Adam Levin

FEBRUARY 7, 2020

Online scammers are using the 2020 Oscars to spread malware. A recent study released by Kaspersky Labs uncovered several hacking and phishing campaigns promising their targets free and early access to Best Picture nominees for this year’s Academy Awards. The study found over twenty phishing websites hosting at least 925 malicious files using the movies as bait, requiring would-be victims to either provide personal information (including credit card numbers), or to install adware applications to

Malware 309

Malware Adware Phishing Hacking 309

Krebs on Security

FEBRUARY 4, 2020

A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today. While the young man’s punishment was heavily tempered by his current poor health, the defendant’s dietary choices may have contributed to both his capture and the lenient sentencing: Investigators say the onetime booter boss’s identity became clear after he ordered a bacon and chicken pizza delivered to

Internet 276

Internet Internet Government Accountability 276

The Last Watchdog

FEBRUARY 3, 2020

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.” Related: Cyber warfare enters Golden Age In fact, strategic cyber operations essentially pitting Russia and Iran against the U.S. and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes

Energy and Utilities 265

Energy and Utilities Malware Hacking Passwords 265

Troy Hunt

FEBRUARY 6, 2020

I've got audio! Ok, so I cheated a bit in terms of recording back in the home office, but the plugs I need to make the Zoom H6 work the way it should (and yeah, I know I said "Rode" H6 in the vid, sorry!) are on the way and hopefully they'll be all good for next week when I'm in Sydney. I'm talking about that trip in this week's update along with the Chrome 80 changes to SameSite cookies not that its hit, the Adult FriendFinder breach and then recapping on a heap of the week's news in tweets.

259

259

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 7, 2020

Ten years ago, I wrote an essay : "Security in 2020." Well, it's finally 2020. I think I did pretty well. Here's what I said back then: There's really no such thing as security in the abstract. Security can only be defined in relation to something else. You're secure from something or against something. In the next 10 years, the traditional definition of IT security -- that it protects you from hackers, criminals, and other bad guys -- will undergo a radical shift.

Advertising 336

Advertising Internet Internet Artificial Intelligence 336

Krebs on Security

FEBRUARY 5, 2020

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here’s the story of one former electric vehicle owner who discovered he could still gain remote, online access to his old automobile years after his lease ended.

Mobile 259

Mobile Engineering Internet Internet 259

Daniel Miessler

FEBRUARY 3, 2020

This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content. Non-members get every other episode. Sign in. or…. Become a member and get immediate access. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to futur

Information Security 130

Information Security 130

Schneier on Security

FEBRUARY 7, 2020

EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with.

Ransomware 302

Ransomware Malware Encryption Software 302

Adam Levin

FEBRUARY 4, 2020

A new extortion scam is targeting users of marital infidelity site Ashley Madison whose accounts were compromised in a 2015 data breach. Site members are receiving emails with personalized information from the breach including names, bank account information, mailing addresses, and answers to security questions with the threat of exposing the recipient if a ransom in bitcoin isn’t paid. .

Data breaches 139

Data breaches Scams Accountability Banking 139

Tech Republic Security

FEBRUARY 6, 2020

Data exposure is one of the biggest threats from attacks on IoT devices. A new report recommends a shift to perimeter-less security strategies.

IoT 205

IoT Malware 205

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

FEBRUARY 4, 2020

The traditional focus on security has been on breach prevention and threat detection but these can only go so far. For organisations going through digital transformation there needs to be a layered approach to security – complimenting these traditional strategies with data protection.In the evolving digital world of cloud, social and apps, data is now the perimeter.

Digital transformation 135

Digital transformation Data breaches Threat Reports Encryption 135

Schneier on Security

FEBRUARY 4, 2020

The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space. From a Twitter summary : 1. [thread] We are filing legal complaints against six companies based on our research, revealing systematic breaches to privacy, by shadowy #OutOfControl #adtech companies gathering & sharing heaps of personal data.

Advertising 273

Advertising Marketing Adware Surveillance 273

Adam Shostack

FEBRUARY 6, 2020

For reasons I can’t quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied. In the meantime, my friends at Agile Stationery have transcribed a talk that Mark Vinkovits and I gave at AppSec Cali last year. Their posts are at: Why card gaming helps teams model security and privacy threats (part 1) , and part 2.

113

113

Tech Republic Security

FEBRUARY 7, 2020

Learn how to keep your iOS devices--and your data--secure with these iOS 13 privacy settings and Apple resources.

210

210

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Daniel Miessler

FEBRUARY 1, 2020

To regular folks with some basic computer skills, the Dark Web seems like Enemy #1. People talk about it like it’s the Internet Demogorgon. And the media doesn’t help either, not to mention InfoSec marketing departments. As far as they’re concerned, if you don’t say the name of your password manager 7 times before bed the Dark Web will haunt your closet.

Advertising 103

Advertising InfoSec Password Management Education 103

Schneier on Security

FEBRUARY 3, 2020

Interesting research -- " Phantom Attacks Against Advanced Driving Assistance Systems ": Abstract : The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers.

Internet 241

Internet Internet Hacking Technology 241

Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Cybercriminals behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products. Ransomware operators leverage a custom antivirus killing p ackage that is delivered to workstations to disable security solution before starting encryption.

Software 121

Software Ransomware Antivirus Encryption 121

Tech Republic Security

FEBRUARY 7, 2020

Employees who create external accounts but use them internally pose a risk to your security, says password manager company 1Password.

Risk 183

Risk Password Management Passwords Accountability 183

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Daniel Miessler

FEBRUARY 3, 2020

[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Information Security 100

Information Security 100

Schneier on Security

FEBRUARY 6, 2020

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers have appeared at his home. Many felt they had solved the puzzle, and wanted to check with Mr.

Encryption 233

Encryption Hacking 233

Security Affairs

FEBRUARY 6, 2020

Check Point experts discovered a high-severity flaw in Philips Hue Smart Light Bulbs that can be exploited to gain entry into a targeted WiFi network. Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. Lightbulbs could be remotely controlled through a mobile app or via a digital home assistant, owners could control the light in the environment and even

Hacking 115

Hacking IoT Wireless Firmware 115

Tech Republic Security

FEBRUARY 5, 2020

Many Philips Hue smart light bulbs have a firmware flaw that leads hackers into an entire network, Check Point Research found.

Firmware 188

Firmware 188

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Thales Cloud Protection & Licensing

FEBRUARY 6, 2020

Artificial intelligence (AI) is becoming increasingly integral to information security. From the multitude of ways AI is used in business to creating smart cities and safeguarding transportation , AI impacts nearly every aspect of our lives. In fact, in its Reinventing Cybersecurity with Artificial Intelligence report , Capgemini found that 61% of respondents said they can no longer detect data breach attempts without the help of AI.

Artificial Intelligence 107

Artificial Intelligence Data breaches Information Security Network Security 107

Schneier on Security

FEBRUARY 7, 2020

This paper is filled with brain science that I do not understand (news article ), but fails to answer what I consider to be the important question: how do you keep a live squid still for long enough to do an MRI scan on them? As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

227

227

Security Affairs

FEBRUARY 7, 2020

Google addressed a critical vulnerability in its Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. Google has addressed a critical flaw in Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. The vulnerability tracked as CVE-2020-0022 is a remote code execution flaw that could allow attackers to execute code on the device with the elevated privileges of the Bluetooth daemon when the wireless module is acti

Mobile 107

Mobile Wireless Advertising Malware 107

Tech Republic Security

FEBRUARY 6, 2020

Joker was the hottest film among cybercriminals with 304 malicious files named after Batman's arch-nemesis, says security firm Kaspersky.

Malware 171

Malware 171

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

WIRED Threat Level

FEBRUARY 3, 2020

With his "Google Maps Hack," artist Simon Weckert draws attention to the systems we take for granted—and how we let them shape us.

Hacking 113

Hacking 113

Schneier on Security

FEBRUARY 5, 2020

Artist Katie Holten has developed a tree code (basically, a font in trees), and New York City is using it to plant secret messages in parks.

Encryption 181

Encryption 181

Security Affairs

FEBRUARY 7, 2020

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. Pasco is Japan’s largest geospatial provider and Kobe Steel is one of the major steel manufacturers. Just last week, Japan’s Ministry of Defense announced in addition to Mitsubishi Electric and the NEC defense business division other two unnamed contractors suffered a data breach.

Manufacturing 102

Manufacturing Data breaches Advertising Antivirus 102

Tech Republic Security

FEBRUARY 6, 2020

If you need strong command line encryption on Linux, look no further than 7zip.

Encryption 208

Encryption 208

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk