Troy Hunt

JANUARY 21, 2020

Geez time flies. It's just a tad under 4 years ago that I wrote about teaching kids to code with code.org which is an amazing resource for young ones to start learning programming basics. In that post I shared a photo of my then 6-year-old son Ari holding a Lenovo Yoga 900 I gifted him as part of the Insiders program I'm involved in: He got a lot of mileage out of that machine and learned a lot about the basics of both code and using a PC.

Backups 318

Backups Software 318

Krebs on Security

JANUARY 20, 2020

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. Tucker Preston , 22, of Macon, Ga., pleaded guilty last week in a New Jersey court to one count of damaging protected computers by transmission of a program, code or command.

DDOS 291

DDOS Internet Internet System Administration 291

Schneier on Security

JANUARY 22, 2020

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service , a remote access protoco

IoT 305

IoT Passwords Internet Internet 305

Adam Shostack

JANUARY 22, 2020

There’s a fascinating talk by Dan Luu, “ Files are Fraught With Peril. ” The talk itself is fascinating, in a horrifying, nothing works, we’re going to give up and raise goats now sort of way. He starts from the startling decision of Dropbox to drop support for all Linux filesystems except Ext4. This surprising decision stems from the fact that a filesystem is a leaky abstraction, The interaction between performance and reliability means that fsync behaves strangely.

Engineering 162

Engineering Software 162

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

JANUARY 24, 2020

Alright, let me get this off my chest first - I've totally lost it with these bloody Instamics. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception). I was left with a zero-byte file on my unit which we tried to recover to no avail. It's not just that; the mobile app is clunky AF (Scott was demonstrating how many times he had to mash a button on his just to get it to connect to a mic),

Firmware 220

Firmware Mobile 220

Krebs on Security

JANUARY 24, 2020

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers

DNS 252

DNS Social Engineering Engineering Accountability 252

The Last Watchdog

JANUARY 20, 2020

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

Cyber Insurance 171

Cyber Insurance Insurance Data breaches Risk 171

Troy Hunt

JANUARY 18, 2020

We're in Norway! More specifically, Scott Helme and I are in Hafjell and recording this after a day on the snow before heading back to Oslo and the NDC Security conference next week. For now though, we're talking about some really screwy global roaming behaviour with telcos, the Danish gov coming onto HIBP, babies in data breaches and the takedown of We Leak Info.

Data breaches 164

Data breaches 164

Krebs on Security

JANUARY 22, 2020

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. Beta versions of iOS 13.3.1 include a new setting that lets users disable the “Ultra Wideband” feature, a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature.

Wireless 209

Wireless Technology Software 209

Schneier on Security

JANUARY 21, 2020

SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside the phone companies.

Authentication 277

Authentication Wireless Backups Accountability 277

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 21, 2020

Among 60,000 large companies analyzed by security ratings company BitSight, almost 90% still have Windows 7 PCs in their environment.

205

205

Adam Levin

JANUARY 24, 2020

Mitsubishi Electric Corporation announced that it experienced a major data breach in June 2019 that has been traced back to a Chinese hacking group. “[O]ur network has been subject to unauthorised access by third parties. We have confirmed that trade secrets may have leaked out,” the company announced in a brief press release January 20. . The announcement from the electronics giant was released shortly after two Japanese newspapers, Nikkei and Asahi Shimbum reported on the breach.

Data breaches 131

Data breaches Hacking Software 131

Security Affairs

JANUARY 20, 2020

Expert found a hardcoded SSH public key in Fortinet ’s Security Information and Event Management FortiSIEM that can allow access to the FortiSIEM Supervisor. . Andrew Klaus, a security specialist from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used by attackers to the FortiSIEM Supervisor. .

Authentication 145

Authentication Firmware Advertising Firewall 145

Schneier on Security

JANUARY 20, 2020

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared.

Identity Theft 262

Identity Theft Government Technology 262

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JANUARY 22, 2020

The cybercriminals behind the powerful banking malware have turned their attention to government targets like Sen. Cory Booker.

Malware 178

Malware Banking Government 178

Dark Reading

JANUARY 24, 2020

The DEF CON Social Engineering Capture the Flag contest inspired a new event aimed at teaching both security and non-security professionals on the fine art of hacking human behavior.

Social Engineering 108

Social Engineering Engineering Hacking 108

Security Affairs

JANUARY 24, 2020

Danish security researcher Ollypwn has released DOS exploit PoC for critical vulnerabilities in the Windows RDP Gateway. The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

Advertising 129

Advertising Firewall Education Engineering 129

Schneier on Security

JANUARY 21, 2020

Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking: Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a "clear role in facilitating the commission of a crime.

Cybercrime 173

Cybercrime Passwords Government Hacking 173

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JANUARY 21, 2020

A security key is a good option to use for two-factor authentication when logging into certain websites.

Authentication 185

Authentication 185

Dark Reading

JANUARY 24, 2020

There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.

IoT 120

IoT 120

Security Affairs

JANUARY 21, 2020

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. This is not the first time Fbot analysis has been published, and also Fbot binaries have been actively infecting the IoT devices since way before 2018.

DDOS 123

DDOS IoT Malware Advertising 123

Threatpost

JANUARY 24, 2020

The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.

Passwords 116

Passwords 116

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JANUARY 21, 2020

Managing multiple devices can be a full-time job. With a few tools in your arsenal, you can optimize mobile devices for zero-touch management.

Mobile 156

Mobile 156

Dark Reading

JANUARY 22, 2020

For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.

Ransomware 93

Ransomware 93

Security Affairs

JANUARY 20, 2020

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. According to the company, attackers did not obtain sensitive information about defense contracts. The breach was detected almost eight months ago, on June 28, 2019, with the delay being attributed to the increased complexity of the investigation caused by the attac

Data breaches 115

Data breaches Media Computers and Electronics Cyber Attacks 115

Threatpost

JANUARY 24, 2020

Ransomware actors are turning their sights on larger enterprises, making both average cost and downtime inflicted from attacks skyrocket.

Ransomware 104

Ransomware Phishing Malware 104

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JANUARY 24, 2020

Cybercriminals created a homemade RAT that uses multiple cloud services and targets countries like Saudi Arabia, Iraq, Egypt, Libya, Algeria, and Morocco.

141

141

Daniel Miessler

JANUARY 21, 2020

This is UL Member Content Subscribe Already a member? Login No related posts.

Information Security 100

Information Security 100

Security Affairs

JANUARY 18, 2020

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020. Cybercrime will cost as much as $6 trillion annually by 2021. The global expense for organizations to protect their systems from cybercrime attacks will continue to grow. According to the Cybersecurity Ventures’ cybercrime statistics 2017 cybercrime damages will amount to a staggering $6 trillion annually starting in 2021.

Cybercrime 115

Cybercrime Small Business Data breaches Mobile 115

Threatpost

JANUARY 21, 2020

CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover.

Internet 110

Internet Internet 110

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk