Krebs on Security

JUNE 21, 2020

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “ BlueLeaks ” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to

Government 363

Government Cyber threats Accountability Banking 363

Schneier on Security

JUNE 24, 2020

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer than any other time in my adult life -- and I have no future flights scheduled. This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying.

Risk 361

Risk 361

Adam Levin

JUNE 26, 2020

Phony contact-tracing apps meant to mitigate the spread of the Covid-19 pandemic are installing ransomware on mobile devices. One app billed itself, “The Covid-19 Tracer App,” claiming to be an official mobile app of the Canadian government’s coronavirus contact tracing effort. “The more Canadians who voluntarily download and use the app, the safer we’ll be, and the faster we can reopen the economy,” stated the scam website.

Malware 223

Malware Ransomware Mobile Scams 223

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch diskettes.

Ransomware 244

Ransomware Hacking Encryption Penetration Testing 244

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Shostack

JUNE 22, 2020

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world. The Cyentia Library lets us see what people are doing in terms of research and data.

Accountability 200

Accountability Ransomware Hacking 200

Schneier on Security

JUNE 23, 2020

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about "several hints suggesting a possible link" to the Lazarus group (aka North Korea), but that's by no means definite. As part of the initial compromise phase, the Operation In(ter)ception attackers had created fake LinkedIn accounts posing as HR representatives of well-known companies in the aerospace and defense industries.

Malware 332

Malware Accountability 332

Tech Republic Security

JUNE 23, 2020

Bad actors have flooded the enterprise with coronavirus-related attacks, but professionals working from home have other worries, Unisys Security found.

218

218

Adam Levin

JUNE 24, 2020

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. The data, called “BlueLeaks,” was shared online by a group called Distributed Denial of Secrets, or DDoSecrets), a Wikileaks-style organization committed to “enabling the free transmission of data in the public interest.”.

Data collection 189

Data collection VPN Accountability Risk 189

Schneier on Security

JUNE 25, 2020

New research: " Best Practices for IoT Security: What Does That Even Mean? " by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices.

IoT 315

IoT Manufacturing Internet Internet 315

Daniel Miessler

JUNE 21, 2020

THIS WEEK’S TOPICS: Ripple20 IoT Vulns, Homeland Security Surveillance, US Cyber Budget, Adobe EOL, AWS DDoS, Bellingcat Poison Investigation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Surveillance 130

Surveillance DDOS IoT Technology 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 22, 2020

Targeting the CEO and others in an organization, the attacks spotted by cybersecurity firm Darktrace were detected due to artificial intelligence.

Artificial Intelligence 199

Artificial Intelligence Phishing Cybersecurity 199

Security Affairs

JUNE 26, 2020

A man accused to have developed distributed denial of service (DDoS) botnets based on the Mirai botnet was sentenced to 13 months in federal prison. Kenneth Currin Schuchman, 22, of Vancouver, Washington, was sentenced to 13 months in federal prison because it has developed distributed denial of service (DDoS) botnets based on the source code of Mirai botnet.

DDOS 143

DDOS IoT Advertising Internet 143

Schneier on Security

JUNE 24, 2020

Really interesting research: " An examination of the cryptocurrency pump and dump ecosystem ": Abstract : The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud. This paper examines pump and dump schemes. The recent explosion of nearly 2,000 cryptocurrencies in an unregulated environment has expanded the scope for abuse.

Cryptocurrency 308

Cryptocurrency Scams 308

WIRED Threat Level

JUNE 22, 2020

The so-called BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies.

Hacking 145

Hacking 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JUNE 25, 2020

Your credit card is worth around $33, your driver's license around $27, and your PayPal account around $42, according to Reviews.org.

Accountability 207

Accountability 207

Security Affairs

JUNE 21, 2020

Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. Researchers at security firm Intego observed the new variant being spread masqueraded as a fake Adobe Flash Player installer (.DMG disk image) and implementing fresh advanced evasion capabilities. “The new malware tricks victims into bypassing Apple’s built-in macOS security protecti

Engineering 139

Engineering Malware Adware Antivirus 139

Schneier on Security

JUNE 22, 2020

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30. It showed the woman, in flame-retardant gloves, grabbing a burning piece of a police barricade that had already been used to set one squad car on fire and tossi

Internet 293

Internet Internet Mobile Accountability 293

Dark Reading

JUNE 26, 2020

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.

140

140

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JUNE 25, 2020

Emails with fake COVID-19 training materials are trying to trick employees into sharing their Microsoft credentials, says Check Point Research.

Phishing 198

Phishing 198

Security Affairs

JUNE 25, 2020

Microsoft researchers are warning of attacks against Exchange servers and published guidance on how to defend them. Microsoft’s Defender ATP Research Team released guidance on how to defend against attacks targeting Exchange servers with the use of behavior-based detection. Microsoft researchers analyzed multiple campaigns targeting Exchange servers in early April which showed how the malicious actors deploying web shells them.

Social Engineering 133

Social Engineering Advertising Engineering Authentication 133

Schneier on Security

JUNE 26, 2020

Interesting research: " Identifying Unintended Harms of Cybersecurity Countermeasures ": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the infrastructure itself (including other ser

Cybersecurity 264

Cybersecurity Risk Technology Cybercrime 264

Threatpost

JUNE 25, 2020

Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more.

145

145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JUNE 24, 2020

Spending on cybersecurity technology rose last quarter but will dip this year due to budgetary constraints, says Canalys.

Marketing 214

Marketing Cybersecurity Technology 214

Security Affairs

JUNE 24, 2020

U.S. business consulting firm Frost & Sullivan suffered a data breach, a threat actor is offering for sale its databases on a hacker forum. U.S. firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. Frost & Sullivan is a business consulting firm involved in market research and analysis, growth strategy consulting, and corporate training across multiple industries.

Data breaches 130

Data breaches Backups Advertising Hacking 130

WIRED Threat Level

JUNE 26, 2020

After releasing over a million hacked law enforcement files, DDoSecrets got banned from Twitter. But it has no plans to slow down.

Hacking 134

Hacking 134

Threatpost

JUNE 23, 2020

Remote work is opening up new insider threats - whether it's negligence or malicious employees - and companies are scrambling to stay on top of these unprecedented risks.

Risk 116

Risk Data privacy Hacking 116

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JUNE 26, 2020

If Safari isn't your default Mac web browser, it should be when Apple releases macOS Big Sur. Here's how Apple developers have readied the browser for adulthood and the demands of the workplace.

172

172

Security Affairs

JUNE 26, 2020

German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of an illegal underground economy forum. According to prosecutors in Frankfurt and Bamberg, the German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of the “ crimenetwork.co ” illegal underground economy forum.

Advertising 126

Advertising Cryptocurrency Malware Hacking 126

SecureWorld News

JUNE 23, 2020

COVID-19 has dramatically changed our relationship with remote work. Some of this shift was in place before the global pandemic, but coronavirus is a pivot point, particularly when it comes to managing remote employees and cybersecurity. COVID-19 also revealed and created significant security gaps around Identity and Access Management (IAM). That is why SecureWorld recently convened a panel of cybersecurity experts to talk through this challenge.

Authentication 97

Authentication CISO Cybersecurity Accountability 97

Threatpost

JUNE 26, 2020

App will stop reading users’ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity.

Data privacy 132

Data privacy Mobile 132

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk