June, 2021

How could the FBI recover BTC from Colonial’s ransomware payment?

Naked Security

But Bitcoins are anonymous! However could they get refunded? Cryptocurrency Cryptography Law & order bitcoin BTC Colonial Darkside FBI

Complexity is the biggest threat to cloud success and security

InfoWorld on Security

In the latest Agents of Transformation report, Agents of Transformation 2021: The Rise of Full-Stack Observability , 77% of global technicians report experiencing a higher level of complexity as a result of accelerated cloud computing initiatives during the pandemic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Common Facebook scams and how to avoid them

We Live Security

Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed. The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity. Scams

Scams 111

The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t…

DoublePulsar

I’ve talked about ransomware and extortion attacks on organizations for about a decade. I recently spent a year at Microsoft in Threat… Continue reading on DoublePulsar ». ransomware

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

How to confuse antimalware neural networks. Adversarial attacks and protection

SecureList

Introduction. Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task.

Welcoming the Slovak Republic Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP.

More Trending

Banning Surveillance-Based Advertising

Schneier on Security

The Norwegian Consumer Council just published a fantastic new report: “ Time to Ban Surveillance-Based Advertising.

Billion Dollar CyberSecurity Annual Budgets Have Arrived

Joseph Steinberg

Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan.

NATO Adds Cyber Commitments, Potential Ransomware Response

Lohrman on Security

The North Atlantic Treaty Organization (NATO) opened the door for cyber attacks to trigger “Article 5” actions. This is a big deal — here’s why

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

Microsoft has blunted the ongoing activities of the Nobelium hacking collective, giving us yet another glimpse of the unceasing barrage of hack attempts business networks must withstand on a daily basis. Related: Reaction to Biden ‘s cybersecurity executive order. Nobelium is the Russian hacking collective best known for pulling off the milestone SolarWinds supply chain hack last December.

Welcoming the Finnish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains.

How Does One Get Hired by a Top Cybercrime Gang?

Krebs on Security

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware.

The Future of Machine Learning and Cybersecurity

Schneier on Security

The Center for Security and Emerging Technology has a new report: “ Machine Learning and Cybersecurity: Hype and Reality.” ” Here’s the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks.

Why Are Meat Companies Being Targeted By Hackers: A Conversation With Kennedy

Joseph Steinberg

Joseph Steinberg recently discussed with Fox Business Network host and commentator, Kennedy, why hackers are targeting meat companies, pipelines, and other important elements of the US economy’s supply chain… and, what can Americans do to stop such attacks.

Recording Lectures

Adam Shostack

People sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content. The most important thing I’ve learned is the importance of conceptualizing what you want it to look like.

Where Next With Hacking Back Against Cyber Crime?

Lohrman on Security

After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

Troy Hunt

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP).

How Cyber Sleuths Cracked an ATM Shimmer Gang

Krebs on Security

In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions.

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function.

Newsweek Expert Forum Welcomes Cyber Security Expert Joseph Steinberg

Joseph Steinberg

Cyber Security Expert, Joseph Steinberg, has joined Newsweek’s Expert Forum, the premier news outlet’s invitation-only community of pioneering thinkers and industry leaders.

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Adam Levin

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. .

The 5 Biggest Cybersecurity Threats of 5 Industries

Doctor Chaos

Unaddressed cybersecurity threats can cause lost profits, regulatory fines and missed opportunities. Plus, as company leaders scramble to recover from attacks, making progress often takes weeks or months, severely disrupting business operations.

Retail 141

Welcoming the Belgian Government to Have I Been Pwned

Troy Hunt

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium.

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

TikTok Can Now Collect Biometric Data

Schneier on Security

This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content.

Hushme: A Headset That Lets You Make Private Phone Calls In A Non-Private Environment

Joseph Steinberg

Every so often, I encounter an unusual technology device that so well solves a problem that I have encountered many times that I cannot imagine not adding the product to my arsenal of tools, even if it is not something that I would necessarily use every day. The Hushme is one such offering.

Applied Threat Modeling at Blackhat 2021!

Adam Shostack

At Blackhat USA, I’ll be teaching Applied Threat Modeling. This hands-on, interactive class will focus on learning to threat model by executing each of the steps.

130
130

Podcast: Eyes Wide Shut

Doctor Chaos

Click here to listen to the podcast. Ransom payments are tax-deductible, and no one cares. Should we? link]. North Korea exploits VPN vulnerabilities. Possibly gains nuclear research.

VPN 130

Welcoming the Uruguayan Government to Have I Been Pwned

Troy Hunt

This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy.

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.

VPNs and Trust

Schneier on Security

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies.

VPN 204

Best Practices from Maria Thompson, an Exceptional Cyber Leader

Lohrman on Security

Maria Thompson’s last day as North Carolina’s chief risk officer was June 4, 2021. In this interview, she shares her team’s cyber journey, along with helpful insights for others to benefit from.

Risk 133

Why Threat Model?

Adam Shostack

The second video in my 60 second series! threat modeling

130
130

Podcast: Predator, Hunter, Prey

Doctor Chaos

Click Here to listen to the podcast on SoundCloud. We are honored to have Dr. Alex Tarter, CTO of Thales UK and co-founder of TurgenSec, and Breaches.UK on our podcast. Alex is a bit of a legend in the CISO space.

CISO 130

Weekly Update 248

Troy Hunt

Thought I'd do a bit of AMA this week given the rest of the content was a bit lighter. If you like this sort of content then I'll try and be a bit more organised next time, give some notice and make more of an event out of it.

IoT 172

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.