Krebs on Security

JUNE 21, 2020

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “ BlueLeaks ” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to

Government 364

Government Accountability Cyber threats Banking 364

Schneier on Security

JUNE 24, 2020

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer than any other time in my adult life -- and I have no future flights scheduled. This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying.

Risk 279

Risk 279

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch diskettes.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Adam Levin

JUNE 26, 2020

Phony contact-tracing apps meant to mitigate the spread of the Covid-19 pandemic are installing ransomware on mobile devices. One app billed itself, “The Covid-19 Tracer App,” claiming to be an official mobile app of the Canadian government’s coronavirus contact tracing effort. “The more Canadians who voluntarily download and use the app, the safer we’ll be, and the faster we can reopen the economy,” stated the scam website.

Ransomware 223

Ransomware Malware Mobile Scams 223

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JUNE 23, 2020

Bad actors have flooded the enterprise with coronavirus-related attacks, but professionals working from home have other worries, Unisys Security found.

218

218

Schneier on Security

JUNE 23, 2020

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about "several hints suggesting a possible link" to the Lazarus group (aka North Korea), but that's by no means definite. As part of the initial compromise phase, the Operation In(ter)ception attackers had created fake LinkedIn accounts posing as HR representatives of well-known companies in the aerospace and defense industries.

Malware 273

Malware Accountability 273

Troy Hunt

JUNE 26, 2020

I'm literally surrounded by broken pieces of half finished repairs. My office is usually a pretty organised place so it's kinda frustrating, but then I'm replacing equipment that's seen up to a decade or more of solid use so that's not a bad run. Amidst all that, I've well and truly gone down the IoT rabbit hole with all sorts of bits now connected through Home Assistant (just understanding the basics of this is actually one of those draft blog posts I mentioned).

Data breaches 191

Data breaches IoT Passwords 191

Tech Republic Security

JUNE 23, 2020

File sharing, remote work, and vulnerable employees are leaving company networks open to potential cyberattack

218

218

Schneier on Security

JUNE 25, 2020

New research: " Best Practices for IoT Security: What Does That Even Mean? " by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices.

IoT 256

IoT Manufacturing Internet Internet 256

Adam Levin

JUNE 24, 2020

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. The data, called “BlueLeaks,” was shared online by a group called Distributed Denial of Secrets, or DDoSecrets), a Wikileaks-style organization committed to “enabling the free transmission of data in the public interest.”.

Data collection 189

Data collection VPN Accountability Risk 189

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JUNE 26, 2020

A man accused to have developed distributed denial of service (DDoS) botnets based on the Mirai botnet was sentenced to 13 months in federal prison. Kenneth Currin Schuchman, 22, of Vancouver, Washington, was sentenced to 13 months in federal prison because it has developed distributed denial of service (DDoS) botnets based on the source code of Mirai botnet.

DDOS 145

DDOS IoT Advertising Internet 145

Tech Republic Security

JUNE 24, 2020

Spending on cybersecurity technology rose last quarter but will dip this year due to budgetary constraints, says Canalys.

Marketing 216

Marketing Cybersecurity Technology 216

Schneier on Security

JUNE 24, 2020

Really interesting research: " An examination of the cryptocurrency pump and dump ecosystem ": Abstract : The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud. This paper examines pump and dump schemes. The recent explosion of nearly 2,000 cryptocurrencies in an unregulated environment has expanded the scope for abuse.

Cryptocurrency 253

Cryptocurrency Scams 253

WIRED Threat Level

JUNE 26, 2020

After releasing over a million hacked law enforcement files, DDoSecrets got banned from Twitter. But it has no plans to slow down.

Hacking 145

Hacking 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JUNE 26, 2020

German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of an illegal underground economy forum. According to prosecutors in Frankfurt and Bamberg, the German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of the “ crimenetwork.co ” illegal underground economy forum.

Advertising 145

Advertising Cryptocurrency Malware Hacking 145

Tech Republic Security

JUNE 25, 2020

Your credit card is worth around $33, your driver's license around $27, and your PayPal account around $42, according to Reviews.org.

Accountability 214

Accountability 214

Schneier on Security

JUNE 22, 2020

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30. It showed the woman, in flame-retardant gloves, grabbing a burning piece of a police barricade that had already been used to set one squad car on fire and tossi

Internet 238

Internet Internet Mobile Accountability 238

WIRED Threat Level

JUNE 22, 2020

The so-called BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies.

Hacking 145

Hacking 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JUNE 24, 2020

U.S. business consulting firm Frost & Sullivan suffered a data breach, a threat actor is offering for sale its databases on a hacker forum. U.S. firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. Frost & Sullivan is a business consulting firm involved in market research and analysis, growth strategy consulting, and corporate training across multiple industries.

Backups 145

Backups Data breaches Advertising Hacking 145

Tech Republic Security

JUNE 25, 2020

Some 67% of all malware seen in the first quarter was delivered via HTTPS, according to security firm WatchGuard Technologies.

Malware 210

Malware Encryption Technology 210

Schneier on Security

JUNE 26, 2020

Interesting research: " Identifying Unintended Harms of Cybersecurity Countermeasures ": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the infrastructure itself (including other ser

Cybersecurity 210

Cybersecurity Risk Technology Cybercrime 210

Threatpost

JUNE 25, 2020

Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more.

145

145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JUNE 21, 2020

Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. Researchers at security firm Intego observed the new variant being spread masqueraded as a fake Adobe Flash Player installer (.DMG disk image) and implementing fresh advanced evasion capabilities. “The new malware tricks victims into bypassing Apple’s built-in macOS security protecti

Engineering 145

Engineering Malware Adware Antivirus 145

Tech Republic Security

JUNE 25, 2020

Emails with fake COVID-19 training materials are trying to trick employees into sharing their Microsoft credentials, says Check Point Research.

Phishing 209

Phishing 209

Dark Reading

JUNE 26, 2020

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.

140

140

WIRED Threat Level

JUNE 20, 2020

Plus: OnlyFans pirates, a nasty Netgear bug, and more of the week's top security news.

Malware 140

Malware 140

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JUNE 25, 2020

Microsoft researchers are warning of attacks against Exchange servers and published guidance on how to defend them. Microsoft’s Defender ATP Research Team released guidance on how to defend against attacks targeting Exchange servers with the use of behavior-based detection. Microsoft researchers analyzed multiple campaigns targeting Exchange servers in early April which showed how the malicious actors deploying web shells them.

Social Engineering 145

Social Engineering Advertising Engineering Authentication 145

Tech Republic Security

JUNE 22, 2020

Targeting the CEO and others in an organization, the attacks spotted by cybersecurity firm Darktrace were detected due to artificial intelligence.

Artificial Intelligence 209

Artificial Intelligence Phishing Cybersecurity 209

Threatpost

JUNE 24, 2020

A new devilish malware is targeting Windows systems with cryptojacking and DDoS capabilities.

Malware 139

Malware DDOS 139

Daniel Miessler

JUNE 21, 2020

THIS WEEK’S TOPICS: Ripple20 IoT Vulns, Homeland Security Surveillance, US Cyber Budget, Adobe EOL, AWS DDoS, Bellingcat Poison Investigation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Surveillance 130

Surveillance DDOS IoT Technology 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity