Schneier on Security

SEPTEMBER 29, 2020

As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly.

Hacking 355

Hacking IoT Engineering Internet 355

Krebs on Security

SEPTEMBER 29, 2020

Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft ‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen , two companies that together handle 911 calls for a broad swath of the Uni

Telecommunications 350

Telecommunications Software 350

Daniel Miessler

SEPTEMBER 29, 2020

Since 2007 the InfoSec industry has been talking about TheBigOne™—the event that would change cyber threats from annoyances to existential concerns. They called it Cyber Pearl Harbor. This doesn’t mean it can’t still happen. The idea was that it’d be some massive blast that would take out the country’s power grid, or disable the entire internet, along with what they used to call e-commerce.

Ransomware 246

Ransomware Government Social Engineering Small Business 246

Adam Levin

SEPTEMBER 29, 2020

Ransomware operators have released the personal data of students in the Clark County School District in Nevada after officials refused to pay to have their files decrypted. The information leaked reportedly includes Social Security numbers, names, grades, addresses, and financial information. District officials have been thus far unable to verify the data.

Ransomware 237

Ransomware Media Encryption Government 237

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

SEPTEMBER 29, 2020

The French maritime transport and logistics giant CMA CGM S.A. revealed it was the victim of a malware attack that affecting some servers on its network. CMA CGM S.A. , a French maritime transport and logistics giant, revealed that a malware attack affected some servers on its network. The company is present in over 160 countries through 755 offices and 750 warehouses with 110,000 employees and 489 vessels.

Ransomware 145

Ransomware Malware Advertising Cyber Attacks 145

Tech Republic Security

SEPTEMBER 29, 2020

In a PSA on Monday, the FBI and CISA warned about the potential for widespread disinformation campaigns in the run-up to November.

151

151

Dark Reading

SEPTEMBER 29, 2020

Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.

131

131

Security Affairs

SEPTEMBER 29, 2020

Cisco addressed two actively exploited DoS vulnerabilities that reside in the IOS XR software that runs on multiple carrier-grade routers. Cisco addressed two high severity memory exhaustion DoS vulnerabilities that reside in the IOS XR Network OS that runs on multiple carrier-grade routers. The company confirmed that both vulnerabilities are actively exploited in attacks in the wild.

Internet 130

Internet Internet Advertising Software 130

Tech Republic Security

SEPTEMBER 29, 2020

Half of the organizations surveyed by Tessian were hit by a security incident while employees were working remotely. Here are some tips for mitigation.

Risk 124

Risk 124

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections. The name AgeLocker comes from the use of the Actually Good Encryption ( AGE ) algorithm to encrypt files, experts warn that encrypted files can’t be recovered without paying t

Firmware 130

Firmware Encryption Ransomware Advertising 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

SEPTEMBER 29, 2020

Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.

Phishing 126

Phishing Ransomware Malware 126

Security Affairs

SEPTEMBER 29, 2020

Customers of Tyler Technologies are reporting finding suspicious logins and previously unseen remote access tools on their infrastructure. Tyler Technologies, Inc. is the largest provider of software to the United States public sector. The company last week disclosed a ransomware attack, and now its customers are reporting finding suspicious logins and previously unseen remote access tools on their networks.

Technology 108

Technology Ransomware Passwords Software 108

Threatpost

SEPTEMBER 29, 2020

Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.

Phishing 129

Phishing 129

Dark Reading

SEPTEMBER 29, 2020

Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.

Engineering 107

Engineering 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

SEPTEMBER 29, 2020

The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged.

Hacking 86

Hacking 86

Dark Reading

SEPTEMBER 29, 2020

Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.

Wireless 106

Wireless 106

Threatpost

SEPTEMBER 29, 2020

A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.

Ransomware 89

Ransomware Government Malware Hacking 89

Dark Reading

SEPTEMBER 29, 2020

In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.

93

93

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SecureWorld News

SEPTEMBER 29, 2020

Many organizations believe they are not targets for a cyberattack because they "have nothing of value" that cybercriminals would want. Do you have an employee who is authorized to order office supplies, like printer ink? It turns out, cybercriminals would like that person's login credentials because they have value. Office supply phishing cyberattack campaign.

Phishing 67

Phishing Government Cyber Risk Cybercrime 67

Dark Reading

SEPTEMBER 29, 2020

Microsoft shuts down Azure Active Directory instances used by attackers to evade detection and warns that the use of open source tools by espionage groups is growing.

Hacking 111

Hacking 111

Threatpost

SEPTEMBER 29, 2020

Threatpost's latest poll probes telehealth security risks and asks for IT cures.

Risk 101

Risk IoT Hacking 101

Dark Reading

SEPTEMBER 29, 2020

Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?

Architecture 89

Architecture Risk 89

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

SEPTEMBER 29, 2020

Botnets and IoT devices are forming a perfect storm for IT staff wrestling with WFH employee security.

IoT 80

IoT Firewall Internet Internet 80

Dark Reading

SEPTEMBER 29, 2020

Shorter, faster, multivector attacks had a greater impact on victims.

DDOS 99

DDOS 99

InfoWorld on Security

SEPTEMBER 29, 2020

My interesting weekend reading was this Cloud Security Alliance (CSA) report , which was vendor sponsored, highlighting 11 cloud security threats that should be on top of everyone’s mind. These threats are described as “egregious.” CSA surveyed 241 experts on security issues in the cloud industry and came up with these top 11 threats: Data breaches.

Architecture 49

Architecture Data breaches Accountability 49

ForAllSecure

SEPTEMBER 29, 2020

If you think hacking only involves the use of a keyboard, then you’re probably missing out. What about using light? What about using sound? In this episode, The Hacker Mind looks at some of the work Dr. Kevin Fu has been doing at the University of Michigan, such as using laser pointers to pwn voice-activated digital assistants, and using specific frequencies of sound to corrupt or crash hard disk drives.

Hacking 52

Hacking Computers and Electronics Manufacturing Engineering 52

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

SEPTEMBER 29, 2020

Prosecutor Andrew Weissmann's Where Law Ends doesn't fill the hole at the center of the Trump-Russia probe, but does help explain why it's there.

105

105

ForAllSecure

SEPTEMBER 29, 2020

If you think hacking only involves the use of a keyboard, then you’re probably missing out. What about using light? What about using sound? In this episode, The Hacker Mind looks at some of the work Dr. Kevin Fu has been doing at the University of Michigan, such as using laser pointers to pwn voice-activated digital assistants, and using specific frequencies of sound to corrupt or crash hard disk drives.

Hacking 52

Hacking Computers and Electronics Manufacturing Engineering 52

Security Affairs

SEPTEMBER 29, 2020

The FBI and the US CISA issued a joint public service announcement about the threat of disinformation campaigns targeting the 2020 US election. The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint public service announcement to warn of the threat of disinformation campaigns targeting the upcoming 2020 US election season.

Hacking 129

Hacking Media Advertising Government 129