Krebs on Security

JULY 4, 2020

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States.

Accountability 275

Accountability Passwords Authentication Insurance 275

Troy Hunt

JULY 6, 2020

Last week, I received my 10th Microsoft Most Valuable Professional award. Being recognised as an MVP was a pivotal moment in my career and to continue receiving the award all these years later is an honour. Particularly given recent events that have made it exceptionally difficult to sustain community contributions , the recognition is particularly significant this year.

Media 271

Media 271

Adam Levin

JULY 7, 2020

A Russia-based hacking group is exploiting the current Covid-19 pandemic to target and compromise U.S. companies with multiple strains of malware, according to a new report. Cybersecurity firm Symantec released a warning that the Russian hacking group “Evil Corp” has been behind a widespread hacking campaign against over thirty U.S. organizations, including eight Fortune 500 companies.

Ransomware 261

Ransomware Malware Hacking Banking 261

Schneier on Security

JULY 9, 2020

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread.

276

276

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 6, 2020

A low-quality batch of malicious tools can sell for as low as $70, while a premium set can go as high as $6,000, according to the security research site Privacy Affairs.

Malware 198

Malware 198

Troy Hunt

JULY 10, 2020

Wow! Loving that 4K camera ?? Or perhaps more specifically, just loving that camera and lens and I reckon it'll still be awesome in 1080p. But this week, I decided to go all out in super hi-def just to see how it looked. The captured video was 13.1GB but rendered down at 2.3GB out of Premiere so it's obviously applied some compression, but still looks amazing IMHO.

Authentication 180

Authentication 180

Schneier on Security

JULY 8, 2020

It is amazing that this sort of thing can still happen: the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long way to go to secure the IoT.

IoT 270

IoT Passwords Internet Internet 270

Tech Republic Security

JULY 6, 2020

The US National Security Agency has noticed a surge in cyberattacks targeting VPNs since the COVID-19 pandemic has forced more people to work from home.

VPN 187

VPN 187

Daniel Miessler

JULY 6, 2020

THIS WEEK’S TOPICS: Encrochat breach, F5 Big Problem, DHS Social Election Query, WastedLocker, India Bans Chinese Apps, Florida DNA Privacy, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Adam Levin

JULY 8, 2020

There is no overestimating the value of your company’s domain name. Whether you work for a big brand or run a mom-and-pop dot-com, the goal is easy navigation to your site. A prospective client or customer types your company name and their browser does the rest. What would happen if you typed in “Amazon,” the corresponding domain popped up, and you clicked, but instead of finding the world’s largest online retailer, you landed on a 1980s WarGames-themed page with a lau

Hacking 130

Hacking Retail Cyber Insurance Authentication 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

JULY 7, 2020

The BSA -- also known as the Software Alliance, formerly the Business Software Alliance -- is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things.". They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and international policies.

IoT 263

IoT Internet Internet Software 263

Tech Republic Security

JULY 8, 2020

The US Secret Service has warned organizations about a rise in hacks of MSPs and offers advice on how to beef up security.

Hacking 208

Hacking 208

Security Affairs

JULY 5, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about cyberattacks from the Tor network. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) is warning enterprises of cyberattacks launched from the Tor network. Threat actors leverage the Tor network to hide the real source of their attacks and avoid that their C2 infrastructure could be identified and shut down by.

Risk 144

Risk Hacking Cybersecurity Technology 144

Adam Shostack

JULY 7, 2020

The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. It’s an important and broad coalition to protect the ability of American companies to deliver security to their customers. I’m honored to be one of the signers.

Internet 100

Internet Internet Encryption 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

JULY 6, 2020

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It's a good reminder to get your software from trustworthy sources, like developers whose code is "signed" by Apple to prove its legitimacy, or from Apple's App Store itself.

Ransomware 254

Ransomware Spyware Cryptocurrency Passwords 254

Tech Republic Security

JULY 6, 2020

A new phishing campaign spotted by Abnormal Security attempts to trick people with a phony Twitter security notification.

Phishing 206

Phishing Accountability 206

Security Affairs

JULY 9, 2020

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data.

Engineering 133

Engineering Advertising Authentication Passwords 133

Threatpost

JULY 9, 2020

Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.

Adware 124

Adware Malware Government Wireless 124

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Schneier on Security

JULY 10, 2020

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's management of distant-water fishing (DWF), and crucial for protecting the squid fishing industry.

252

252

Tech Republic Security

JULY 9, 2020

In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.

Phishing 187

Phishing 187

Security Affairs

JULY 9, 2020

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the UMX U686CL phone was sold with pre-installed malware as part of the government-funded Lifeline Assistance program by Vi

Malware 124

Malware Wireless Mobile Advertising 124

Threatpost

JULY 10, 2020

Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.

Wireless 134

Wireless Internet Internet 134

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Schneier on Security

JULY 10, 2020

It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more. Stop by. And thank you for supporting EFF.

237

237

Tech Republic Security

JULY 9, 2020

A new variant targeted Android users to subscribe them to premium services without their consent, according to Check Point Research.

Malware 186

Malware 186

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows r evealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites.

Cybercrime 117

Cybercrime Antivirus Marketing Accountability 117

Dark Reading

JULY 6, 2020

Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.

IoT 106

IoT Internet Internet 106

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Schneier on Security

JULY 10, 2020

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and acquisitions; the group typically requests hundreds of thousands or even millions of dollars as part of its hus

Scams 219

Scams Accountability Authentication Phishing 219

Tech Republic Security

JULY 7, 2020

The certification company will host prep sessions for the National Cyber League's cybersecurity competitions for individuals and teams.

Cybersecurity 180

Cybersecurity 180

Security Affairs

JULY 8, 2020

Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability. Unfortunately, threat actors in the wild were already using the bypass technique before its public disclosure.

Advertising 115

Advertising InfoSec Government Healthcare 115

Dark Reading

JULY 10, 2020

Devices out of sight for the past several months could spell trouble when employees bring them back to work.

136

136

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk