Krebs on Security

MAY 26, 2020

A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division.

Government 333

Government Media 333

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Digital commerce would fly apart if businesses could not reliably affirm the identities of all humans and all machines, that is, computing instances, that are constantly connecting to each other across the Internet. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication.

Authentication 218

Authentication Cloud Migration Accountability Digital transformation 218

Schneier on Security

MAY 27, 2020

Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors. Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I marked out the ports and what they are known for (with a few blanks for ones I am unfamiliar with): 5900: VNC. 5901: VNC port 2. 5902: VNC port 3. 5903: VNC port 4. 5279: 3389: Windows remote desktop / RD

Banking 294

Banking 294

Troy Hunt

MAY 29, 2020

First time back in a restaurant! Wandering down my local dining area during the week, I was rather excited to see a cafe that wasn't just open, but actually had spare seating. Being limited to only 10 patrons at present, demand is well in excess of supply and all you have to do is leave some contact info in case someone else in the restaurant tests positive at a later date.

Data breaches 207

Data breaches VPN Government 207

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

MAY 23, 2020

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S. states struggle to combat a tsunami of phony Pandemic Unemployment Assistance (PUA) claims.

Insurance 323

Insurance Accountability Banking Government 323

Tech Republic Security

MAY 29, 2020

People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.

Social Engineering 206

Social Engineering Engineering Hacking Cybersecurity 206

Adam Levin

MAY 26, 2020

Over 25 million user logins and passwords from a popular math app are being offered for sale on the dark web following a data breach. Mathway, a popular app for iOS and Android devices, recently uncovered evidence of the breach after a hacking group announced it was selling Mathway user data on the dark web for roughly $4,000 in Bitcoin. . ShinyGroup, a hacking group notorious for selling compromised data, announced that they had breached Mathway in January 2020.

Data breaches 150

Data breaches Passwords Accountability Encryption 150

Krebs on Security

MAY 29, 2020

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offende

Cybercrime 265

Cybercrime System Administration Marketing Malware 265

Tech Republic Security

MAY 28, 2020

Scammers are increasingly exploiting file sharing sites such as Google Docs and Microsoft Sway to steal user credentials, according to Barracuda Networks.

Phishing 209

Phishing 209

Schneier on Security

MAY 29, 2020

The 5GBioShield sells for £339.60, and the description sounds like snake oil : its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF [electromagnetic field] emitting device".

Technology 264

Technology 264

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Daniel Miessler

MAY 25, 2020

THIS WEEK’S TOPICS: Twitter Bots, Face Recognition Headsets, Chrome Bug Memories, Virtual Currency, White House OPSEC, Realtime Language Translation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. Subscribe To Podcast. Show Notes.

Technology 130

Technology Information Security 130

Krebs on Security

MAY 28, 2020

The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail.

Cybercrime 231

Cybercrime DDOS Advertising Hacking 231

Tech Republic Security

MAY 28, 2020

The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security.

Phishing 214

Phishing Accountability 214

Schneier on Security

MAY 26, 2020

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key.

Authentication 264

Authentication Wireless Manufacturing Technology 264

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

MAY 29, 2020

Security experts from Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. A few weeks ago, threat intelligence firm Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. According to the experts, the leak includes government data of an entire country, it was leaked online by a reputable actor that goes online with moniker ‘Toogod.”. “A few weeks ago, our researchers came across a leaked databa

Advertising 141

Advertising Data breaches Government Information Security 141

Dark Reading

MAY 26, 2020

Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your organization has fallen victim and is going to pay. Here's how to handle it.

Ransomware 135

Ransomware 135

Tech Republic Security

MAY 26, 2020

Bryson Bort, founder and CEO of cybersecurity company SCYTHE, fears "death by a thousand paper cuts" more than than a digital apocalypse. He also shares his views on how well cyber-deterrence works.

Cybersecurity 179

Cybersecurity Ransomware 179

Schneier on Security

MAY 29, 2020

Note that this is " announced ," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling out on Android in March and is now bringing to iOS, uses machine learning analysis of communications across Faceb

Encryption 233

Encryption Accountability 233

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

MAY 29, 2020

Threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks, Kaspersky reported. Researchers from Kaspersky’s ICS CERT unit reported that threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks. The experts first observed the attacks in early 2020, while in early May, threat actors targeted organizations in Japan, Italy, Germany and the UK.

Phishing 136

Phishing Malware Advertising Encryption 136

Adam Shostack

MAY 28, 2020

As I built out my home studio to record videos for my distributed classes, I was lucky enough to be able to find an in-stock HDMI capture card, but those are harder and harder to find. As it turns out, you may be able to avoid the need for that with a mix of apps. This article on PetaPixel points to Camera Live (Maybe Canon only), Camtwist. The key step in getting this to work with Zoom is. sudo codesign --remove-signature /Applications/zoom.us.app/.

100

100

Tech Republic Security

MAY 29, 2020

Zero trust means rethinking the safety of every bit of tech on a network. Learn five steps to building a zero trust environment.

210

210

WIRED Threat Level

MAY 28, 2020

In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim.

Hacking 138

Hacking 138

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

MAY 23, 2020

Officials revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims. The Florida Department of Economic Opportunity revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims. It has notified 98 people that have been impacted by the incident, government representatives didn’t disclose when the breach took place either the number of the affected indivi

Data breaches 136

Data breaches Advertising Government Hacking 136

Adam Shostack

MAY 26, 2020

There’s an interesting article by Phil Bull, “ Why you can ignore reviews of scientific code by commercial software developers “ It’s an interesting, generally convincing argument, with a couple of exceptions. (Also worth remembering: What We Can Learn From the Epic Failure of Google Flu Trends.). The first interesting point is the difference between production code and exploratory code.

Software 100

Software Engineering Risk 100

Tech Republic Security

MAY 26, 2020

Bryson Bort, founder and CEO of cybersecurity company SCYTHE, fears "death by a thousand paper cuts" more than than a digital apocalypse. He also shares his views on how well cyber-deterrence works.

Cybersecurity 177

Cybersecurity Ransomware 177

InfoWorld on Security

MAY 26, 2020

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

143

143

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

MAY 23, 2020

Experts reported the existence of a botnet, tracked as Silent Night based on the Zeus banking Trojan that is available for sale in several underground forums. This week researchers from Malwarebytes and HYAS published a report that included technical details on a recently discovered botnet, tracked as Silent Night, being distributed via the RIG exploit kit and COVID-19 malspam campaign. .

Banking 133

Banking Advertising Malware Cybercrime 133

Dark Reading

MAY 27, 2020

A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.

111

111

Tech Republic Security

MAY 29, 2020

In the digital age, paper files--even those containing sensitive information--are not usually considered as high a security risk. Experts say that's a mistake.

Risk 186

Risk 186

WIRED Threat Level

MAY 23, 2020

The Unc0ver tool works on all versions of iOS from 11 to 13.5, the current release.

145

145

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk