Krebs on Security

NOVEMBER 21, 2020

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. In part 2 , I covered IP addresses and the importance of a decent network to run all this stuff on, followed by Zigbee and the role of low power, low bandwidth devices. I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time.

IoT 358

IoT Firmware Risk Manufacturing 358

Schneier on Security

NOVEMBER 24, 2020

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers for negligent homicide, but the details were more complicated: After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim’s medi

Ransomware 349

Ransomware Cybercrime Hacking 349

Adam Levin

NOVEMBER 23, 2020

The holidays are the most wonderful time of the year, especially for scammers. Consumers are typically spending more, doing it quickly and not paying as much attention to who they’re buying it from because of the rush. With the COVID-19 pandemic, many shoppers will make the bulk of their purchases online, which means this year’s Black Friday and Cyber Monday shopping frenzy could be riskier than usual.

Scams 239

Scams Banking Retail Consumer Protection 239

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 24, 2020

If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.

214

214

Troy Hunt

NOVEMBER 26, 2020

This is the fifth and final part of the IoT unravelled blog series. Part 1 was all about what a mess the IoT landscape is, but then there's Home Assistant to unify it all. In part 2 I delved into networking bits and pieces, namely IP addresses, my Ubiquiti UniFi gear and Zigbee. Part 3 was all about security and how that's all a bit of a mess too, particularly as it relates to firmware patching and device isolation on networks.

IoT 352

IoT Firmware Technology 352

Adam Levin

NOVEMBER 25, 2020

The holiday season is one of the busiest times of the year for scammers and hackers. Shoppers and philanthropists are both easier targets during the busy holiday season. The Covid-19 pandemic has meant increased virtual visits with loved ones, and of course remote work. The number of people willing to use their personal devices for holiday shopping has also increased as a result of the pandemic.

Cybersecurity 191

Cybersecurity Retail Scams Phishing 191

Tech Republic Security

NOVEMBER 25, 2020

Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.

Ransomware 203

Ransomware 203

Troy Hunt

NOVEMBER 25, 2020

The first few parts of this series have all been somewhat technical in nature; part 1 was how much of a mess the IoT ecosystem is and how Home Assistant aims to unify it all, part 2 got into the networking layer with both Wi-Fi and Zigbee and in part 3 , I delved into security. Now let's tackle something really tricky - humans. I love the idea of automating stuff in the home, but I love the idea of a usable home even more.

IoT 341

IoT Firmware Marketing Media 341

Schneier on Security

NOVEMBER 23, 2020

Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it had finally been achieved, based on a recently published paper. I want to add some caveats to the discussion. Basically, obfuscation makes a computer program “unintelligible” by performing its functionality.

Encryption 241

Encryption 241

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Adam Shostack

NOVEMBER 23, 2020

We get many things from whiteboards. One of those is a sense of impermanence – that the work on them is a work in progress. That it’s a sketch, rather than a final product. And I missed whiteboards, so working with my partners at Agile Stationery, we created not only whiteboards, but also stencils to help you neaten up your threat models as you iterate through them.

Engineering 130

Engineering 130

Tech Republic Security

NOVEMBER 23, 2020

The Android apps promised Minecraft modifications but instead delivered intrusive ads aimed at kids and teenagers, says Kaspersky.

183

183

Security Affairs

NOVEMBER 23, 2020

The U.S. FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware 145

Ransomware Encryption VPN Backups 145

Schneier on Security

NOVEMBER 25, 2020

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine.

Cybersecurity 208

Cybersecurity 208

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

NOVEMBER 24, 2020

As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.

Backups 145

Backups Ransomware 145

Tech Republic Security

NOVEMBER 26, 2020

As you plan your big data strategy for next year, keep these seven goals in mind.

Big data 216

Big data 216

Security Affairs

NOVEMBER 26, 2020

US Fertility, the largest network of fertility centers in the U.S., discloses a ransomware attack that took place in September 2020. US Fertility , the largest network of fertility centers in the U.S., revealed that a ransomware attack hit its systems in September 2020. The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its clinics with 130,000 babies have been born. “On September 14, 2020, USF experienced

Ransomware 139

Ransomware Data breaches Encryption Malware 139

SecureWorld News

NOVEMBER 24, 2020

Do two wrongs make a right? Newly revealed court documents show us the math on that idea still does not add up. This case involves three players. Two of them are charged with being dirty cops who demanded bribes in certain situations. The other person is Thomas Moyer, Apple's Global Head of Security and former Chief Compliance Officer. He is accused of going along with bribery demands made by the officers to get what he needed.

130

130

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

NOVEMBER 23, 2020

The company is rolling out a patch today for the vulnerabilities, which allowed one researcher to break into one in 90 seconds and drive away.

Hacking 142

Hacking 142

Tech Republic Security

NOVEMBER 25, 2020

Tech companies are offering this emerging technology to help financial institutions secure data while it is being processed.

Banking 177

Banking Technology 177

Security Affairs

NOVEMBER 21, 2020

The Manchester United football club has been hit by a cyber attack on their systems, it is not aware of a breach of personal data for his fans. Manchester United disclosed a cyber attack, but according to the football club it is not “currently aware of any breach of personal data associated with our fans and customers”. The club confirmed the security breach on Friday evening, it shut down its systems to prevent the malware from spreading within.

Cyber Attacks 135

Cyber Attacks Media Malware Hacking 135

We Live Security

NOVEMBER 26, 2020

Here’s what to know about attacks where a fraudster has your number, literally and otherwise. The post SIM swap scam: What it is and how to protect yourself appeared first on WeLiveSecurity.

Scams 126

Scams 126

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Javvad Malik

NOVEMBER 27, 2020

I saw Cygenta posted their top 5 blogs of the year on Twitter and thought that it was a wonderful idea to rip off / borrow / be inspired by. So, I proudly present, my top 5 read blogs during the course of 2020. From my blog that is. I’ve written many other articles on other sites this year, and I’m sure some of them have been read more. Anyhow – on to the list. 5: Writing better risk statements Do you struggle to articulate security risks?

InfoSec 100

InfoSec CISO Risk 100

Tech Republic Security

NOVEMBER 24, 2020

Capturing the phone's IMSI number and MAC address, the leaked data could have made users trackable, potentially over their lifetimes, says Palo Alto Networks.

150

150

Security Affairs

NOVEMBER 24, 2020

Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the time it infected around half a million computers worldwide.

Adware 134

Adware Malware Hacking Software 134

Adam Shostack

NOVEMBER 25, 2020

As we launched the threat modeling manifesto , we ran into some trouble with TLS. Some of you even reported those troubles, by saying “it’s not working.” Thanks. That’s so helpful. Sarcasm aside, there’s a basic form to a helpful bug report: “I did A, and observed B.” If you want to make it really useful, add “I expected C,” or even “and the impact is D.” Let me compare and contrast with an example: “I clicked on the link I

100

100

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Threatpost

NOVEMBER 25, 2020

The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.

Hacking 138

Hacking Internet Internet IoT 138

Tech Republic Security

NOVEMBER 24, 2020

If you're looking for the best Android VPN, Jack Wallen thinks Google's take on the service might be the perfect fit for those wanting both performance and security.

VPN 143

VPN 143

Security Affairs

NOVEMBER 22, 2020

A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs. A threat actor, who goes online with the moniker “pumpedkicks,” has leaked online a list of exploits that could be exploited to steal VPN credentials from almost 50,000 Fortinet VPN devices. Researchers from Bank Security first reported the availability of the list of 49,577 IPs vulnerable to Fortinet SSL VPN CVE-2018-13379.

VPN 133

VPN Banking Government Hacking 133

CompTIA on Cybersecurity

NOVEMBER 23, 2020

Everyone should be prepared for a cyberattack. Developing an incident response plan and running a war gaming exercise gives employees the tools they need to respond quickly, mitigate the situation and return to business as usual.

123

123

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk