2020

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks.

Inside the Cit0Day Breach Collection

Troy Hunt

It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

COVID-19 and Acedia

Schneier on Security

Note: This isn’t my usual essay topic. Still, I want to put it on my blog. Six months into the pandemic with no end in sight, many of us have been feeling a sense of unease that goes beyond anxiety or distress.

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

Hackers are using internet-connected home devices to livestream “swatting” attacks, according to the FBI. Swatting is a dangerous prank where emergency services are called to respond to a life threatening situation that requires immediate intervention by police and/or S.W.A.T. teams.

IoT 245

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

When it was first introduced, device fingerprinting – or online fingerprinting in general – was meant to create a safer, more responsible internet. The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability.

Notice the Outrage Machines

Adam Shostack

With three days to the US election, the outrage machines are running on all cylinders. It’ll be easier to stay happy if you remember to notice them. To be clear, I’m not using a metaphor. Websites from news to social media use data to drive stories. Twitter’s top tweets, Facebook’s timeline, your local newspaper, but also Linkedin, Medium, Buzzfeed, – all are focused on keeping you on their site as long as possible to show you as many ads as possible.

Media 209

More Trending

Why Predator is the ultimate CISO movie

Javvad Malik

There’s often a lot of debate as to what the best security or hacking movie is. Many people talk about Hackers, or Sneakers, or try and slip Mr Robot into the mix. But they are all way way waaaaay off the mark.

CISO 208

Social Media Account Verification Messages: CyberCriminals’ Latest Phishing Technique Exploits Both Human Emotions And Anti-Fraud Techniques

Joseph Steinberg

Social media users’ delight at receiving notification that their accounts have qualified for Verification (that is, receiving the often-coveted “blue check mark” that appears on the social media profiles of public figures) has become the latest target of criminal exploitation.

Media 207

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned.

IMSI-Catchers from Canada

Schneier on Security

Gizmodo is reporting that Harris Corp.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

Sexuality, relationships and online dating are all rather personal things. They're aspects of our lives that many people choose to keep private or at the very least, share only with people of our choosing.

Hacking Apple for Profit

Schneier on Security

Five researchers hacked Apple Computer’s networks — not their products — and found fifty-five vulnerabilities. So far, they have received $289K.

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Troy Hunt

You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway.

2020 Oscar Nominees Used to Spread Malware

Adam Levin

Online scammers are using the 2020 Oscars to spread malware. A recent study released by Kaspersky Labs uncovered several hacking and phishing campaigns promising their targets free and early access to Best Picture nominees for this year’s Academy Awards.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages.

IoT 210

Free Threat Modeling Training

Adam Shostack

The current situation is scary and anxiety-provoking, and I can’t do much to fix that. One thing I can do is give people a chance to learn, and so I’m making my Linkedin Learning classes free this week. (I’m

208
208

IoT Unravelled Part 1: It's a Mess. But Then There's Home Assistant

Troy Hunt

With the benefit of hindsight, this was a naïve question: Alright clever IoT folks, I've got two of these garage door openers, what do you reckon the best way of connecting them with Apple HomeKit is?

IoT 283

I'm Open Sourcing the Have I Been Pwned Code Base

Troy Hunt

Let me just cut straight to it: I'm going to open source the Have I Been Pwned code base.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

US Orders Rare Emergency System Shut-Downs After Severe CyberSecurity Breach Hits Government And Businesses

Joseph Steinberg

The U.S. government instructed all of its civilian agencies to immediately shut off various popular network and system management products being exploited as part of an ongoing cyberattack.

Who’s Behind Wednesday’s Epic Twitter Hack?

Krebs on Security

Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams.

Thinking of a Cybersecurity Career? Read This

Krebs on Security

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills.

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

Been a lot of "victim blaming" going on these last few days. The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty.

Me on COVID-19 Contact Tracing Apps

Schneier on Security

I was quoted in BuzzFeed: "My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News.

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Krebs on Security

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week.

MGM Data Breach Affects Over 10 Million Customers

Adam Levin

The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year.

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.”

Repudiation Now Live on Linkedin Learning

Adam Shostack

My course, “ Repudiation in Depth ” is now live on Linkedin Learning. This is the fourth course I’ve created, starting with “ Learning Threat Modeling “, and courses on “ spoofing “, “ tampering “, and now, repudiation.

Turn on MFA Before Crooks Do It For You

Krebs on Security

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen.

Analysing the (Alleged) Minneapolis Police Department "Hack"

Troy Hunt

The situation in Minneapolis at the moment (and many other places in the US) following George Floyd's death is, I think it's fair to say, extremely volatile.

Warning To Employers And Their Former Employees: Ex-Engineer Sentenced To 2 Years In Prison For Hacking Cisco’s WebEx

Joseph Steinberg

A former Cisco engineer was sentenced this past Wednesday (December 9, 2020) to 24 months in prison (and a $15,000 fine) for accessing Cisco’s network, and subsequently causing a service outage of Cisco’s WebEx Teams video conferencing service.

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.

The Unattributable "db8151dd" Data Breach

Troy Hunt

I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine.

NSA on Authentication Hacks (Related to SolarWinds Breach)

Schneier on Security

The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.”