How could the FBI recover BTC from Colonial’s ransomware payment?
Naked Security
JUNE 9, 2021
But Bitcoins are anonymous! However could they get refunded?
Naked Security
JUNE 9, 2021
But Bitcoins are anonymous! However could they get refunded?
InfoWorld on Security
JUNE 11, 2021
In the latest Agents of Transformation report, Agents of Transformation 2021: The Rise of Full-Stack Observability , 77% of global technicians report experiencing a higher level of complexity as a result of accelerated cloud computing initiatives during the pandemic. A further 78% cited the need to manage the legacy and cloud technology patchwork as a further source of technology spread and complexity.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
JUNE 30, 2021
Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed. The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity.
DoublePulsar
JUNE 8, 2021
I’ve talked about ransomware and extortion attacks on organizations for about a decade. I recently spent a year at Microsoft in Threat… Continue reading on DoublePulsar ».
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
SecureList
JUNE 23, 2021
Introduction. Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including models for static and dynamic detection, for processing sandbox logs and system events, etc.
Joseph Steinberg
JUNE 15, 2021
Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan. Moynihan made the comment on CNBC’s Squawk Box show yesterday (June 14), noting that “I became CEO 11 and a half years ago, and we probably spent $300 million to $400 million (per year) and we’re up over a billion now… The institutions around us, other institutions and my peers, spend like amounts, and our contra
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
JUNE 8, 2021
“If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” That was Bruce’s response at a conference hosted by U.S. Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. That may be necessary to keep in touch with civilian companies like FedEx in peacetime or when fighting terrorists or insurgents.
Krebs on Security
JUNE 21, 2021
Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems — a basic first step in protecting networks from cyberattacks.
Lohrman on Security
JUNE 13, 2021
After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?
Adam Levin
JUNE 4, 2021
You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. . According to the company’s website, “ExaGrid offers a unique approach to ensure that attackers cannot compromise the backup data, allowing organizations to be confident that they can restore the affected primary storage and avoid paying ugly ransoms.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Joseph Steinberg
JUNE 7, 2021
Every so often, I encounter an unusual technology device that so well solves a problem that I have encountered many times that I cannot imagine not adding the product to my arsenal of tools, even if it is not something that I would necessarily use every day. The Hushme is one such offering. Hushme is an unusual-looking headset that sports a single unusual, but tremendously significant, feature – it allows a person to carry on a conversation over the phone without anyone around them being able to
Troy Hunt
JUNE 9, 2021
I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago , then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.
Schneier on Security
JUNE 11, 2021
For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announced 800 arrests based on text messages sent over the app.
Krebs on Security
JUNE 16, 2021
Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School , the University of California , and University of Maryland. A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Lohrman on Security
JUNE 20, 2021
The North Atlantic Treaty Organization (NATO) opened the door for cyber attacks to trigger “Article 5” actions. This is a big deal — here’s why.
Tech Republic Security
JUNE 30, 2021
64% of respondents to PwC's latest CEO survey expect a jump in reportable ransomware and software supply chain incidents this year, and only 55% are prepared to respond.
Joseph Steinberg
JUNE 3, 2021
Joseph Steinberg recently discussed with Fox Business Network host and commentator, Kennedy, why hackers are targeting meat companies, pipelines, and other important elements of the US economy’s supply chain… and, what can Americans do to stop such attacks. To listen to the discussion, please either utilize the embedded player below, or click the image underneath it.
Troy Hunt
JUNE 3, 2021
Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
JUNE 2, 2021
The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ran
Krebs on Security
JUNE 15, 2021
The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her
The Last Watchdog
JUNE 1, 2021
Cybercriminals use various techniques for conducting cyberattacks. One such popular way to infiltrate a system is Pharming. It is an online scam attack quite similar to Phishing. Related: Credential stuffing explained. The term Pharming is a combination of two words Phishing and Farming. It is a type of social engineering cyberattack in which the website’s traffic is manipulated to steal confidential credentials from the users.
Tech Republic Security
JUNE 16, 2021
Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Joseph Steinberg
JUNE 9, 2021
According to the FBI, it has successfully seized most of the Bitcoin ransom paid by Colonial Pipeline to “Darkside” criminals after the highly publicized ransomware attack that led to recent gas shortages in multiple US States. Unlike reversing financial transactions performed by banks and/or classic funds-transfer networks, seizing Bitcoin typically entrails issuing a new transaction to move Bitcoin from the address at which it resides to a new address controlled by the seizer; to p
Troy Hunt
JUNE 5, 2021
This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out.
Schneier on Security
JUNE 17, 2021
General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.” GEA-1 was d
Krebs on Security
JUNE 23, 2021
In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Lohrman on Security
JUNE 6, 2021
Maria Thompson’s last day as North Carolina’s chief risk officer was June 4, 2021. In this interview, she shares her team’s cyber journey, along with helpful insights for others to benefit from.
Tech Republic Security
JUNE 23, 2021
The threat to people's lives is terrifying, so auto manufacturers need to change their old-school strategies to protect people.
Joseph Steinberg
JUNE 23, 2021
Cyber Security Expert, Joseph Steinberg, has joined Newsweek’s Expert Forum, the premier news outlet’s invitation-only community of pioneering thinkers and industry leaders. Steinberg was selected for the forum based on his proven expertise in the fields of cybersecurity, privacy, and artificial intelligence. Scott Gerber, founder of the Newsweek Expert Forum, noted: “We are honored to accept Joseph Steinberg into the Newsweek Expert Forum.
Troy Hunt
JUNE 19, 2021
Thought I'd do a bit of AMA this week given the rest of the content was a bit lighter. If you like this sort of content then I'll try and be a bit more organised next time, give some notice and make more of an event out of it. Other than that, I'm screwing around with more IoT things, dealing with more breaches, onboarding new governments so yeah, same same 🙂 References Here's the iFixit kit I bought, it's the "Pro Tech Toolkit" (this is a really nice pie
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Let's personalize your content