Sat.Feb 01, 2020 - Fri.Feb 07, 2020

article thumbnail

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.” Related: Cyber warfare enters Golden Age In fact, strategic cyber operations essentially pitting Russia and Iran against the U.S. and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes

article thumbnail

When Your Used Car is a Little Too ‘Mobile’

Krebs on Security

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here’s the story of one former electric vehicle owner who discovered he could still gain remote, online access to his old automobile years after his lease ended.

Mobile 309
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

2020 Oscar Nominees Used to Spread Malware

Adam Levin

Online scammers are using the 2020 Oscars to spread malware. A recent study released by Kaspersky Labs uncovered several hacking and phishing campaigns promising their targets free and early access to Best Picture nominees for this year’s Academy Awards. The study found over twenty phishing websites hosting at least 925 malicious files using the movies as bait, requiring would-be victims to either provide personal information (including credit card numbers), or to install adware applications to

Malware 309
article thumbnail

Security in 2020: Revisited

Schneier on Security

Ten years ago, I wrote an essay : "Security in 2020." Well, it's finally 2020. I think I did pretty well. Here's what I said back then: There's really no such thing as security in the abstract. Security can only be defined in relation to something else. You're secure from something or against something. In the next 10 years, the traditional definition of IT security -- that it protects you from hackers, criminals, and other bad guys -- will undergo a radical shift.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Weekly Update 177

Troy Hunt

I've got audio! Ok, so I cheated a bit in terms of recording back in the home office, but the plugs I need to make the Zoom H6 work the way it should (and yeah, I know I said "Rode" H6 in the vid, sorry!) are on the way and hopefully they'll be all good for next week when I'm in Sydney. I'm talking about that trip in this week's update along with the Chrome 80 changes to SameSite cookies not that its hit, the Adult FriendFinder breach and then recapping on a heap of the week's news in tweets.

261
261
article thumbnail

Booter Boss Busted By Bacon Pizza Buy

Krebs on Security

A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today. While the young man’s punishment was heavily tempered by his current poor health, the defendant’s dietary choices may have contributed to both his capture and the lenient sentencing: Investigators say the onetime booter boss’s identity became clear after he ordered a bacon and chicken pizza delivered to

Internet 295

More Trending

article thumbnail

New Research on the Adtech Industry

Schneier on Security

The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space. From a Twitter summary : 1. [thread] We are filing legal complaints against six companies based on our research, revealing systematic breaches to privacy, by shadowy #OutOfControl #adtech companies gathering & sharing heaps of personal data.

article thumbnail

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

Security Affairs

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Cybercriminals behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products. Ransomware operators leverage a custom antivirus killing p ackage that is delivered to workstations to disable security solution before starting encryption.

Software 145
article thumbnail

An Artist Used 99 Phones to Fake a Google Maps Traffic Jam

WIRED Threat Level

With his "Google Maps Hack," artist Simon Weckert draws attention to the systems we take for granted—and how we let them shape us.

Hacking 140
article thumbnail

4 key trends to hit the cybersecurity industry in 2020

Tech Republic Security

Get ready for consolidation risk, microbreaches, and other cybersecurity hazards, warn experts from Mimecast, the Cyber Resilience Think Tank.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Ransomware Targets Industrial Control Systems

Schneier on Security

EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with.

article thumbnail

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

Check Point experts discovered a high-severity flaw in Philips Hue Smart Light Bulbs that can be exploited to gain entry into a targeted WiFi network. Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. Lightbulbs could be remotely controlled through a mobile app or via a digital home assistant, owners could control the light in the environment and even

Hacking 144
article thumbnail

Mysterious New Ransomware Targets Industrial Control Systems

WIRED Threat Level

EKANS appears to be the work of cybercriminals, rather than nation-state hackers—a worrying development, if so.

article thumbnail

How to use 7zip to encrypt files

Tech Republic Security

If you need strong command line encryption on Linux, look no further than 7zip.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Attacking Driverless Cars with Projected Images

Schneier on Security

Interesting research -- " Phantom Attacks Against Advanced Driving Assistance Systems ": Abstract : The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers.

Internet 228
article thumbnail

Critical Android Bluetooth flaw CVE-2020-0022 could be exploited without user interaction

Security Affairs

Google addressed a critical vulnerability in its Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. Google has addressed a critical flaw in Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. The vulnerability tracked as CVE-2020-0022 is a remote code execution flaw that could allow attackers to execute code on the device with the elevated privileges of the Bluetooth daemon when the wireless module is acti

Mobile 143
article thumbnail

2015 Ashley Madison Breach Is Back Just in Time for Valentine’s Day

Adam Levin

A new extortion scam is targeting users of marital infidelity site Ashley Madison whose accounts were compromised in a 2015 data breach. Site members are receiving emails with personalized information from the breach including names, bank account information, mailing addresses, and answers to security questions with the threat of exposing the recipient if a ransom in bitcoin isn’t paid. .

article thumbnail

IoT is a gold mine for hackers using fileless malware for cyberattacks

Tech Republic Security

Data exposure is one of the biggest threats from attacks on IoT devices. A new report recommends a shift to perimeter-less security strategies.

IoT 212
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

A New Clue for the Kryptos Sculpture

Schneier on Security

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers have appeared at his home. Many felt they had solved the puzzle, and wanted to check with Mr.

article thumbnail

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Security Affairs

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. Pasco is Japan’s largest geospatial provider and Kobe Steel is one of the major steel manufacturers. Just last week, Japan’s Ministry of Defense announced in addition to Mitsubishi Electric and the NEC defense business division other two unnamed contractors suffered a data breach.

article thumbnail

The Changing Face of Data Security in Australia and New Zealand

Thales Cloud Protection & Licensing

The traditional focus on security has been on breach prevention and threat detection but these can only go so far. For organisations going through digital transformation there needs to be a layered approach to security – complimenting these traditional strategies with data protection.In the evolving digital world of cloud, social and apps, data is now the perimeter.

article thumbnail

Report: Smart bulbs have a major security problem

Tech Republic Security

Many Philips Hue smart light bulbs have a firmware flaw that leads hackers into an entire network, Check Point Research found.

Firmware 202
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Tree Code

Schneier on Security

Artist Katie Holten has developed a tree code (basically, a font in trees), and New York City is using it to plant secret messages in parks.

article thumbnail

Cisco Flaws Put Millions of Workplace Devices at Risk

WIRED Threat Level

Five vulnerabilities in Cisco Discovery Protocol make it possible for a hacker to take over desk phones, routers, and more. .

Risk 133
article thumbnail

Unsupervised Learning: No. 214

Daniel Miessler

This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content. Non-members get every other episode. Sign in. or…. Become a member and get immediate access. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to futur

article thumbnail

Hackers using coronavirus scare to spread Emotet malware in Japan

Tech Republic Security

Cybercriminals are using global fears about the virus to spread the Emotet trojan.

Malware 202
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google mistakenly shared private videos of some users with others in 2019

Security Affairs

Google has accidentally shared private videos of some users that were stored on its servers with other, the tech giant notified impacted users. Google admitted a new privacy incident, it has accidentally shared private videos saved on its servers with other users. At the time it is not clear the number of impacted users, anyway, the company sent them a security notification.

article thumbnail

This Identity Activist Wants to Make Facebook Obsolete

WIRED Threat Level

Your digital self is fragmented and owned by third parties. Kaliya Young has a plan to change that—and make tech fairer for all.

125
125
article thumbnail

Threat Model Thursday: Games

Adam Shostack

For reasons I can’t quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied. In the meantime, my friends at Agile Stationery have transcribed a talk that Mark Vinkovits and I gave at AppSec Cali last year. Their posts are at: Why card gaming helps teams model security and privacy threats (part 1) , and part 2.

113
113
article thumbnail

How Shadow IT could put your organization at risk

Tech Republic Security

Employees who create external accounts but use them internally pose a risk to your security, says password manager company 1Password.

Risk 192
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!