Krebs on Security

MAY 6, 2020

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues. Based in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care , a leading provider of care to those suffering from ki

Ransomware 353

Ransomware Healthcare Cyber Attacks Manufacturing 353

Daniel Miessler

MAY 8, 2020

A lot of people are thinking about the security of their home network right now, and as one of the project leaders on the OWASP Internet of Things Security Project , I wanted to provide three levels of security you can do at home. The most important thing to realize about this list is that it’s top-heavy. The first one is far more important than the second, and the first three are far more important than the second three.

Passwords 255

Passwords DNS Accountability IoT 255

Schneier on Security

MAY 4, 2020

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name Maximator and provides documentary evidence. The five members of this European alliance are Denmark, Sweden, Germany, the Netherlands, and France.

336

336

Adam Levin

MAY 7, 2020

Users on an adult streaming platform may have experienced the wrong kind of exposure when over seven terabytes of data was found on an unprotected database online. The damage done could include the dissemination of amateur pornographic user images. . CAM4, a video streaming service primarily for adult amateur webcam content, reportedly left more than 11 million user records online on an unprotected Elasticsearch server.

Phishing 197

Phishing Passwords Accountability Hacking 197

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

MAY 8, 2020

Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank , a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states. Some of these unemployment applications will trigger an automatic letter from U.S. Bank to the applicant. The letters are intended to prevent identity theft, but many people are mistaking these vague missives for a notification that someone has hijacked their identity.

Identity Theft 266

Identity Theft Banking Scams Accountability 266

Tech Republic Security

MAY 6, 2020

The rapid move to remote working has left many businesses more vulnerable to cybersecurity threats, with nearly half saying they've encountered at least one scare as a direct result of the shift.

Cybersecurity 204

Cybersecurity 204

Troy Hunt

MAY 8, 2020

I went with the "just record it live" approach again this week and honestly, it's working out much better for me. It's easier to publish (no manual retrieval of audio and video from devices, no editing in Premier, no waiting for upload) and doing it in my office gets almost the same audio and video quality as the "old" way anyway. Plus, I get to interact with people whilst recording so all in all, I'm pretty happy with this approach.

VPN 171

VPN Accountability Hacking 171

Adam Levin

MAY 5, 2020

Hackers successfully breached the servers of a popular blogging platform and used them to mine cryptocurrency. Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems. . “The mining attempt… quickly overloaded most of our systems which alerted us to the issue immediately,” the company announced May 3, adding that “[t]here is no direct evidence that private customer data, passwords or oth

Cryptocurrency 162

Cryptocurrency Hacking System Administration Passwords 162

Tech Republic Security

MAY 5, 2020

Ahead of World Password Day, a survey finds management is worse than junior staff at practicing good password hygiene, according to SecureAuth.

Passwords 217

Passwords 217

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. This particular campaign is tied to the government of Vietnam. At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India.

Malware 303

Malware Spyware Phishing Government 303

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Daniel Miessler

MAY 3, 2020

THIS WEEK’S TOPICS: VICE vs. Chinese Surveillance, Indian Contact Tracing, NHS + GCHQ, Banjo Racism, Singapore Requires Check-ins, Bruce on Contact Tracing, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

Surveillance 130

Surveillance Technology Information Security 130

Adam Levin

MAY 7, 2020

It’s World Password Day, and much like every other day of the year, the state of password security is terrible. . Despite repeated warnings from security experts and IT departments, “123456” is still the most common password for the last seven years, narrowly edging out “password.”. The problem isn’t limited to easily guessed passwords: a recent study of remote workers found that 42 percent of employees physically write passwords down, 34 percent digitally capture them on their smartphones, and

Password Management 151

Password Management Passwords Accountability Account Security 151

Tech Republic Security

MAY 7, 2020

Passwords are no longer a secure method of identity verification, resulting in many organizations to turn to other tactics, Yubico found.

Passwords 217

Passwords 217

Schneier on Security

MAY 7, 2020

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza's explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists , and Plists are used everywhere in iOS (and MacOS). iOS's sandboxing system depends upon three different XML parsers, which interpret slightly invalid XML input in slightly different ways.

Malware 290

Malware Cybersecurity 290

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

MAY 2, 2020

Phishing attacks impersonating notifications from Microsoft Teams targeted as many as 50,000 Teams users to steal Office365 logins. Abnormal Security experts observed two separate phishing attacks impersonating notifications from Microsoft Teams that targeted as many as 50,000 Teams users to steal Office365 logins. The popularity of Microsoft Teams has spiked as a result of the smart working adopted by many organizations due to the COVID-19 pandemic.

Phishing 145

Phishing Advertising Financial Services Marketing 145

Adam Levin

MAY 7, 2020

The online credentials for 68% of pharmaceutical executives analyzed for a study have been compromised recently. The study, conducted by cybersecurity firm Blackcloak, found that the email accounts of over two-thirds of pharmaceutical executives had been compromised within the last five to ten years. Of the compromised emails, 57% were found on the dark web and had been either cracked or stored in plaintext format.

Passwords 130

Passwords Data breaches Accountability Cybersecurity 130

Tech Republic Security

MAY 5, 2020

A LastPass report reveals 91% use the same passwords on multiple accounts, and 53% haven't changed passwords in 12 months, despite high-profile security breaches.

Risk 194

Risk Passwords Accountability 194

Schneier on Security

MAY 6, 2020

It's the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design.

Software 294

Software Cybercrime Malware Cybersecurity 294

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MAY 5, 2020

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. The malicious code was designed to target Linux-based servers and Internet of Things (IoT) devices and use them as part of a DDoS botnet.

IoT 145

IoT Malware DDOS Advertising 145

Threatpost

MAY 8, 2020

The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer platform, which it owns.

Hacking 143

Hacking Accountability Data breaches Phishing 143

Tech Republic Security

MAY 8, 2020

A new attack discovered by Abnormal Security aims to steal account credentials from people who use the online document signing platform.

Phishing 205

Phishing Accountability 205

Dark Reading

MAY 6, 2020

More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.

109

109

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MAY 5, 2020

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials. Headquartered in Scottsdale, Arizona, the Internet domain registrar and web hosting company claims to have over 19 million customers worldwide.

Data breaches 144

Data breaches Accountability Advertising Internet 144

Threatpost

MAY 8, 2020

Due to the coronavirus pandemic, there will be no in-person Black Hat USA or DEF CON conferences this year.

139

139

Tech Republic Security

MAY 4, 2020

More than 86,600 new domains related to the pandemic are considered "risky" or "malicious," according to a new report.

216

216

WIRED Threat Level

MAY 6, 2020

The system's use of GPS data could let hackers pinpoint who reports a positive diagnosis.

143

143

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. Experts warn of hacking campaign that is targeting organization using the Salt platform for the management of their infrastructure, the last victim is the Ghost blogging platform.

Internet 141

Internet Internet Hacking Advertising 141

Threatpost

MAY 7, 2020

The Chinese APT has been discovered behind a five-year espionage campaign that compromises government servers - and uses that as leverage for other attacks.

Government 107

Government Phishing Malware Hacking 107

Tech Republic Security

MAY 8, 2020

In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.

Data privacy 199

Data privacy Software 199

WIRED Threat Level

MAY 5, 2020

CAM4 has taken the server offline, but not before it leaked 7TB of user data.

143

143

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity