Sat.Nov 28, 2020 - Fri.Dec 04, 2020

article thumbnail

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised.

article thumbnail

Manipulating Systems Using Remote Lasers

Schneier on Security

Many systems are vulnerable : Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. […]. They broadened their research to show how light can be used to manipulate a wider range of digital assistants — including Amazon Echo 3 — but also sensing systems found in medical

Hacking 345
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 219: IoT Unravelled with Scott Helme

Troy Hunt

What. A. Week. Blog post every day, massive uptick in comments, DMs, newsletter subscribers, followers and especially, blog traffic. More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. This has been a fascinating experience for me and I've enjoyed sharing the journey, complete with all my mistakes ?? I topped the week off by spending a couple of hours talking to Scott Helme about our respective IoT experiences so that's the entirety of this week's update - Sc

IoT 344
article thumbnail

The New Reality of State-sponsored Attacks on US Businesses

Daniel Miessler

The Lawfare Podcast is one of my few staples, and I just listened to another great episode on espionage against US buisnesses. My main takeaway was this: Foreign governments—and especially China—are pivoting from targeting other governments for their secrets, to instead going after private companies because that’s where most of the intellectual property is.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

IRS to Make ID Protection PIN Open to All

Krebs on Security

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.

Mobile 349
article thumbnail

Open Source Does Not Equal Secure

Schneier on Security

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. So while opening up source code is a good thing, it is not a guarantee of security.

LifeWorks

More Trending

article thumbnail

Social Media Account Verification Messages: CyberCriminals’ Latest Phishing Technique Exploits Both Human Emotions And Anti-Fraud Techniques

Joseph Steinberg

Social media users’ delight at receiving notification that their accounts have qualified for Verification (that is, receiving the often-coveted “blue check mark” that appears on the social media profiles of public figures) has become the latest target of criminal exploitation. Cybercrooks intent on stealing people’s identities (or worse) have begun sending well-crafted messages that both impersonate various major social-media providers, as well as mimic the instructions that such media platforms

Media 246
article thumbnail

Bomb Threat, DDoS Purveyor Gets Eight Years

Krebs on Security

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors. Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad , a gang of young ne’er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks a

DDOS 298
article thumbnail

Impressive iPhone Exploit

Schneier on Security

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ — over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable­ — meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. […].

Passwords 329
article thumbnail

Companies are relaxing cybersecurity during the pandemic to boost productivity

Tech Republic Security

Is this a bad idea? Learn about the pitfalls and what organizations should be doing to address lax security versus productivity.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Malware, Adware Disguised As Minecraft Mods Infect Over 1 Million Android Devices

Adam Levin

Android users trying to install mods for the wildly popular game title Minecraft may be unintentionally installing adware and malware to their devices. According to new research from cybersecurity and anti-virus company Kaspersky Lab , over twenty apps available to download on Google’s Play store claiming to add additional content to the game were “malvertising,” which launches unwanted popup ads on a user’s device.

Adware 173
article thumbnail

A Broken Piece of Internet Backbone Might Finally Get Fixed

WIRED Threat Level

Efforts to secure the Border Gateway Protocol have picked up critical momentum, including a big assist from Google.

Internet 145
article thumbnail

Enigma Machine Recovered from the Baltic Sea

Schneier on Security

Neat story : German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during World War Two which they believe was thrown overboard from a scuttled submarine. Thinking they had discovered a typewriter entangled in a net on the seabed of Gelting Bay, underwater archaeologist Florian Huber quickly realised the historical significance of the find.

316
316
article thumbnail

Cybersecurity report: Average household hit with 104 threats each month

Tech Republic Security

The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land

Security Affairs

E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea. E-Land Group takes part in retail malls, restaurants, theme parks, hotels and construction businesses as well as its cornerstone, fashion apparel business.

article thumbnail

What Is the Signal Encryption Protocol?

WIRED Threat Level

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

article thumbnail

Check Washing

Schneier on Security

I can’t believe that check washing is still a thing: “Check washing” is a practice where thieves break into mailboxes (or otherwise steal mail), find envelopes with checks, then use special solvents to remove the information on that check (except for the signature) and then change the payee and the amount to a bank account under their control so that it could be deposited at out-state-banks and oftentimes by a mobile phone.

Banking 281
article thumbnail

How to protect your personal data from being sold on the Dark Web

Tech Republic Security

Cybercriminals can use stolen information for extortion, scams and phishing schemes, and the direct theft of money, says Kaspersky.

Scams 214
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Google discloses a zero-click Wi-Fi exploit to hack iPhone devices

Security Affairs

Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack iPhone devices. Google Project Zero white-hat hacker Ian Beer has disclosed technical details of a critical “wormable” iOS bug that could have allowed a remote attacker to take over any device in the vicinity over Wi-Fi.

Hacking 145
article thumbnail

This Company Uses AI to Outwit Malicious AI

WIRED Threat Level

Robust Intelligence is among a crop of companies that offer to protect clients from efforts at deception.

article thumbnail

The 2020 Workshop on Economics and Information Security (WEIS)

Schneier on Security

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free.

article thumbnail

Top 5 tips for choosing strong passwords

Tech Republic Security

Strong passwords are necessary for making sure you and your organization stay protected. Tom Merritt offers five tips for creating strong passwords.

Passwords 211
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.

Malware 145
article thumbnail

A ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

WIRED Threat Level

A Google researcher found flaws in Apple's AWDL protocol that would have allowed for a complete device takeover.

Hacking 134
article thumbnail

My top 5 videos of the year

Javvad Malik

Following on from last weeks post in which I summed up my top 5 blogs of the year , the sequel that one person asked me for was, what were the most watched videos of mine during 2020? Well, wonder no more, as I give you the top 5 in reverse order, cue the Top of the Pops intro! 5: Social Distance Club. Nothing to do with security and all to do with staying safe during a pandemic. 4: 7 talks I’m planning once the pandemic is over.

article thumbnail

Most used passwords for 2020: The internet's favorite curse word, name, food, and team

Tech Republic Security

CyberNews analyzed more than 15 billion passwords; if your favorite one is at the top of the list, it's time to change right now.

Passwords 200
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Chip maker Advantech hit by Conti ransomware gang

Security Affairs

The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files.

article thumbnail

This Notorious Botnet Has an Alarming New Trick

WIRED Threat Level

The hackers behind TrickBot have begun probing victim PCs for vulnerable firmware, which would let them persist on devices undetected.

Firmware 131
article thumbnail

Is Your Cybersecurity Ready for the Holidays?

Adam Levin

Retailers around the world are anticipating less foot traffic in their shops this holiday season, with more than 75% of consumers expected to do most of their shopping online due to the pandemic. And if there was any doubt as to this proposition, Black Friday certainly proved the point. While that will certainly keep consumers safer when it comes to Covid-19 infections, it could make them more vulnerable to other ills like cybercrime.

article thumbnail

Safari for iOS 14 and Big Sur: How to prevent websites from tracking your moves online

Tech Republic Security

Apple has deployed a privacy feature in iOS 14 and macOS 11 Safari that disables trackers from learning about which websites you visit. Learn all about this new feature and how to use it.

181
181
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!