Adam Levin

DECEMBER 10, 2019

Pensacola, FL was hit by a cyberattack in the wake of what has been described as a terrorist shooting. “The city of Pensacola is experiencing a cyberattack that began this weekend that is impacting our city network, including phones and email at City Hall and some of our other buildings,” said Mayor Grover Robinson. . The cyberattack began early Saturday morning days after a shooting at the nearby Pensacola Naval Air Station that left four dead and eight wounded.

Ransomware 225

Ransomware Government 225

Krebs on Security

DECEMBER 7, 2019

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses

Ransomware 225

Ransomware Backups Insurance Wireless 225

Troy Hunt

DECEMBER 13, 2019

I recorded this right before heading out for my final conference talk of the year at YOW! Melbourne where I was due to do the closing keynote of the event. That's now done, questions answered and beers drunk and I left the event feeling great. One of the things I get the most pleasure out of at conferences is hanging around talking to people so a big thanks to everyone who made the time today to stay back on a Friday evening and cap a very busy year of conferences off in this fashion.

DNS 143

DNS 143

Adam Shostack

DECEMBER 7, 2019

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success, we’ve already seen publications inspired by it, such as Moving Fast and Breaking Things: How to stop crashing more than twice , and I know there’s more forthcoming.

Architecture 130

Architecture Engineering Software Cybersecurity 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Levin

DECEMBER 11, 2019

The personal data of more than 752,000 applicants filed to obtain copies of birth and death certificates was found on an unprotected Amazon Web Services database. . The leaked data has been tracked back to a company that provides the online request forms for copies of birth and death certificates to state governments. States contracting with the company include California, New York, and Texas.

Passwords 198

Passwords Government Information Security Cybersecurity 198

Krebs on Security

DECEMBER 11, 2019

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.

Internet 171

Internet Internet Marketing Government 171

Schneier on Security

DECEMBER 13, 2019

EFF has published a comprehensible and very readable "deep dive" into the technologies of corporate surveillance, both on the Internet and off. Well worth reading and sharing. Boing Boing post.

Surveillance 181

Surveillance Internet Internet Technology 181

Adam Shostack

DECEMBER 13, 2019

Emily Asher-Perrin has some of the most interesting writing on the Star Wars universe. I like her analysis of where Rey may come from in Rey Should Choose to Adopt the Skywalker Name, Not Be Retconned Into the Family. I half look forward to the day when Disney assimilates her into the official writing team. The stories will get better, and we’ll lose her analysis.

124

124

Krebs on Security

DECEMBER 10, 2019

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks.

Backups 146

Backups Software Malware Marketing 146

Tech Republic Security

DECEMBER 10, 2019

Discovered and analyzed by security provider Sophos, Snatch attempts to bypass traditional security software by rebooting your PC into Safe Mode.

Ransomware 130

Ransomware Software 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

DECEMBER 10, 2019

There's a serous debate on reforming Section 230 of the Communications Decency Act. I am in the process of figuring out what I believe, and this is more a place to put resources and listen to people's comments. The EFF has written extensively on why it is so important and dismantling it will ben catastrophic for the Internet. Danielle Citron disagrees.

Internet 149

Internet Internet Media 149

Adam Shostack

DECEMBER 11, 2019

The Open Technology Institute has an Open Letter to Law Enforcement in the U.S., UK, and Australia: Weak Encryption Puts Billions of Internet Users at Risk. ( press release , letter.) I am pleased to be one of the signers. In closely related news, nominations for the 2020 Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies are open.

Technology 100

Technology Encryption Internet Internet 100

Krebs on Security

DECEMBER 10, 2019

CISO Magazine , a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “ Cybersecurity Person of the Year ” in its December 2019 issue. KrebsOnSecurity is grateful for the unexpected honor. But I can definitely think of quite a few people who are far more deserving of this title.

CISO 139

CISO Data breaches Media Information Security 139

Tech Republic Security

DECEMBER 11, 2019

While hardware-level attacks are high, only 59% of companies have implemented a hardware security strategy, Dell and Forrester found.

134

134

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

DECEMBER 9, 2019

Interesting taxonomy of machine-learning failures ( pdf ) that encompasses both mistakes and attacks, or -- in their words -- intentional and unintentional failure modes. It's a good basis for threat modeling.

148

148

Elie

DECEMBER 12, 2019

The. “Right to be Forgotten” (RTBF). is a landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information uncovered by queries containing the name of the requester.

Media 118

Media Government Internet Internet 118

WIRED Threat Level

DECEMBER 10, 2019

Five men face federal charges of bilking investors of $722 million by inviting them to buy shares in bitcoin mining pools. .

Scams 121

Scams Cryptocurrency 121

Tech Republic Security

DECEMBER 11, 2019

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.

143

143

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Schneier on Security

DECEMBER 11, 2019

Privacy International has published a detailed, technical examination of how data is extracted from smartphones.

Hacking 159

Hacking 159

Security Affairs

DECEMBER 7, 2019

Alleged Vietnamese Ocean Lotus (APT32) hackers breached the networks of the car manufacturers BMW and Hyundai to steal automotive trade secrets. According to German media, hackers suspected to be members of the Vietnam-linked APT Ocean Lotus ( APT32 ) group breached the networks of the car manufacturers BMW and Hyundai. The intrusion aimed at stealing automotive trade secrets. “The attack the alleged Vietnamese hacker group began in the spring of 2019.

Hacking 92

Hacking Manufacturing Advertising Media 92

Elie

DECEMBER 12, 2019

The “Right to be Forgotten” is a privacy ruling that enables Europeans to delist certain URLs appearing in search results related to their name. In order to illuminate the effect this ruling has on information access, we conducted a retrospective measurement study of 3.2 million URLs that were requested for delisting from Google Search over five years.

Media 83

Media Internet Internet Government 83

Tech Republic Security

DECEMBER 12, 2019

Mozilla has evolved its Lockbox password tool into a more standard password manager. Jack Wallen shows you how to use the Firefox Lockwise password manager.

Password Management 112

Password Management Passwords 112

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Daniel Miessler

DECEMBER 9, 2019

This is UL Member Content Subscribe Already a member? Login No related posts.

Information Security 100

Information Security 100

Security Affairs

DECEMBER 10, 2019

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. Experts from the Microsoft threat research team analyzed a database containing 3 billion leaked credentials from different security breaches. “The Microsoft identity threat research team checks billions

Accountability 87

Accountability Hacking Passwords Advertising 87

WIRED Threat Level

DECEMBER 11, 2019

Reports about the toy store using cameras to track shoppers caused an uproar, but the companies behind the tech insist their systems are trained to ignore kids.

Surveillance 79

Surveillance 79

Tech Republic Security

DECEMBER 10, 2019

'Tis the season for open source gifts. But what to buy? Jack Wallen has a few ideas that are sure to put a smile on the faces of the open source lovers in your life.

105

105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

DECEMBER 9, 2019

The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.

Ransomware 98

Ransomware 98

Security Affairs

DECEMBER 13, 2019

Experts discovered tens of flaws in the Siemens SPPA-T3000 control systems that could be exploited to attack fossil and renewable power plants. Siemens informed customers that the SPPA-T3000 Application Server is affected by 19 vulnerabilities and the SPAA-T3000 MS3000 Migration Server is impacted by 35 security issues. Some of the vulnerabilities have been rated as critical and could be exploited by attackers to trigger a denial-of-service (DoS) condition or to execute arbitrary code on the ser

Hacking 85

Hacking Advertising Firewall Technology 85

WIRED Threat Level

DECEMBER 12, 2019

A new wave of reports about the home surveillance cameras getting hijacked by creeps is painfully familiar.

IoT 98

IoT Surveillance Hacking 98

Tech Republic Security

DECEMBER 10, 2019

Mozilla has evolved its Lockbox password tool into a more standard password manager. Find out if Firefox Lockwise is right for you.

Password Management 112

Password Management Passwords 112

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk