Krebs on Security

JULY 1, 2020

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and th

Ransomware 297

Ransomware Cybercrime Encryption Malware 297

Schneier on Security

JULY 3, 2020

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm's own servers, and even physically removed the GPS, camera, and microphone functionality from

Hacking 336

Hacking Telecommunications Encryption Firewall 336

Adam Levin

JUNE 30, 2020

We’re not even halfway through 2020, and already it’s been a record-breaking year for ransomware attacks. Barely a week goes by without reports of a new strain or variant of malware wreaking havoc among companies. 1-99-employee companies are a target. No industry, category, size, or group is safe from this cyber scourge. We hear about the big ones.

Ransomware 186

Ransomware Insurance Cyber Insurance Manufacturing 186

Tech Republic Security

JULY 1, 2020

Companies have increased their reliance on cloud-based security platforms to protect sensitive data as a result of the coronavirus pandemic, according to a new survey.

213

213

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JUNE 30, 2020

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.

Retail 297

Retail Banking Hacking Cybercrime 297

Schneier on Security

JUNE 29, 2020

iOS apps are repeatedly reading clipboard data , which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a banner warning every time an app reads clipboard contents.

299

299

Tech Republic Security

JUNE 29, 2020

The new Edge browser will soon warn you if one of your passwords shows up in a data breach -- a feature based on an Azure service that enterprises can already use to protect user passwords.

Passwords 196

Passwords Data breaches 196

Adam Shostack

JULY 2, 2020

This talk by Alyssa Miller is fascinating and thought provoking. She frames a focus on integrating threat modeling into devops. The question of ‘what are we working on’ is answered with use cases, and threat modeling for that sprint is scoped to the use cases. ‘What can go wrong’ is focused on a business analysis of what can go wrong with private data, critical functions, financial assets, people assets or secrets.

Hacking 130

Hacking 130

Schneier on Security

JULY 1, 2020

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the regulations on the domestic company that's selling the stuff to consumers.

IoT 298

IoT Manufacturing Cybersecurity 298

Daniel Miessler

JUNE 28, 2020

THIS WEEK’S TOPICS: Chinese diplomats stealing secrets, COVID flying risk, RT interviewing US cops, Army Ignite future predictors, China launches its GPS network, Russians paid bounties to kill US troops, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes.

Technology 130

Technology Risk Information Security 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 30, 2020

Many companies are hampered by the use of too many security tools and the lack of specific playbooks for common attacks, says IBM Security.

218

218

Lenny Zeltser

JULY 1, 2020

Writing about cybersecurity threats, such as phishing campaigns, malware infections, and attack groups, is challenging for many reasons. How should you decide what details to include? How can you persuade the readers that your analysis is sound? How might you address the needs of multiple audiences? I’m happy to share what I’ve learned over the years about writing effective threat reports in the following 36-minute video.

Threat Reports 145

Threat Reports Phishing Malware Cybersecurity 145

Schneier on Security

JUNE 30, 2020

Google has removed 25 Android apps from its store because they steal Facebook credentials : Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, fl

Mobile 283

Mobile Malware 283

Security Affairs

JUNE 28, 2020

Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack. Asian media firm E27 has been hacked by a hacking group identifying themselves as “Korean Hackers” and “Team Johnwick”that asked for a “donation” to provide information on the vulnerabilities they have exploited in the attack.

Media 141

Media Hacking Passwords Data breaches 141

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JULY 2, 2020

A report from Comparitech found that since 2005 K–12 districts and colleges/universities have been attacked more than 1,300 times.

218

218

WIRED Threat Level

JULY 3, 2020

Iran, China, Russia—the gang was all here in the first half of this year. Oh, and also an unprecedented pandemic that’s been a boon for hackers.

Hacking 145

Hacking 145

Threatpost

JUNE 29, 2020

Comparitech’s Paul Bischoff found that Amazon’s facial recognition platform misidentified an alarming number of people, and was racially biased.

Data privacy 144

Data privacy 144

Security Affairs

JUNE 30, 2020

A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020. A threat actor is selling databases that contain user records for 14 different organizations he claimed were hacked in 2020, only for four of them ( HomeChef , Minted , Tokopedia , and Zoosk ) were previously reported data breaches.

Data breaches 141

Data breaches Hacking Passwords Risk 141

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JUNE 29, 2020

Cybersecurity group pivots from speaking engagements and scholarships to analyzing skill gaps and connecting candidates with employers.

Cybersecurity 214

Cybersecurity 214

Adam Shostack

JUNE 30, 2020

There’s an interesting and detailed blog post from Antti Vähä-Sipilä and Heli Syväoja at the F-Secure blog, Using SAFe® to align cyber security and executive goals in an agile setting. What I find most useful is the detailed and specific elements of how to bring threat modeling into the Scaled Agile Framework, in particular: Security and privacy work need to be visible on backlogs.

Risk 100

Risk 100

Lenny Zeltser

JULY 1, 2020

In June 2020, the Federal Trade Commission (FTC) warned that “imposters are filing claims for unemployment benefits [in the US], using the names and personal information of people who have not filed claims.” How do such scams look from the victim’s perspective, and what can you do if you’re affected? As a victim of this scheme, I’d like to share my experience.

Identity Theft 116

Identity Theft Insurance Scams Accountability 116

Security Affairs

JUNE 27, 2020

The France Télévisions group announced yesterday that it was hit by a cyber attack, targeting one of its broadcasting sites. The France Télévisions group announced Friday that it was the victim of a cyber attack that targeted one of its broadcasting sites. According to the group, the attack did not impact its antennae. “One of its dissemination sites has been infected with a computer virus.” reads a statement issued by the Franch group.

Cyber Attacks 137

Cyber Attacks Backups Advertising Media 137

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JULY 2, 2020

Almost three quarters of all requests for analysis to Kaspersky's Threat Intelligence Portal were for trojans, backdoors, and droppers.

211

211

SecureWorld News

JULY 1, 2020

Phishing emails are increasingly attempting to launch ransomware attacks against organizations. This includes a newly discovered family, or strain of ransomware, called Avaddon. Proofpoint research: rise in email based ransomware. Throughout June, security researchers noticed an increase in email-based ransomware attacks. Proofpoint's Security Brief on the uptick notes how broad this shift has been: "Daily volumes ranged from one to as many as 350,000 messages in each campaign, and over one mill

Ransomware 114

Ransomware Manufacturing Telecommunications Healthcare 114

Dark Reading

JUNE 30, 2020

Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.

CISO 110

CISO 110

Security Affairs

JULY 1, 2020

Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products. Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI).

Authentication 134

Authentication Firmware Hacking Mobile 134

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JUNE 30, 2020

New resource lists source IPs, connect-back servers, and attack flows for established campaigns and emerging threats.

216

216

Threatpost

JULY 2, 2020

New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer.

Malware 137

Malware Phishing Mobile Hacking 137

Dark Reading

JULY 3, 2020

Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.

Cybersecurity 107

Cybersecurity 107

Security Affairs

JULY 2, 2020

Sodinokibi ransomware (aka REvil) operators are demanding a $14 million ransom from Brazilian-based electrical energy company Light S.A. Sodinokibi ransomware (aka REvil) operators have breached the Brazilian-based electrical energy company Light S.A. and are demanding a $14 million ransom. The company issued comments to a local newspaper confirming the attack , Light S.A. admitted the intrusion to a local newspaper, but it did provide technical details of the security breach either disclose th

Ransomware 128

Ransomware Malware Encryption Hacking 128

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk