The Last Watchdog

FEBRUARY 3, 2020

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.” Related: Cyber warfare enters Golden Age In fact, strategic cyber operations essentially pitting Russia and Iran against the U.S. and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes

Energy and Utilities 330

Energy and Utilities Malware Hacking Passwords 330

Adam Levin

FEBRUARY 7, 2020

Online scammers are using the 2020 Oscars to spread malware. A recent study released by Kaspersky Labs uncovered several hacking and phishing campaigns promising their targets free and early access to Best Picture nominees for this year’s Academy Awards. The study found over twenty phishing websites hosting at least 925 malicious files using the movies as bait, requiring would-be victims to either provide personal information (including credit card numbers), or to install adware applications to

Malware 309

Malware Adware Phishing Hacking 309

Krebs on Security

FEBRUARY 5, 2020

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here’s the story of one former electric vehicle owner who discovered he could still gain remote, online access to his old automobile years after his lease ended.

Mobile 297

Mobile Engineering Internet Internet 297

Troy Hunt

FEBRUARY 6, 2020

I've got audio! Ok, so I cheated a bit in terms of recording back in the home office, but the plugs I need to make the Zoom H6 work the way it should (and yeah, I know I said "Rode" H6 in the vid, sorry!) are on the way and hopefully they'll be all good for next week when I'm in Sydney. I'm talking about that trip in this week's update along with the Chrome 80 changes to SameSite cookies not that its hit, the Adult FriendFinder breach and then recapping on a heap of the week's news in tweets.

259

259

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

FEBRUARY 7, 2020

Ten years ago, I wrote an essay : "Security in 2020." Well, it's finally 2020. I think I did pretty well. Here's what I said back then: There's really no such thing as security in the abstract. Security can only be defined in relation to something else. You're secure from something or against something. In the next 10 years, the traditional definition of IT security -- that it protects you from hackers, criminals, and other bad guys -- will undergo a radical shift.

Advertising 353

Advertising Internet Internet Artificial Intelligence 353

Tech Republic Security

FEBRUARY 4, 2020

Get ready for consolidation risk, microbreaches, and other cybersecurity hazards, warn experts from Mimecast, the Cyber Resilience Think Tank.

Cybersecurity 208

Cybersecurity Risk 208

Daniel Miessler

FEBRUARY 3, 2020

This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content. Non-members get every other episode. Sign in. or…. Become a member and get immediate access. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to futur

Information Security 130

Information Security 130

Schneier on Security

FEBRUARY 7, 2020

EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with.

Ransomware 320

Ransomware Malware Encryption Software 320

Tech Republic Security

FEBRUARY 6, 2020

Data exposure is one of the biggest threats from attacks on IoT devices. A new report recommends a shift to perimeter-less security strategies.

IoT 204

IoT Malware 204

Adam Levin

FEBRUARY 4, 2020

A new extortion scam is targeting users of marital infidelity site Ashley Madison whose accounts were compromised in a 2015 data breach. Site members are receiving emails with personalized information from the breach including names, bank account information, mailing addresses, and answers to security questions with the threat of exposing the recipient if a ransom in bitcoin isn’t paid. .

Data breaches 139

Data breaches Accountability Scams Banking 139

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Thales Cloud Protection & Licensing

FEBRUARY 4, 2020

The traditional focus on security has been on breach prevention and threat detection but these can only go so far. For organisations going through digital transformation there needs to be a layered approach to security – complimenting these traditional strategies with data protection.In the evolving digital world of cloud, social and apps, data is now the perimeter.

Digital transformation 135

Digital transformation Data breaches Threat Reports Encryption 135

Schneier on Security

FEBRUARY 4, 2020

The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space. From a Twitter summary : 1. [thread] We are filing legal complaints against six companies based on our research, revealing systematic breaches to privacy, by shadowy #OutOfControl #adtech companies gathering & sharing heaps of personal data.

Advertising 314

Advertising Marketing Adware Surveillance 314

Tech Republic Security

FEBRUARY 7, 2020

Learn how to keep your iOS devices--and your data--secure with these iOS 13 privacy settings and Apple resources.

209

209

Adam Shostack

FEBRUARY 6, 2020

For reasons I can’t quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied. In the meantime, my friends at Agile Stationery have transcribed a talk that Mark Vinkovits and I gave at AppSec Cali last year. Their posts are at: Why card gaming helps teams model security and privacy threats (part 1) , and part 2.

113

113

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 6, 2020

Check Point experts discovered a high-severity flaw in Philips Hue Smart Light Bulbs that can be exploited to gain entry into a targeted WiFi network. Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. Lightbulbs could be remotely controlled through a mobile app or via a digital home assistant, owners could control the light in the environment and even

Hacking 142

Hacking IoT Wireless Firmware 142

Schneier on Security

FEBRUARY 3, 2020

Interesting research -- " Phantom Attacks Against Advanced Driving Assistance Systems ": Abstract : The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers.

Internet 277

Internet Internet Hacking Technology 277

Tech Republic Security

FEBRUARY 5, 2020

Many Philips Hue smart light bulbs have a firmware flaw that leads hackers into an entire network, Check Point Research found.

Firmware 192

Firmware 192

Daniel Miessler

FEBRUARY 1, 2020

To regular folks with some basic computer skills, the Dark Web seems like Enemy #1. People talk about it like it’s the Internet Demogorgon. And the media doesn’t help either, not to mention InfoSec marketing departments. As far as they’re concerned, if you don’t say the name of your password manager 7 times before bed the Dark Web will haunt your closet.

Advertising 103

Advertising InfoSec Password Management Education 103

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Cybercriminals behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products. Ransomware operators leverage a custom antivirus killing p ackage that is delivered to workstations to disable security solution before starting encryption.

Software 144

Software Ransomware Antivirus Encryption 144

Schneier on Security

FEBRUARY 6, 2020

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers have appeared at his home. Many felt they had solved the puzzle, and wanted to check with Mr.

Encryption 270

Encryption Hacking 270

Tech Republic Security

FEBRUARY 7, 2020

Employees who create external accounts but use them internally pose a risk to your security, says password manager company 1Password.

Risk 182

Risk Password Management Passwords Accountability 182

Daniel Miessler

FEBRUARY 3, 2020

[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Information Security 100

Information Security 100

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

FEBRUARY 7, 2020

Google addressed a critical vulnerability in its Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. Google has addressed a critical flaw in Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. The vulnerability tracked as CVE-2020-0022 is a remote code execution flaw that could allow attackers to execute code on the device with the elevated privileges of the Bluetooth daemon when the wireless module is acti

Mobile 140

Mobile Wireless Advertising Malware 140

Schneier on Security

FEBRUARY 5, 2020

Artist Katie Holten has developed a tree code (basically, a font in trees), and New York City is using it to plant secret messages in parks.

Encryption 204

Encryption 204

Tech Republic Security

FEBRUARY 6, 2020

Joker was the hottest film among cybercriminals with 304 malicious files named after Batman's arch-nemesis, says security firm Kaspersky.

Malware 176

Malware 176

Thales Cloud Protection & Licensing

FEBRUARY 6, 2020

Artificial intelligence (AI) is becoming increasingly integral to information security. From the multitude of ways AI is used in business to creating smart cities and safeguarding transportation , AI impacts nearly every aspect of our lives. In fact, in its Reinventing Cybersecurity with Artificial Intelligence report , Capgemini found that 61% of respondents said they can no longer detect data breach attempts without the help of AI.

Artificial Intelligence 107

Artificial Intelligence Data breaches Information Security Network Security 107

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

FEBRUARY 7, 2020

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. Pasco is Japan’s largest geospatial provider and Kobe Steel is one of the major steel manufacturers. Just last week, Japan’s Ministry of Defense announced in addition to Mitsubishi Electric and the NEC defense business division other two unnamed contractors suffered a data breach.

Manufacturing 132

Manufacturing Data breaches Advertising Antivirus 132

WIRED Threat Level

FEBRUARY 3, 2020

With his "Google Maps Hack," artist Simon Weckert draws attention to the systems we take for granted—and how we let them shape us.

Hacking 118

Hacking 118

Tech Republic Security

FEBRUARY 6, 2020

If you need strong command line encryption on Linux, look no further than 7zip.

Encryption 209

Encryption 209

Dark Reading

FEBRUARY 7, 2020

Although radio frequency energy (RF) communications are increasingly essential to modern wireless networking and IoT, the security of RF is notoriously lax.

Wireless 101

Wireless IoT 101

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity