Krebs on Security

MAY 11, 2020

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network. Canton, Ohio-based Diebold [ NYSE: DBD ] is currently the largest ATM provider in the United States, with an estimated 35 percent of the cash machine market worldwide.

Ransomware 334

Ransomware Retail Malware Data breaches 334

The Last Watchdog

MAY 13, 2020

Chief Information Security Officers were already on the hot seat well before the COVID-19 global pandemic hit, and they are even more so today. Related: Why U.S. cybersecurity policy needs to match societal values CISOs must preserve and protect their companies in a fast-changing business environment at a time when their organizations are under heavy bombardment.

CISO 261

CISO Cybersecurity Digital transformation Risk 261

Schneier on Security

MAY 14, 2020

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. The first of the new malware variants, COPPERHEDGE , is described as a Remote Access Tool (RAT) "used by advanced persistent threat (APT) cyber actors in the targeting of cryptocurrency exchanges and related entities.

Government 301

Government Malware Antivirus Cryptocurrency 301

Troy Hunt

MAY 15, 2020

I think I'm going to stick with the live weekly update model for the foreseeable future. It makes life so much easier when it comes to editing, rendering and uploading and it means I always have something out on time. So, that's that, other news this week is mostly just bits and pieces here and there and some banter with the audience and that's just fine, it's nice having a quieter week sometimes ??

VPN 197

VPN 197

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

MAY 12, 2020

Microsoft today issued software updates to plug at least 111 security holes in Windows and Windows-based programs. None of the vulnerabilities were labeled as being publicly exploited or detailed prior to today, but as always if you’re running Windows on any of your machines it’s time once again to prepare to get your patches on. May marks the third month in a row that Microsoft has pushed out fixes for more than 110 security flaws in its operating system and related software.

Backups 262

Backups Software Risk Media 262

Tech Republic Security

MAY 15, 2020

Spoofing government and health organizations, these templates help attackers create and customize their own phishing pages to exploit the COVID-19 pandemic, says Proofpoint.

Phishing 217

Phishing Government 217

Adam Shostack

MAY 14, 2020

For Threat Model Thursday, I want to look at models and modeling in a tremendously high-stakes space: COVID models. There are a lot of them. They disagree. Their accuracy is subject to a wide variety of interventions. (For example, few disease models forecast a politicized response to the disease, or a massively inconsistent response within an area where people can travel freely.

147

147

Adam Levin

MAY 13, 2020

In the wake of an April ransomware attack, Fortune 500 healthcare company Magellan Health announced that a hacker exfiltrated customer data. The ransomware attack was first detected by Magellan Health April 11, 2020, and was traced back to a phishing email that had been sent and opened five days earlier. Subsequent investigation revealed that customer data had been exfiltrated prior to the deployment of the ransomware.

Ransomware 133

Ransomware Healthcare Phishing Passwords 133

Tech Republic Security

MAY 14, 2020

In an industry still experiencing a talent shortage despite the pandemic, recruiters and observers offer advice on what job seekers should and should not do.

Cybersecurity 204

Cybersecurity 204

Schneier on Security

MAY 15, 2020

Long and nuanced story about Marcus Hutchins, the British hacker who wrote most of the Kronos malware and also stopped WannaCry in real time. Well worth reading.

Malware 312

Malware Cybercrime Hacking 312

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Daniel Miessler

MAY 14, 2020

THIS WEEK’S TOPICS: Thunderbolt Attack, Celebrity Ransomware, ClearView Government, Blackhat DEFCON Virtual, War Thunder, 5G Bio Attacks, PC Game Cheating, Zoom Keybase, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

Government 130

Government Technology Ransomware Information Security 130

Adam Levin

MAY 12, 2020

A major entertainment and media law firm experienced a massive data breach that may have compromised the data of many celebrities including Bruce Springsteen, Lady Gaga, Madonna, Nicki Minaj, Christina Aguilera, and others. Grubman Shire Meiselas & Sacks, a New York-based law firm, was hit by a ransomware attack that compromised at least 756 gigabytes of client data, including contracts, non-disclosure agreements, contact information and personal correspondence.

Data breaches 131

Data breaches Media Ransomware Hacking 131

Tech Republic Security

MAY 11, 2020

These threats are designed to capture usernames, passwords, bank details, network information, and other sensitive data, says security provider Lastline.

Banking 203

Banking Passwords 203

Schneier on Security

MAY 13, 2020

The Army is developing a new electronic warfare pod capable of being put on drones and on trucks.the Silent Crow pod is now the leading contender for the flying flagship of the Army's rebuilt electronic warfare force. Army EW was largely disbanded after the Cold War, except for short-range jammers to shut down remote-controlled roadside bombs. Now it's being urgently rebuilt to counter Russia and China , whose high-tech forces unlike Afghan guerrillas -- rely heavily on radio and radar systems,

Computers and Electronics 288

Computers and Electronics Artificial Intelligence Wireless 288

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

MAY 11, 2020

During COVID-19 outbreak data processors have to be extra vigilant to maintain their compliance with data protection authorities like GDPR. COVID-19 has abruptly changed the world. It has imposed online learning and earning, which in turn has open new doors of cybersecurity threats and data breaches. Now the data processors have to be extra vigilant to maintain their compliance with data protection authorities like GDPR.

Encryption 141

Encryption Data breaches Advertising Passwords 141

The Last Watchdog

MAY 11, 2020

Long before COVID-19, some notable behind-the-scenes forces were in motion to elevate cybersecurity to a much higher level. Related: How the Middle East has advanced mobile security regulations Over the past couple of decades, meaningful initiatives to improve online privacy and security, for both companies and consumers, incrementally gained traction in the tech sector and among key regulatory agencies across Europe, the Middle East and North America.

Computers and Electronics 113

Computers and Electronics Data privacy Encryption Media 113

Tech Republic Security

MAY 13, 2020

The outbreak of COVID-19 has triggered a wave of scams, from fake pharmacies to stimulus payment promises to phony cryptocurrency wallets, says Bolster.

Scams 202

Scams Cryptocurrency 202

Schneier on Security

MAY 11, 2020

The California Consumer Privacy Act is a lesson in missed opportunities. It was passed in haste, to stop a ballot initiative that would have been even more restrictive: In September 2017, Alastair Mactaggart and Mary Ross proposed a statewide ballot initiative entitled the "California Consumer Privacy Act." Ballot initiatives are a process under California law in which private citizens can propose legislation directly to voters, and pursuant to which such legislation can be enacted through voter

Data privacy 282

Data privacy Surveillance Internet Internet 282

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

MAY 15, 2020

Britain’s Ministry of Defence contractor Interserve has been hacked, intruders have stolen up to 100,000 past and present employees’ details. Interserve, a contractor for the Britain’s Ministry of Defence suffered a security breach, hackers have stolen up to 100,000 of past and current employees details. The company currently has around 53,000 employees.

Hacking 132

Hacking Data breaches Advertising Banking 132

Adam Shostack

MAY 13, 2020

The UK’s National Computer Security Center has a blog post on Drawing good architecture diagrams.

Architecture 130

Architecture 130

Tech Republic Security

MAY 11, 2020

The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.

Phishing 209

Phishing Accountability 209

Threatpost

MAY 15, 2020

A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.

Malware 123

Malware Hacking 123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. “On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) released three Malware Analysis Reports (MA

Malware 129

Malware Advertising Government Cryptocurrency 129

Adam Shostack

MAY 11, 2020

Most of my time, I’m helping organizations develop the skills and discipline to build security in. We give the best advice available, and I recognize that we’re early in developing the science around how to build an SDL that works. That’s why I spend time working with academics who can objectively study what we’re working on.

Engineering 100

Engineering Software 100

Tech Republic Security

MAY 15, 2020

A new study of publicly reported data shows the average person experienced a breach every three months last year.

216

216

WIRED Threat Level

MAY 10, 2020

The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and affects any PC manufactured before 2019.

Manufacturing 118

Manufacturing Hacking 118

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

MAY 9, 2020

The Sodinokibi ransomware gang stolen gigabytes of legal documents from the law firm of the stars, Grubman Shire Meiselas & Sacks (GSMLaw). The Sodinokibi ransomware group claims to have stolen gigabytes of legal documents from the entertainment and law firm Grubman Shire Meiselas & Sacks (GSMLaw) that has dozens of international stars and celebrities among its clients.

Hacking 128

Hacking Ransomware Advertising Cryptocurrency 128

Threatpost

MAY 12, 2020

Cybercriminals used the REvil ransomware to attack a law firm used by the likes of Lady Gaga, Drake and Madonna. Now, they're threatening to leak the 756 gigabytes of stolen data.

Ransomware 105

Ransomware Malware Hacking 105

Tech Republic Security

MAY 11, 2020

Millions of employees working remotely have gotten no information about how to keep their devices and home networks safe.

Cybersecurity 206

Cybersecurity 206

Dark Reading

MAY 12, 2020

Using a known exploit to infect unmaintained systems, the WannaCry ransomware worm remains a study in preventable catastrophes. Yet many companies continue to ignore its lessons.

Ransomware 109

Ransomware 109

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk