Schneier on Security

FEBRUARY 13, 2021

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the m

Surveillance 357

Surveillance Internet Internet Government 357

Troy Hunt

FEBRUARY 16, 2021

As I progressively make my house smarter and smarter , I find I keep butting against the intersection of where smart stuff meets dump stuff. Take light globes, for example, the simplest circuit you can imagine. Pass a current through it, light goes on. Kill the current, light goes off. We worked that out back in the 19th century and everything was fine. until now.

IoT 347

IoT 347

Krebs on Security

FEBRUARY 15, 2021

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.

Retail 299

Retail Accountability Banking Risk 299

Tech Republic Security

FEBRUARY 18, 2021

In a webinar Wednesday, former US Homeland Security director Christopher Krebs also suggested organizations have COVID workforce coordinators and that cloud mail providers activate MFA by default.

Cybersecurity 191

Cybersecurity 191

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 15, 2021

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside. The interaction plays out almost exactly like it did in the department — when Devermont starts asking questions, Fair turns on the music.

Media 344

Media Accountability Hacking 344

Lohrman on Security

FEBRUARY 14, 2021

356

356

Tech Republic Security

FEBRUARY 17, 2021

Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.

186

186

Schneier on Security

FEBRUARY 17, 2021

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.). Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less track

VPN 340

VPN 340

Bleeping Computer

FEBRUARY 19, 2021

A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington. [.].

Data breaches 142

Data breaches Ransomware 142

Security Boulevard

FEBRUARY 15, 2021

Phishing attacks rose 220 per cent during the height of the Covid-19 pandemic compared to the yearly average -Gulf Business Continue reading. The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Kratikal Blog. The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Security Boulevard.

Phishing 145

Phishing Cyber threats 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

FEBRUARY 19, 2021

Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.

Phishing 209

Phishing 209

Schneier on Security

FEBRUARY 15, 2021

At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild.

Technology 296

Technology Software Hacking 296

Bleeping Computer

FEBRUARY 18, 2021

Attackers are abusing Google's Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online. [.].

144

144

Security Boulevard

FEBRUARY 15, 2021

In January 2020, no one could have predicted how unpredictable the coming year would be. But despite the seismic changes to the way we work, the biggest network security threats to organizations were mostly the same old threats we’ve been facing for the past five years. Yet even the largest enterprises with the most advanced, The post Network Security: 5 Fundamentals for 2021 appeared first on Security Boulevard.

Network Security 145

Network Security Cybersecurity 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

FEBRUARY 17, 2021

Information protection makes sure that only people with permissions see data in Power BI, while retaining the ability to share top-level trends, balancing productivity and security.

169

169

Schneier on Security

FEBRUARY 19, 2021

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of Linux. Most devices are still powered with a 2.6 Linux kernel, which is no longer maintained for many years.

Firmware 274

Firmware Software Engineering Internet 274

Malwarebytes

FEBRUARY 17, 2021

The audio-chat app Clubhouse is the latest rage in the social media landscape. What makes it so popular and, now it’s part of the social media landscape, can we trust it? The Clubhouse app. Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It is different from other social media in that it focuses on the spoken word.

Media 145

Media Internet Internet Data privacy 145

Security Boulevard

FEBRUARY 19, 2021

If you are familiar with “The Flight Attendant,” you know it is a quirky murder mystery shown on HBOMax. Yet, hidden within the murder mystery is a subplot of espionage and intrigue reminiscent of any number of today’s real-life espionage cases involving corporations and nation-states. Teaching moments abound, and it’s worthy of approbation; the series.

Social Engineering 144

Social Engineering Engineering Security Awareness 144

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

FEBRUARY 16, 2021

Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.

Risk 192

Risk DDOS Cybersecurity 192

Schneier on Security

FEBRUARY 15, 2021

The US Cyber Command has released a series of ten Valentine’s Day “Cryptography Challenge Puzzles.” Slashdot thread. Reddit thread. (And here’s the archived link, in case Cyber Command takes the page down.).

245

245

Trend Micro

FEBRUARY 14, 2021

We discovered vulnerabilities in the SHAREit application. The vulns can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.

Cyber threats 143

Cyber threats Mobile 143

CyberSecurity Insiders

FEBRUARY 16, 2021

Pfizer company that has produced a life saving vaccine to counter the spread of Corona Virus is back in news. The intelligence committee, funded by South Korea’s National Assembly, has revealed that a cyber attack launched on Pfizer at the end of last year was launched by North Korean hackers to steal the intelligence of vaccine research that was co-sponsored by BioNTech.

Cyber Attacks 144

Cyber Attacks Insurance Backups Encryption 144

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

FEBRUARY 19, 2021

A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer.

Ransomware 191

Ransomware 191

Schneier on Security

FEBRUARY 18, 2021

The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers.

Information Security 256

Information Security 256

Bleeping Computer

FEBRUARY 15, 2021

The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group. [.].

Hacking 140

Hacking 140

CyberSecurity Insiders

FEBRUARY 16, 2021

An Interview with Joe Green, Netskope. Key takeaways. There are risks associated with a remote workforce and the at-home use of business devices and IoT devices, but the right tools are available now to continuously manage these risks. There is an ongoing increase in cloud-delivered malware, and more data loss via cloud file sharing, hosting, and email.

Cybersecurity 143

Cybersecurity IoT Malware Risk 143

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

FEBRUARY 19, 2021

The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Here are tips on how businesses can try to thwart cybercrime.

Cybercrime 159

Cybercrime Security Defenses Cyber Attacks 159

Security Boulevard

FEBRUARY 18, 2021

Oracle Corp. stands accused of selling analytics to Chinese police forces that’s being used to hunt down political dissidents and lock up Uyghur Muslims. The post Oracle is Said to Help China Find Dissidents and Jail Minorities appeared first on Security Boulevard.

Social Engineering 142

Social Engineering Surveillance Engineering Risk 142

Bleeping Computer

FEBRUARY 15, 2021

Microsoft released Windows Terminal Preview v1.5 this week, and it comes with some useful improvements, including full support for clickable hyperlinks, command palette improvements, emoji icon support, and more. [.].

142

142

We Live Security

FEBRUARY 16, 2021

The vaccination push provides a vital shot in the arm for the world’s battle against the pandemic, but it's also a topic ripe for exploitation by fraudsters and purveyors of misinformation. The post Beware of COVID‑19 vaccine scams and misinformation appeared first on WeLiveSecurity.

Scams 141

Scams 141

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk