July, 2021

As Ransomware Surge Continues, Where Next for Government?

Lohrman on Security

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others

Disrupting Ransomware by Disrupting Bitcoin

Schneier on Security

Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

Joseph Steinberg

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

The Life Cycle of a Breached Database

Krebs on Security

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals.

The Presenting Vendor Paradox

Daniel Miessler

There’s a paradox in information security where the community wants two things at once: High quality research and talks, and. Unbiased research and talks. I’ve personally been one of these affiliated speakers countless times.

More Trending

NSO Group Hacked

Schneier on Security

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists.

Welcoming the Dutch Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches.

NEW TECH: How the emailing of verified company logos actually stands to fortify cybersecurity

The Last Watchdog

Google’s addition to Gmail of something called Verified Mark Certificates (VMCs) is a very big deal in the arcane world of online marketing. Related: Dangers of weaponized email. This happened rather quietly as Google announced the official launch of VMCs in a blog post on July 12. Henceforth companies will be able to insert their trademarked logos in Gmail’s avatar slot; many marketers can’t wait to distribute email carrying certified logos to billions of inboxes.

Serial Swatter Who Caused Death Gets Five Years in Prison

Krebs on Security

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.

Dead Drops and Security Through Obscurity

Daniel Miessler

There’s massive confusion in the security community around Security Through Obscurity. In general, most people know it’s bad, but they can’t say exactly why.

CISO Vincent Hoang on Cybersecurity in Hawaiian Government

Lohrman on Security

Vincent Hoang became the CISO in Hawaii in 2016. In this interview, Vince shares his journey and cyber priorities in protecting the Aloha State, particularly among the challenges presented by COVID-19

CISO 233

De-anonymization Story

Schneier on Security

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling.

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

The Last Watchdog

It was bound to happen: a supply-chain compromise, ala SolarWinds, has been combined with a ransomware assault, akin to Colonial Pipeline, with devasting implications. Related: The targeting of supply chains. Last Friday, July 2, in a matter of a few minutes, a Russian hacking collective, known as REvil, distributed leading-edge ransomware to thousands of small- and mid-sized businesses (SMBs) across the planet — and succeeded in locking out critical systems in at least 1,500 of them.

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD.

What Your CISO Can Learn From Logan Paul vs Floyd Mayweather

Javvad Malik

Logan Paul and his brother Jake Paul are what you could call social media celebrities. They amassed over 20 million followers across YouTube, Vine, Instagram, and others over the years through different types of content, sketches, and pranks.

CISO 191

Book Review: Present Future — Business, Science and the Deep Tech Revolution

Lohrman on Security

Guy Perelmuter offers an insightful, easy to read, helpful guide to present and future technology in business areas ranging from the future of jobs to AI and from cryptocurrencies to quantum computing.

Hiding Malware in ML Models

Schneier on Security

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models” Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns.

Welcoming the Israeli Government to Have I Been Pwned

Troy Hunt

Marking the 25th national CERT to have full and free API level access to in HIBP, I'm very happy to welcome CERT-IL in the Israel National Cyber Directorate (INCD) on board.

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

The Last Watchdog

The video game industry saw massive growth in 2020; nothing like a global pandemic to drive people to spend more time than ever gaming. Related: Credential stuffers exploit Covid 19 pandemic. Now comes a report from Akamai detailing the extent to which cyber criminals preyed on this development. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019.

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups.

How to Make Threat Detection Better?

Anton on Security

I keep coming to the same topic over and over? —?why why are we still bad at detecting threats? I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write.

Collaboration in Threat Modeling

Adam Shostack

It’s the latest in the World’s Shortest Threat Modeling videos! Also, I set up [link] to make it easy to find my Youtube channel. threat modeling videos

130
130

I Am Parting With My Crypto Library

Schneier on Security

The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s.

Weekly Update 254

Troy Hunt

The plan this week was to do a super simple update whilst having some time out. In the back yard, sun shining, iPad, Air Pods, all good. Mostly all good - the sound quality on those Air Pods is absolute rubbish.

206
206

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

The Last Watchdog

Company-supplied virtual private networks (VPNs) leave much to be desired, from a security standpoint. Related: How ‘SASE’ is disrupting cloud security. This has long been the case. Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps.

VPN 173

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

Financial services giant Intuit this week informed 1.4

How to thwart phone hackers

CyberSecurity Insiders

Many of you might search for tips that help in keeping phone hackers at bay. So Angus King, the member of secretive Senate Intelligence Committee, is giving advice that could help in keeping a cellphone secure and away from prying eyes.

Sketching to Answer “What Are We Working On?”

Adam Shostack

The latest in the World’s Shortest Threat Modeling Videos: podcasts threat modeling videos

130
130

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

Weekly Update 253

Troy Hunt

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC.

IoT 195

Black Hat insights: How Sonrai Security uses graph analytics to visualize, mitigate cloud exposures

The Last Watchdog

Modern civilization revolves around inextricably intertwined relationships. This is why our financial markets rise and fall in lock step; why climate change is accelerating; and why a novel virus can so swiftly and pervasively encircle the planet. Related: What it will take to truly secure data lakes. Complex relationships also come into play when it comes to operating modern business networks. A lack of understanding of these relationships is a big reason why cloud breaches happen.

Microsoft Issues Emergency Patch for Windows Flaw

Krebs on Security

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited.

DarkTrace Cyber Protects Fashion retailer Ted Baker

CyberSecurity Insiders

Cyber Security firm DarkTrace that uses the technology of Artificial Intelligence to track down cyber threats is nowadays busy protecting the computer network of British Fashion retailer Ted Baker.

Retail 113

Threat Model Thursday: 5G Infrastructure

Adam Shostack

The US Government’s lead cybersecurity agencies (CISA, NSA, and ODNI) have released an interesting report, Potential Threat Vectors To 5G Infrastructure.