Security Affairs

MARCH 10, 2021

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations. The news was first reported by Bloomberg News who reported its to Verkada.

Surveillance 141

Surveillance Hacking Banking Firmware 141

Naked Security

MARCH 11, 2021

Caveat utilitor! Caveat emptor! Caveat programmator!

143

143

Krebs on Security

MARCH 8, 2021

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.

Hacking 362

Hacking Technology Software 362

Schneier on Security

MARCH 12, 2021

Really interesting research : “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture.

Architecture 359

Architecture Software 359

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

MARCH 10, 2021

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something. now you are in my @home_assistant setup also :) Thanks @troyhunt pic.twitter.com/4d4Qxnlazl — Jón Ólafs (@jonolafs) March 3, 2021 Awesome!

Passwords 345

Passwords IoT Password Management Data breaches 345

Tech Republic Security

MARCH 10, 2021

Commentary: Enterprises try their best to secure their data, but running on-premises mail servers arguably doesn't do this. So why do they do it, anyway?

Hacking 208

Hacking 208

Schneier on Security

MARCH 10, 2021

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During this time the attacker appeared to be relatively subtle, exploiting particular targets (although we generally lack insight into who was targeted).

Hacking 357

Hacking Internet Internet Ransomware 357

Troy Hunt

MARCH 12, 2021

A big, big week with a heap of different things on the boil. Cyber stuff, audio stuff, IoT stuff - it's all there! Sorry about the camera being a little blue at the start, if anyone knows why it's prone to do this I'd love to hear from you. But hey, at least the audio is spot on, hope you enjoy this week's video. References Complying with NIST Password Guidelines in 2021 (a piece from this week's sponsor, intro'd by yours truly) We're rapidly going cashless, but not everybody is happy (there are

Passwords 263

Passwords IoT Hacking 263

Tech Republic Security

MARCH 11, 2021

Security analysts and an SEO expert explain how this new approach uses legitimate websites to trick users into downloading infected files.

Malware 198

Malware 198

Krebs on Security

MARCH 9, 2021

On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft’s “critical” rating, meaning they can be exploited by malware or miscreants with little or no help from users.

DNS 337

DNS Internet Internet Software 337

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

MARCH 9, 2021

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 2013­2017, which indicates a lack of recent software updates,” the reported stated. 26%!?

Technology 355

Technology Software Malware 355

Lohrman on Security

MARCH 7, 2021

Risk 279

Risk Cybersecurity 279

Tech Republic Security

MARCH 11, 2021

Organizations have invested millions in new technology over the past year, yet fewer than one in 10 businesses have trained staff in to use these tools. Little surprise, then, that employees are using them incorrectly - and getting in trouble for it.

Technology 173

Technology 173

The Hacker News

MARCH 11, 2021

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it.

145

145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MARCH 8, 2021

Interesting paper: “ Shadow Attacks: Hiding and Replacing Content in Signed PDFs “: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities in PDF viewer implementations.They showed attacks that could modify PDF documents without invalidating the signature.

Hacking 350

Hacking Authentication 350

We Live Security

MARCH 10, 2021

ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world. The post Exchange servers under siege from at least 10 APT groups appeared first on WeLiveSecurity.

Malware 145

Malware 145

Tech Republic Security

MARCH 8, 2021

Cybercriminals are racing to exploit four zero-day bugs in Exchange before more organizations can patch them.

Hacking 217

Hacking 217

Bleeping Computer

MARCH 10, 2021

In a major unprecedented incident, data centers of OVH located in Strasbourg, France have been destroyed by fire. Customers are being advised by the company to enact their disaster recovery plans after the fire has rendered multiple data centers unserviceable, impacting websites around the world. [.].

Technology 145

Technology 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

MARCH 11, 2021

Science has a paper (and commentary ) on generating 250 random terabits per second with a laser. I don’t know how cryptographically secure they are, but that can be cleaned up with something like Fortuna.

312

312

Security Boulevard

MARCH 10, 2021

Exploration and evolution are written into the very fabric of humanity. Since the planets in our solar system were named, traveling to Mars has been nothing short of a farfetched dream. However, the rapid rise of digital transformation has changed the world we live in, connecting continents and laying the foundation for meaningful space travel. The post Is Cybersecurity More Difficult Than Going to Mars?

Digital transformation 145

Digital transformation Cybersecurity Cyber Risk CISO 145

Tech Republic Security

MARCH 9, 2021

The SolarWinds incident was a wake-up call for most of the security professionals surveyed by DomainTools.

Cybersecurity 217

Cybersecurity 217

Hot for Security

MARCH 9, 2021

What’s going on? In case you’ve missed the news – hundreds of thousands of Microsoft Exchange Server systems worldwide are thought to have been compromised by hackers, who exploited zero-day vulnerabilities to steal emails. Victims have included the European Banking Authority. The attacks began seemingly specifically targeting organisations, but has now broadened and escalated dramatically.

Hacking 145

Hacking Small Business Banking Internet 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

MARCH 9, 2021

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.

Hacking 145

Hacking Software Cybersecurity 145

Digital Shadows

MARCH 9, 2021

Note: This blog is a part of our MITRE ATT&CK Mapping series in which we map the latest major threat. The post Mapping MITRE ATT&CK to the DPRK Financial Crime Indictment first appeared on Digital Shadows.

Cybercrime 145

Cybercrime 145

Tech Republic Security

MARCH 10, 2021

Criminals have been targeting organizations that run Exchange hoping to breach ones that haven't patched the latest bugs, says ESET.

Cybercrime 186

Cybercrime 186

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. Unknown threat actors hacked the Verified forum in January, Crdclub in February, and Exploit and Maza in March, the attackers also leaked stolen data and in some cases they offered it for sale. “Since the beginning of the year, Intel 471 has

Cybercrime 145

Cybercrime Hacking DDOS Passwords 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Google Security

MARCH 12, 2021

Posted by Stephen Röttger and Artur Janc, Information Security Engineers Three years ago, Spectre changed the way we think about security boundaries on the web. It quickly became clear that flaws in modern processors undermined the guarantees that web browsers could make about preventing data leaks between applications. As a result, web browser vendors have been continuously collaborating on approaches intended to harden the platform at scale.

Engineering 144

Engineering Architecture Software Firmware 144

The Hacker News

MARCH 12, 2021

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.

144

144

Tech Republic Security

MARCH 9, 2021

WhatsApp, Messenger and Telegram are just a few messaging app options to consider. Tom Merritt lists five things you need to know about messaging apps.

161

161

Security Affairs

MARCH 11, 2021

Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the arsenal of China-linked Winniti APT. Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets Linux endpoints and servers. The malware was likely developed by the China-linked cyber espionage group Winnti. “We have discovered an undocumented backdoor targeting Linux systems, masqueraded as polkit daemon.

Malware 145

Malware Encryption Authentication Passwords 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity