its data centers.

Data breaches 140

Data breaches Mobile Government Hacking 140

Security Affairs

OCTOBER 23, 2020

The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. A joint security advisory published by The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) revealed that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data.

Government 116

Government Hacking Advertising Passwords 116

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Threatpost

OCTOBER 23, 2020

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks.

IoT 132

IoT Wireless Internet Internet 132

Dark Reading

OCTOBER 23, 2020

Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.

Malware 129

Malware 129

Security Affairs

OCTOBER 23, 2020

French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected. French IT outsourcer Sopra Steria has been hit by a ransomware attack, while the company did not reveal the family of malware that infected its systems, local media speculate the involvement of the Ryuk ransomware. “A cyber attack was detected on the Sopra Steria computer network on the evening of October 20.

Ransomware 107

Ransomware Computers and Electronics Healthcare Advertising 107

CompTIA on Cybersecurity

OCTOBER 23, 2020

Locked doors behind locked doors discourage lazy threat actors and force them to look elsewhere. Therefore, there is no substitute for network segmentation when it comes to protecting your data.

102

102

Dark Reading

OCTOBER 23, 2020

Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.

Technology 118

Technology 118

Threatpost

OCTOBER 23, 2020

With Election Day approaching, local governments need to be prepared for malware attacks on election infrastructure.

Ransomware 115

Ransomware Government Malware Social Engineering 115

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

OCTOBER 23, 2020

Researchers show no IoT device is too small to fall victim to ransomware techniques.

IoT 142

IoT Ransomware 142

WIRED Threat Level

OCTOBER 23, 2020

A report finds 50,000 cases where law enforcement agencies turned to outside firms to bypass the encryption on a mobile device.

Mobile 105

Mobile Encryption 105

Threatpost

OCTOBER 23, 2020

Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details.

Cyber Attacks 100

Cyber Attacks Ransomware Encryption Digital transformation 100

Dark Reading

OCTOBER 23, 2020

FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.

Cyber threats 133

Cyber threats 133

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

OCTOBER 23, 2020

An investigation showed a custom backdoor RAT and the Emotet trojan in the networks of municipal victims of the attacks.

Ransomware 104

Ransomware Government Malware 104

SecureWorld News

OCTOBER 23, 2020

Ransomware hit Hall County government systems earlier this month, and now it is coming out that a particular voter database system remains offline because of the cyberattack. Let's look at what we know about this attack. Election security: ransomware impacts voter database. In this case, it's the database that will call up a voter's known signature to match it to the signature on their absentee ballot, so the ballot is confirmed and counted.

Ransomware 71

Ransomware Government Technology 71

Threatpost

OCTOBER 23, 2020

There are many areas of the election process that criminal hackers can target to influence election results.

InfoSec 90

InfoSec Risk Government Hacking 90

WIRED Threat Level

OCTOBER 23, 2020

The message is meant to deter any similar attack against US infrastructure.

Malware 101

Malware 101

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

eSecurity Planet

OCTOBER 23, 2020

Microsegmentation is a core technology for achieving zero trust security, the idea that no one should be trusted or given more access than needed.

Technology 66

Technology 66

Digital Shadows

OCTOBER 23, 2020

We recently had mentor, author, founder, US Navy veteran, and Texan, Marcus Carey join ShadowTalk. For those who don’t know. The post Marcus Carey Joins ShadowTalk first appeared on Digital Shadows.

52

52

Dark Reading

OCTOBER 23, 2020

Researchers show no IoT device is too small to fall victim to ransomware techniques.

IoT 79

IoT Ransomware 79

Schneier on Security

OCTOBER 23, 2020

Pretty astronomical photo. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

294

294

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

WIRED Threat Level

OCTOBER 23, 2020

A secret experiment in 2007 proved that hackers could devastate power grid equipment beyond repair—with a file no bigger than a gif.

Hacking 139

Hacking 139

Security Affairs

OCTOBER 23, 2020

The Iran-linked cyber espionage group tracked as Seedworm started using a new downloader and is conducting destructive attacks. The Iran-linked cyber-espionage group Seedworm (aka MuddyWater MERCURY , and Static Kitten) was observed using a new downloader in a new wave of attacks. Security experts pointed out that the threat actor started conducting destructive attacks.

Ransomware 92

Ransomware Malware Advertising Education 92

Threatpost

OCTOBER 23, 2020

The latest in a flurry of actions this week, tied to foreign threats against U.S. computer systems, includes sanctions by the Department of the Treasury.

Malware 85

Malware Government 85

Troy Hunt

OCTOBER 23, 2020

It's a very tired weekly update as I struggle a little bit after only a few hours' sleep but hey, at least I've got a nice haircut! In more topical news, I'm pretty happy about the experience installing Ubiquiti's AmpliFi ALIEN gear into a neighbour's house, it's Trump on top of Trump with his password commentary and then his actual password and finally, questions from the audience on AmpliFi versus UniFi which some people might find interesting.

Passwords 174

Passwords 174

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

OCTOBER 23, 2020

The popular US whistleblower Edward Snowden has been granted permanent residency in Russia, the announcement was made by his lawyer. The former CIA employee and National Security Agency contractor Edward Snowden (37) has been granted permanent residency in Russia, his lawyer announced on Thursday. In 2013, Edward Snowden shed the light on the mass surveillance program operated by the US government to spy on its citizens and allies.

Surveillance 120

Surveillance Advertising Hacking Government 120