February, 2021

Do Not Post Your COVID-19 Vaccination Card On Social Media

Joseph Steinberg

It seems like every day that I see social media posts in which people share photos of the official COVID-19 vaccine card that they have received after being vaccinated against the novel coronavirus that has inflicted tremendous suffering worldwide over the past year.

Media 275

What’s most interesting about the Florida water system hack? That we heard about it at all.

Krebs on Security

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Network Security: 5 Fundamentals for 2021

Security Boulevard

In January 2020, no one could have predicted how unpredictable the coming year would be. But despite the seismic changes to the way we work, the biggest network security threats to organizations were mostly the same old threats we’ve been facing for the past five years.

How Big Data Is Transforming the Education

CyberSecurity Insiders

Now, a rare person will be surprised by the presence and active usage of modern technologies in the education and the learning process, in particular. . Nowadays, the world is changing at a rapid speed, bringing innovations in all the life spheres. And education hasn’t become an exception.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Npower scraps app, and urges customers to change passwords, after data breach

Graham Cluley

UK energy firm Npower has scrapped its smartphone app following an attack by hackers that saw some users' accounts accessed and personal information stolen. Data loss credential stuffing data breach npower

Mobile Security should be your top concern

Doctor Chaos

The world is much smaller than it was thirteen years ago. In 2007 Steve Jobs announced the Apple iPhone. It was an innovative product because it brought mobile Internet into the pockets of millions of people. Smartphones were in existence before the iPhone.

Mobile 130

More Trending

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

Hot for Security

Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients Hackers bragged about the poor state of firm’s security.

Innovation, Agility and Securing the Mobile World in 2021

Lohrman on Security

Mobile 278

“Better OKRs Through Threat Modeling”

Adam Shostack

Abhay Bhargav has a really excellent post on Better OKRs for Security through Effective Threat Modeling. I really like how he doesn’t complain about the communication issues between security and management, but offers up a concrete suggestion for improvement. Key quote: “Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program.”

152
152

How $100M in Jobless Claims Went to Inmates

Krebs on Security

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail.

Chinese Supply-Chain Attack on Computer Systems

Schneier on Security

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008.

Android App Infects Up To 10 Million Users with Update

Adam Levin

An Android app with over 10 million installations spread malware to its users in a recent update. Barcode Scanner is an app available in the Google Play store for Android devices. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising.

Adware 213

I’ve made it!

Javvad Malik

First off, happy new year! Well if the tax man can start the new year in April, I can start it on Feb 11th!). Secondly, Infosecurity Magazine was ever so kind as to feature an interview with me in the Q1, 2021, Voume 18, Issue 1 edition.

206
206

What May Be Ahead for Biden’s Infrastructure Plan?

Lohrman on Security

262
262

Beware Fraudulent Emails, Websites, and Faxes Bearing Names Of Real Attorneys And Law Firms

Joseph Steinberg

Criminals are impersonating attorneys and law firms as part of sophisticated versions of classic “Nigerian Prince” scams.

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Krebs on Security

The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years.

Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed

Schneier on Security

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside.

Media 219

Here's How I Meet

Troy Hunt

For about the last decade, a huge proportion of my interactions with people has been remote and across different cultures and time zones.

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

The Last Watchdog

It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. Related: The quickening of cyber warfare. The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.

Combatting the Growing Cyberthreat of QR Code Abuse

Lohrman on Security

260
260

Free COVID-19 Masks Arriving At People’s Homes Across The USA Are Likely Part Of A Cyber Scam

Joseph Steinberg

People living in many different areas of the USA are reporting receiving to their homes in recent days unexpected shipments of COVID-19 protection supplies – such as packs of surgical masks and face shields – products that they never ordered.

Scams 181

Checkout Skimmers Powered by Chip Cards

Krebs on Security

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim?

Retail 206

Twelve-Year-Old Vulnerability Found in Windows Defender

Schneier on Security

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time.

Controlling Smart Lights Using Dumb Switches with Shelly and Home Assistant

Troy Hunt

As I progressively make my house smarter and smarter , I find I keep butting against the intersection of where smart stuff meets dump stuff. Take light globes, for example, the simplest circuit you can imagine. Pass a current through it, light goes on. Kill the current, light goes off.

IoT 170

How Real-Time Technologies Are Helping Protect Vulnerable Energy Assets

Doctor Chaos

As the world increasingly relies on technology, the energy sector’s role becomes more critical. A disruption in the power grid that delivers electricity to businesses and homes could be devastating for any infrastructure and services in an area.

Why Do Chief Security Officers Leave Jobs So Often?

Lohrman on Security

243
243

La Cybersécurité pour les Nuls: Best-Selling “Cybersecurity For Dummies” Book Now Available In French

Joseph Steinberg

Cybersecurity For Dummies , the best-selling cybersecurity guide written by Joseph Steinberg for general audiences, is now available in French.

Bluetooth Overlay Skimmer That Blocks Chip

Krebs on Security

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores.

Retail 206

Another SolarWinds Orion Hack

Schneier on Security

Weekly Update 230

Troy Hunt

This week has seen a lot of my time go on an all-new project. One I'm really excited about and is completely different to everything I've done before; I expect I'll be able to talk about that in the coming weeks and it shouldn't be too much longer before it's something you can actually see firsthand.

IoT 150

Zombie Speed 101: They are getting faster

Doctor Chaos

They say the strong survive. How does that apply when you are dead? The Zombie Apocalypse is among us. What are your chances of making it? It really depends on what types of Zombies you are “lucky” enough to encounter.

141
141

SHARED INTEL: Forrester poll – security decision makers report breaches escalated as Covid 19 spread

The Last Watchdog

Human suffering and economic losses weren’t the only two things that escalated with the spread of Covid 19 last year. Related: Can ‘SASE’ help companies secure connectivity? Network breaches also increased steadily and dramatically month-to-month in 2020. This development is delineated in a recent report from technology research firm Forrester.

Online Retailers That Cancel Purchases Continue To Utilize Personal Information Gathered During The Attempted Transactions

Joseph Steinberg

While we have become somewhat accustomed to the data collection practices of online retailers seeking to analyze our purchase histories in order to better target their marketing efforts, many people may not realize that even some well-known retailers also use data provided by people whose purchases the retailer itself cancelled.

Retail 151

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages.

Router Security

Schneier on Security

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices.

Weekly Update 232

Troy Hunt

I honestly don't know where my time goes. I get up, have great plans for all the things I want to do then next minute, the day is gone.