2020, Internet and Technology - Cyber Security Informer

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

SEPTEMBER 14, 2023

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. The societal aspects of technology, the human side, have grown equally unruly.

Internet

Internet Internet Technology Risk

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Krebs on Security

DECEMBER 2, 2021

In January 2021, technology vendor Ubiquiti Inc. They allege that in late December 2020, Sharp applied for a job at another technology company, and then abused his privileged access to Ubiquiti’s systems at Amazon’s AWS cloud service and the company’s GitHub accounts to download large amounts of proprietary data.

VPN

VPN Internet Internet Accountability

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

The Last Watchdog

MARCH 9, 2020

Their capacity to ingest threat feeds is becoming more relevant with the rise of IoT (Internet of Things) systems and the vulnerabilities of old and new OT (operational technology). I spoke with Trevor Daughney, vice president of product marketing at Exabeam , at the RSA 2020 Conference in San Francisco recently.

IoT

IoT Technology Digital transformation Engineering

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

September 23, 2020. In August 2020, mass anti-government protests erupted in Belarus against the re-election of the president Alexander Lukashenko and the arrest of opposition political candidates. The Internet was shutdown several days and more than 80 websites, most of them news and political sites, were blocked.

Internet

Internet Internet DNS Advertising

Top data breaches of 2020 – Security Affairs

Security Affairs

JANUARY 3, 2021

Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. Below a list of top incidents: There were a number of major data breaches that took place in 2020, in many cases stolen records flooded the cybercrime underground and were used credential stuffing attacks.

Data breaches

Data breaches Cybercrime Hacking Passwords

China to spy through satellites over internet

CyberSecurity Insiders

JANUARY 26, 2022

Tesla company owner Elon Musk announced last year that his SpaceX Starlink internet service will reach to the remote places on continents like Africa and Asia providing connectivity to the people in rural areas who lack at least the basic communication services. Note 5- So what we should/can do…?

Internet

Internet Internet Mobile Cybersecurity

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

The Last Watchdog

APRIL 9, 2020

There’s no stopping the Internet of Things now. I had a fascinating discussion about this with Sri Sundaralingam, vice president of cloud and security solutions at ExtraHop , a Seattle-based supplier of NDR technologies. We spoke at RSA 2020. And fantastic new IoT-enabled services will spew out of the other end.

Internet

Internet Internet IoT Technology

Me on Public-Interest Tech

Schneier on Security

JUNE 3, 2022

Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: “ The Story of the Internet and How it Broke Bad: A Call for Public-Interest Technologists.”

Internet

Internet Internet Technology

CVE-2020-3452 flaw in Cisco ASA/FTD exploited within hours after the disclosure

Security Affairs

JULY 24, 2020

Cisco fixed CVE-2020-3452 high-severity path traversal flaw in its firewalls that can be exploited by remote attackers to obtain sensitive files from the targeted system. The CVE-2020-3452 flaw was independently reported to Cisco by Mikhail Klyuchnikov of Positive Technologies and Abdulrahman Nour and Ahmed Aboul-Ela from RedForce.

Firewall

Firewall Advertising Software Hacking

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Last Watchdog

MAY 24, 2021

Some instructive fresh intelligence about how cyber attacks continue to saturate the Internet comes to us from Akamai Technologies. Akamai, which happens to be the Hawaiian word for “smart,” recently released its annual State of the Internet security report. Q: The scale of ‘attacks’ in 2020 is astronomical: 6.3

Financial Services

Financial Services Passwords Media Accountability

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

JANUARY 22, 2021

A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. billion Internet of Things (IoT) devices. In May 2020, NIST released two foundational documents that serve as a foundation for the newly created guidelines. In 2019, there were an estimated 9.9

IoT

IoT Cybersecurity Manufacturing Government

Adobe Flash Is Finally Dead – And You Should Uninstall It Immediately. Here Is How and Why.

Joseph Steinberg

JANUARY 4, 2021

Flash was once the dominant platform for rendering multimedia content in web browsers, but, as Adobe has terminated support for Flash as of the end of 2020, and, as Flash has created serious security problems in the past, now is the time to get rid of Flash once and for all. Flash’s death was not unexpected.

Technology

Technology Mobile Internet Internet

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. Source: DZone’s Edge Computing and IoT, 2020 .

Internet

Internet Internet IoT Software

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering

Engineering VPN Accountability Software

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

OCTOBER 28, 2020

The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty. — NordVPN (@NordVPN) October 23, 2020 Ah, tricky! Been a lot of "victim blaming" going on these last few days. — Bartek ?wierczy?ski

Phishing

Phishing Password Management Passwords Internet

Gaming-related cyberthreats in 2020 and 2021

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. Most of the statistics presented in the report were collected between July 1, 2020 and June 30, 2021. Pandemic-related statistics cover the period of January 2020 through June 2021.

Adware

Adware Mobile Malware Phishing

How to Protect Operational Technology (OT) from Cyber Threats

CyberSecurity Insiders

JUNE 2, 2023

By Jayakumar (Jay) Kurup, Global Sales Engineering Director at Morphisec Securing operational technology (OT) creates unique challenges. Sometimes this is due to cultural reasons (management’s fear of even the slightest chance of disruption); other times, it is technological.

Cyber threats

Cyber threats Technology Firewall Ransomware

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

JUNE 29, 2023

In March 2020, the DOJ unsealed two criminal hacking indictments against Kislitsin, who was then head of security at Group-IB , a cybersecurity company that was founded in Russia in 2003 and operated there for more than a decade before relocating to Singapore. Nikulin is currently serving a seven-year sentence in the U.S. prison system.

Cybersecurity

Cybersecurity Cybercrime Hacking Technology

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

The internet of things (IoT) is widening the sphere of physical security as smart devices connected to business systems via the internet may be located outside of established secure perimeters. Muthukrishnan Access control, surveillance , and testing are the three major components that comprise the physical security of a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

MY TAKE: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

The Last Watchdog

JULY 19, 2023

Here are a few takeaways: A converged ecosystem Cloud migration and rapid software development were both on a rising curve when Covid 19 hit and the global economy suddenly shut down in 2020. As companies adjusted in the post pandemic operating environment, Internet-centric services rose to the fore.

CISO

CISO Architecture Cloud Migration Network Security

Let's Stop the 5G Hysteria: Understanding Hoaxes and Disinformation Campaigns

Troy Hunt

APRIL 9, 2020

link] — Troy Hunt (@troyhunt) March 31, 2020 And so it is with posts about the dangers of 5G. So, let's not talk about whether 5G is safe or not, let's instead talk about why opponents of the technology display every single spammy, scammy, hoaxy behaviour imaginable and then you can consider how much you should trust them.

Mobile

Mobile Media Scams Technology

New IoT Security Regulations

Schneier on Security

NOVEMBER 13, 2018

Due to ever-evolving technological advances, manufacturers are connecting consumer goods -- from toys to lightbulbs to major appliances -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. But like nearly all innovation, there are risks involved.

IoT

IoT Manufacturing Internet Internet

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse. TARGETED PHISHING.

Passwords

Passwords Password Management Phishing Scams

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

2019 that wasn’t discovered until April 2020. NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their access to its incoming NiceHash emails to perform password resets on various third-party services, including Slack and Github.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

11-13 year old girls most likely to be targeted by online predators

Malwarebytes

APRIL 26, 2021

The Internet Watch Foundation (IWF), a not-for-profit organization in England whose mission is “to eliminate child sexual abuse imagery online”, has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. Source: IWF Annual Report 2020).

Internet

Internet Internet Media Technology

RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help

The Last Watchdog

APRIL 21, 2023

By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020. e I covered Microsoft as a USA TODAY technology reporter when Bill Gates suddenly ‘got’ cybersecurity , so this part of our discussion was especially fascinating. Meanwhile, I’ll keep watch and keep reporting.

Digital transformation

Digital transformation Marketing Internet Internet

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. As an enterprise security team, you could restrict internet access at your egress points, but this doesn’t do much when the workforce is remote. In short, anything accessible from the internet should be given extra attention.

Ransomware

Ransomware Risk Internet Internet

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

The Last Watchdog

MARCH 16, 2020

Related: A use case for endpoint encryption At RSA 2020 in San Francisco recently, I learned about how something called “micro segmentation” is rapidly emerging as a viable security strategy. I had the chance to visit with Matias Katz, founder and CEO, and Ryan Bunker, business development director, at RSA 2020. I’ll keep watch.

Cybersecurity

Cybersecurity IoT Internet Internet

Cybercrime, fraud, and insider threats increased in 2020 in the UK, report says

Malwarebytes

JUNE 3, 2021

The agency also noted the resilience and adaptability of serious and organized crimes (oddly labeled as “SOCs,” despite the same acronym meaning “security operation center” in the cybersecurity field) in their use of technology and well-established tools to avoid detection. Organized crime: Online fraud.

Cybercrime

Cybercrime Scams Ransomware Phishing

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

The Last Watchdog

JUNE 6, 2022

Based in Morrisville, NC, JupiterOne launched in 2020 and last week announced that it has achieved a $1 billion valuation, with a $70 million Series C funding round. Both the technology and the teams responsible for specific cyber assets tend to operate in silos. The technology to do this at scale and in a timely manner are at hand.

Network Security

Network Security Cloud Migration Digital transformation Technology

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

JUNE 10, 2022

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

Government

Government Marketing Internet Internet

Black Hat Fireside Chat: Taking the fight to the adversaries — with continuous, proactive ‘pen tests’

The Last Watchdog

AUGUST 29, 2022

ai , a San Francisco-based startup, which launched in 2020. Horizon3 supplies “autonomous” vulnerability assessment technology. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW Co-founder Antani previously served as the first CTO for the U.S.

Penetration Testing

Penetration Testing Digital transformation Internet Internet

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

The Last Watchdog

JANUARY 9, 2024

Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training. Related: GenAI’ impact on DevSecOps Here’s how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience.

Technology

Technology Cybersecurity Risk Mobile

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

To make matters worse, links included in emails sent through Sendgrid are obfuscated (mainly for tracking deliverability and other metrics), so it is not immediately clear to recipients where on the Internet they will be taken when they click. ”

Accountability

Accountability Hacking Authentication Marketing

Flaws in FortiWeb WAF expose Fortinet devices to remote hack

Security Affairs

JUNE 25, 2021

The vulnerability in the management interface of FortiWeb firewall was discovered by Andrey Medov, from cybersecurity firm Positive Technologies. Medov warns of the chaining of this issue with other ones, like CVE-2020-29015 that Positive Technologies discovered in May. ” reads the advisory published by the vendor.

Hacking

Hacking Firewall Authentication Technology

Fileless Malware, Endpoint Attacks on the Rise

Security Boulevard

APRIL 5, 2021

These were among the findings of WatchGuard Technologies’ Internet Security Report for Q4 2020, which found fileless malware and cryptominer attack rates grew by nearly 900% and 25%, respectively, The post Fileless Malware, Endpoint Attacks on the Rise appeared first on Security Boulevard.

Malware

Malware Encryption Internet Internet

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

AUGUST 12, 2024

This is all part of Generative AI and Large Language Models igniting the next massive technological disruption globally. AppSec technology security-hardens software at the coding level. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Software

Software Technology Mobile Cybersecurity

Black Hat Fireside Chat: Horizon3.ai makes a strong case for continuous, self-service pentesting

The Last Watchdog

AUGUST 7, 2023

ai , a San Francisco-based supplier of “autonomous” vulnerability assessment technology. ai Since its launch in 2020, Horizon3 has run more than 24,000 automated pentests — with a singular focus on building out advanced decision-making algorithms, Antani told me. Guest expert: Snehal Antani, CEO, Horizon3.ai

Penetration Testing

Penetration Testing Internet Internet Network Security

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

In other words, I think we can predict the future of technology through a strong understanding of what humans ultimately want as a species. The Real Internet of Things, January 2017. DanielMiessler) March 21, 2020. Similar used in China [link] — Joseph Cox (@josephfcox) March 17, 2020. — ?????? ???ss???

Surveillance

Surveillance Government Education Engineering

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

Krebs on Security

JUNE 13, 2020

Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. The altered message.

Phishing

Phishing Encryption Internet Internet

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

At issue is a well-known security and privacy threat called “ namespace collision ,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. SSL/TLS certs).

DNS

DNS Internet Internet Authentication

MY TAKE: Why speedy innovation requires much improved cyber hygiene, cloud security

The Last Watchdog

MARCH 11, 2020

We met at RSA 2020 in San Francisco. Cyber hygiene basics revolve around aligning people, processes and technologies to adopt a security-first mindset. Patch everything, back it up as best you can, and then move on to some of the new technologies that can help you do it faster.” Last Watchdog’s Melanie Grano contributing.

Digital transformation

Digital transformation Cloud Migration Technology Internet

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

Launched in 2008, privnote.com employs technology that encrypts each message so that even Privnote itself cannot read its contents. There is no indication these are the real names of the phishers, but the names are useful in pointing to other sites targeting Privnote since 2020. The real Privnote, at privnote.com. net , privatenote[.]io

Phishing

Phishing Cryptocurrency DDOS Internet

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. 11, Ubiquiti Inc. ” Ubiquiti has not responded to repeated requests for comment.

Accountability

Accountability IoT Passwords Firmware

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Trending Sources

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Top data breaches of 2020 – Security Affairs

China to spy through satellites over internet

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

Me on Public-Interest Tech

CVE-2020-3452 flaw in Cisco ASA/FTD exploited within hours after the disclosure

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The IoT Cybersecurity Act of 2020: Implications for Devices

Adobe Flash Is Finally Dead – And You Should Uninstall It Immediately. Here Is How and Why.

The Internet of Things Is Everywhere. Are You Secure?

Which is the Threat landscape for the ICS sector in 2020?

Humans are Bad at URLs and Fonts Don’t Matter

Gaming-related cyberthreats in 2020 and 2021

How to Protect Operational Technology (OT) from Cyber Threats

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

MY TAKE: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

Let's Stop the 5G Hysteria: Understanding Hoaxes and Disinformation Campaigns

New IoT Security Regulations

The Life Cycle of a Breached Database

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

11-13 year old girls most likely to be targeted by online predators

RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

Cybercrime, fraud, and insider threats increased in 2020 in the UK, report says

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Black Hat Fireside Chat: Taking the fight to the adversaries — with continuous, proactive ‘pen tests’

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

Sendgrid Under Siege from Hacked Accounts

Flaws in FortiWeb WAF expose Fortinet devices to remote hack

Fileless Malware, Endpoint Attacks on the Rise

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

Black Hat Fireside Chat: Horizon3.ai makes a strong case for continuous, self-service pentesting

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

Local Networks Go Global When Domain Names Collide

MY TAKE: Why speedy innovation requires much improved cyber hygiene, cloud security

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Whistleblower: Ubiquiti Breach “Catastrophic”

Stay Connected