2021

What Happened to Facebook, Instagram, & WhatsApp?

Krebs on Security

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages.

Apple’s NeuralHash Algorithm Has Been Reverse-Engineered

Schneier on Security

Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3,

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

Troy Hunt

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works.

Colonial Pipeline, Darkside and Models

Adam Shostack

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it. I did want to talk about one small aspect, which is the way responders talk about Darkside. Blog posts from Sophos and Mandiant seem really useful!

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

Joseph Steinberg

As Ransomware Surge Continues, Where Next for Government?

Lohrman on Security

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others

More Trending

Android App Infects Up To 10 Million Users with Update

Adam Levin

An Android app with over 10 million installations spread malware to its users in a recent update. Barcode Scanner is an app available in the Google Play store for Android devices. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising.

Adware 251

The Proper Way to Watch Star Wars

Doctor Chaos

Many of us have stress in our lives. We have our jobs to worry about, we need to think about our retirement, and we have to figure out what the health care law means to us. However, a few of us know there are more immediate concerns that must be dealt with.

219
219

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

Anton on Security

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… This is about the Security Operations Center (SOC). And automation. And of course SOC automation. Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today.

I’ve made it!

Javvad Malik

First off, happy new year! Well if the tax man can start the new year in April, I can start it on Feb 11th!). Secondly, Infosecurity Magazine was ever so kind as to feature an interview with me in the Q1, 2021, Voume 18, Issue 1 edition.

206
206

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills.

More on Apple’s iPhone Backdoor

Schneier on Security

In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern.

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

The Presenting Vendor Paradox

Daniel Miessler

There’s a paradox in information security where the community wants two things at once: High quality research and talks, and. Unbiased research and talks. I’ve personally been one of these affiliated speakers countless times.

Billion Dollar CyberSecurity Annual Budgets Have Arrived

Joseph Steinberg

Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan.

What Does It Take to Be a Cybersecurity Professional?

Lohrman on Security

With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career. Here’s my perspective

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

The Last Watchdog

It was bound to happen: a supply-chain compromise, ala SolarWinds, has been combined with a ransomware assault, akin to Colonial Pipeline, with devasting implications. Related: The targeting of supply chains. Last Friday, July 2, in a matter of a few minutes, a Russian hacking collective, known as REvil, distributed leading-edge ransomware to thousands of small- and mid-sized businesses (SMBs) across the planet — and succeeded in locking out critical systems in at least 1,500 of them.

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Adam Levin

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. .

The Grey Brick That Changed the World: The Nintendo Game Boy

Doctor Chaos

This week marked an important anniversary; Nintendo’s original Game Boy turned 31. The monochrome system, or more accurately a yellowish and 4 shades of grey system, may have been one of the most significant devices in the 20th century. The 8-bit system was released to the world on April 21st, 1989.

Mobile 208

2021 Threat Intelligence Use Cases

Anton on Security

For a reason that shall remain nameless, I’ve run this quick poll focused on the use cases for threat intelligence in 2021. The question and the results are below. Antons Threat Intel Poll 2021 Here are some thoughts and learnings based on the poll and the discussion , as well as other things.

What Your CISO Can Learn From Logan Paul vs Floyd Mayweather

Javvad Malik

Logan Paul and his brother Jake Paul are what you could call social media celebrities. They amassed over 20 million followers across YouTube, Vine, Instagram, and others over the years through different types of content, sketches, and pranks.

CISO 191

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast.

Apple Adds a Backdoor to iMesssage and iCloud Storage

Schneier on Security

Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. Here are five news stories.) I have been following the details, and discussing it in several different email lists.

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Troy Hunt

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened.

“Better OKRs Through Threat Modeling”

Adam Shostack

Abhay Bhargav has a really excellent post on Better OKRs for Security through Effective Threat Modeling. I really like how he doesn’t complain about the communication issues between security and management, but offers up a concrete suggestion for improvement. Key quote: “Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program.”

193
193

Hushme: A Headset That Lets You Make Private Phone Calls In A Non-Private Environment

Joseph Steinberg

Every so often, I encounter an unusual technology device that so well solves a problem that I have encountered many times that I cannot imagine not adding the product to my arsenal of tools, even if it is not something that I would necessarily use every day. The Hushme is one such offering.

Cyber Attacks: Is the ‘Big One’ Coming Soon?

Lohrman on Security

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

The Last Watchdog

The video game industry saw massive growth in 2020; nothing like a global pandemic to drive people to spend more time than ever gaming. Related: Credential stuffers exploit Covid 19 pandemic. Now comes a report from Akamai detailing the extent to which cyber criminals preyed on this development. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019.

Colonial Pipeline Paid Hackers $5 Million Ransom

Adam Levin

Colonial Pipeline paid roughly $5 million to the ransomware group responsible for hacking its systems, contradicting earlier claims. . Bloomberg News reported that the company paid the ransom in cryptocurrency hours after the May 7 cyberattack that shut down the country’s largest fuel pipeline.

A @TomNomNom Recon Tools Primer

Daniel Miessler

There are recon tools, and there are recon tools. tomnomnom —also called Tom Hudson—creates the latter. I have great respect for large, multi-use suites like Burp , Amass , and Spiderfoot , but I love tools with the Unix philosophy of doing one specific thing really well.

Kill SOC Toil, Do SOC Eng

Anton on Security

As you are reading our recent paper “Autonomic Security Operations?—?10X 10X Transformation of the Security Operations Center” , some of you may think “Hey, marketing inserted that 10X thing in there.” Well, 10X thinking is, in fact, an ancient tradition here at Google. We think that it is definitely possible to apply “10X thinking” to many areas of security (at the same link , they say that sometimes it is “easier to make something 10 times better than it is to make it 10 percent better” ).

Don’t run that code

Javvad Malik

The dangers of downloading untrusted code from the internet is well documented. You never know what is contained within someone else’s code, be it sloppy coding, or malicious intent. If it is a snippet of code that you can easily read, it can be relatively risk free.

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns.

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent.

Welcoming the Turkish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains.