Schneier on Security
DECEMBER 3, 2020
Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. So while opening up source code is a good thing, it is not a guarantee of security.
Troy Hunt
NOVEMBER 28, 2020
What. A. Week. Blog post every day, massive uptick in comments, DMs, newsletter subscribers, followers and especially, blog traffic. More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. This has been a fascinating experience for me and I've enjoyed sharing the journey, complete with all my mistakes ?? I topped the week off by spending a couple of hours talking to Scott Helme about our respective IoT experiences so that's the entirety of this week's update - Sc
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
DECEMBER 2, 2020
For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised.
Daniel Miessler
DECEMBER 3, 2020
The Lawfare Podcast is one of my few staples, and I just listened to another great episode on espionage against US buisnesses. My main takeaway was this: Foreign governments—and especially China—are pivoting from targeting other governments for their secrets, to instead going after private companies because that’s where most of the intellectual property is.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
DECEMBER 1, 2020
Many systems are vulnerable : Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. […]. They broadened their research to show how light can be used to manipulate a wider range of digital assistants — including Amazon Echo 3 — but also sensing systems found in medical
Joseph Steinberg
DECEMBER 1, 2020
Social media users’ delight at receiving notification that their accounts have qualified for Verification (that is, receiving the often-coveted “blue check mark” that appears on the social media profiles of public figures) has become the latest target of criminal exploitation. Cybercrooks intent on stealing people’s identities (or worse) have begun sending well-crafted messages that both impersonate various major social-media providers, as well as mimic the instructions that such media platforms
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
DECEMBER 4, 2020
It's a lighter weekly update this week, kinda feels like I'm still recovering from last week's epic IoT series TBH. It's also the last update from home before I go on my first decent trip since the whole pandemic thing started and as such, the next five updates will all come from other locations, some of them rather, uh, "remote". But there's still an hour of content today including the fact that it's HIBP's birthday ??
Schneier on Security
DECEMBER 2, 2020
This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device — over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable — meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. […].
Adam Levin
DECEMBER 2, 2020
Android users trying to install mods for the wildly popular game title Minecraft may be unintentionally installing adware and malware to their devices. According to new research from cybersecurity and anti-virus company Kaspersky Lab , over twenty apps available to download on Google’s Play store claiming to add additional content to the game were “malvertising,” which launches unwanted popup ads on a user’s device.
Tech Republic Security
NOVEMBER 30, 2020
The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Javvad Malik
DECEMBER 4, 2020
Following on from last weeks post in which I summed up my top 5 blogs of the year , the sequel that one person asked me for was, what were the most watched videos of mine during 2020? Well, wonder no more, as I give you the top 5 in reverse order, cue the Top of the Pops intro! 5: Social Distance Club. Nothing to do with security and all to do with staying safe during a pandemic. 4: 7 talks I’m planning once the pandemic is over.
Schneier on Security
DECEMBER 4, 2020
Neat story : German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during World War Two which they believe was thrown overboard from a scuttled submarine. Thinking they had discovered a typewriter entangled in a net on the seabed of Gelting Bay, underwater archaeologist Florian Huber quickly realised the historical significance of the find.
Adam Levin
DECEMBER 4, 2020
Retailers around the world are anticipating less foot traffic in their shops this holiday season, with more than 75% of consumers expected to do most of their shopping online due to the pandemic. And if there was any doubt as to this proposition, Black Friday certainly proved the point. While that will certainly keep consumers safer when it comes to Covid-19 infections, it could make them more vulnerable to other ills like cybercrime.
Tech Republic Security
NOVEMBER 30, 2020
Strong passwords are necessary for making sure you and your organization stay protected. Tom Merritt offers five tips for creating strong passwords.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
NOVEMBER 28, 2020
The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files.
Schneier on Security
NOVEMBER 30, 2020
I can’t believe that check washing is still a thing: “Check washing” is a practice where thieves break into mailboxes (or otherwise steal mail), find envelopes with checks, then use special solvents to remove the information on that check (except for the signature) and then change the payee and the amount to a bank account under their control so that it could be deposited at out-state-banks and oftentimes by a mobile phone.
Adam Levin
DECEMBER 4, 2020
The personal information of over 243 million Brazilians was left accessible online for at least six months. The data leak was discovered by the Brazilian newspaper Estadao and has been attributed to web developers leaving the password to a government database in the source code of a publicly accessible website. The potentially exposed data included full names, addresses, telephone numbers, and medical details of anyone who had registered with the country’s national health system, totaling roughl
Tech Republic Security
NOVEMBER 30, 2020
Is this a bad idea? Learn about the pitfalls and what organizations should be doing to address lax security versus productivity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
DECEMBER 3, 2020
E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea. E-Land Group takes part in retail malls, restaurants, theme parks, hotels and construction businesses as well as its cornerstone, fashion apparel business.
Schneier on Security
DECEMBER 4, 2020
The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free.
WIRED Threat Level
NOVEMBER 29, 2020
As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.
Tech Republic Security
DECEMBER 1, 2020
Cybercriminals can use stolen information for extortion, scams and phishing schemes, and the direct theft of money, says Kaspersky.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
NOVEMBER 29, 2020
A cyber criminal organization has stolen money from at least 35 Italian ATMs with a black box attack technique. A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new black box attack technique. The Carabinieri of Monza dismantled by the gang, the Italian law enforcement agency confirmed that the cybercrime organization stole about 800,000€ in just 7 months using #ATM Black Box attack.
Adam Shostack
DECEMBER 4, 2020
There’s an interesting paper, Mitigating social bias in knowledge graph embeddings from a team at Amazon, which was presented at an academic workshop on bias in knowledge graph construction. The work is interesting, and the availability of approaches like this will be a welcome shift in how we deal with these important issues. Of course, these approaches are not panaceas, but starting to define and address relatively low hanging fruit is important.
WIRED Threat Level
DECEMBER 2, 2020
Efforts to secure the Border Gateway Protocol have picked up critical momentum, including a big assist from Google.
Tech Republic Security
DECEMBER 4, 2020
CyberNews analyzed more than 15 billion passwords; if your favorite one is at the top of the list, it's time to change right now.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
DECEMBER 2, 2020
Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.
Threatpost
DECEMBER 2, 2020
Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.
Dark Reading
DECEMBER 1, 2020
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
Tech Republic Security
NOVEMBER 30, 2020
Apple has deployed a privacy feature in iOS 14 and macOS 11 Safari that disables trackers from learning about which websites you visit. Learn all about this new feature and how to use it.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
293 
Let's personalize your content