Krebs on Security

JUNE 21, 2020

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “ BlueLeaks ” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to

Government 363

Government Accountability Cyber threats Cyber Attacks 363

Schneier on Security

JUNE 24, 2020

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer than any other time in my adult life -- and I have no future flights scheduled. This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying.

Risk 362

Risk 362

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch diskettes.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Adam Levin

JUNE 26, 2020

Phony contact-tracing apps meant to mitigate the spread of the Covid-19 pandemic are installing ransomware on mobile devices. One app billed itself, “The Covid-19 Tracer App,” claiming to be an official mobile app of the Canadian government’s coronavirus contact tracing effort. “The more Canadians who voluntarily download and use the app, the safer we’ll be, and the faster we can reopen the economy,” stated the scam website.

Ransomware 223

Ransomware Malware Mobile Scams 223

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Shostack

JUNE 22, 2020

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world. The Cyentia Library lets us see what people are doing in terms of research and data.

Accountability 200

Accountability Ransomware Hacking 200

Schneier on Security

JUNE 23, 2020

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about "several hints suggesting a possible link" to the Lazarus group (aka North Korea), but that's by no means definite. As part of the initial compromise phase, the Operation In(ter)ception attackers had created fake LinkedIn accounts posing as HR representatives of well-known companies in the aerospace and defense industries.

Malware 348

Malware Accountability 348

Tech Republic Security

JUNE 23, 2020

Bad actors have flooded the enterprise with coronavirus-related attacks, but professionals working from home have other worries, Unisys Security found.

218

218

Adam Levin

JUNE 24, 2020

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. The data, called “BlueLeaks,” was shared online by a group called Distributed Denial of Secrets, or DDoSecrets), a Wikileaks-style organization committed to “enabling the free transmission of data in the public interest.”.

Data collection 189

Data collection VPN Accountability Risk 189

Schneier on Security

JUNE 25, 2020

New research: " Best Practices for IoT Security: What Does That Even Mean? " by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices.

IoT 325

IoT Manufacturing Internet Internet 325

Daniel Miessler

JUNE 21, 2020

THIS WEEK’S TOPICS: Ripple20 IoT Vulns, Homeland Security Surveillance, US Cyber Budget, Adobe EOL, AWS DDoS, Bellingcat Poison Investigation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Surveillance 130

Surveillance DDOS IoT Technology 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JUNE 25, 2020

Emails with fake COVID-19 training materials are trying to trick employees into sharing their Microsoft credentials, says Check Point Research.

Phishing 203

Phishing 203

Security Affairs

JUNE 26, 2020

A man accused to have developed distributed denial of service (DDoS) botnets based on the Mirai botnet was sentenced to 13 months in federal prison. Kenneth Currin Schuchman, 22, of Vancouver, Washington, was sentenced to 13 months in federal prison because it has developed distributed denial of service (DDoS) botnets based on the source code of Mirai botnet.

DDOS 145

DDOS IoT Advertising Internet 145

Schneier on Security

JUNE 24, 2020

Really interesting research: " An examination of the cryptocurrency pump and dump ecosystem ": Abstract : The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud. This paper examines pump and dump schemes. The recent explosion of nearly 2,000 cryptocurrencies in an unregulated environment has expanded the scope for abuse.

Cryptocurrency 320

Cryptocurrency Scams 320

WIRED Threat Level

JUNE 22, 2020

The so-called BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies.

Hacking 145

Hacking 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 22, 2020

Targeting the CEO and others in an organization, the attacks spotted by cybersecurity firm Darktrace were detected due to artificial intelligence.

Artificial Intelligence 200

Artificial Intelligence Phishing Cybersecurity 200

Security Affairs

JUNE 21, 2020

Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. Researchers at security firm Intego observed the new variant being spread masqueraded as a fake Adobe Flash Player installer (.DMG disk image) and implementing fresh advanced evasion capabilities. “The new malware tricks victims into bypassing Apple’s built-in macOS security protecti

Engineering 145

Engineering Malware Adware Antivirus 145

Schneier on Security

JUNE 22, 2020

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30. It showed the woman, in flame-retardant gloves, grabbing a burning piece of a police barricade that had already been used to set one squad car on fire and tossi

Internet 301

Internet Internet Mobile Accountability 301

Jane Frankland

JUNE 23, 2020

Jackson was known for being sarcastic, and when I first met him at my friend’s party, to say he irritated me was an understatement. Like most people, he asked me what I did for a living. Expecting to hear that I was in marketing, PR, education, accounting, or law, he was shocked when he heard my reply. Now, these are all fine jobs, don’t get me wrong, and maybe once upon a time I’d have considered them as professions to pursue.

Cybersecurity 100

Cybersecurity Social Engineering Education Technology 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 26, 2020

If Safari isn't your default Mac web browser, it should be when Apple releases macOS Big Sur. Here's how Apple developers have readied the browser for adulthood and the demands of the workplace.

180

180

Security Affairs

JUNE 25, 2020

Microsoft researchers are warning of attacks against Exchange servers and published guidance on how to defend them. Microsoft’s Defender ATP Research Team released guidance on how to defend against attacks targeting Exchange servers with the use of behavior-based detection. Microsoft researchers analyzed multiple campaigns targeting Exchange servers in early April which showed how the malicious actors deploying web shells them.

Social Engineering 144

Social Engineering Advertising Engineering Authentication 144

Schneier on Security

JUNE 26, 2020

Interesting research: " Identifying Unintended Harms of Cybersecurity Countermeasures ": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the infrastructure itself (including other ser

Cybersecurity 268

Cybersecurity Risk Technology Cybercrime 268

Dark Reading

JUNE 26, 2020

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.

140

140

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JUNE 25, 2020

Your credit card is worth around $33, your driver's license around $27, and your PayPal account around $42, according to Reviews.org.

Accountability 208

Accountability 208

Security Affairs

JUNE 24, 2020

U.S. business consulting firm Frost & Sullivan suffered a data breach, a threat actor is offering for sale its databases on a hacker forum. U.S. firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. Frost & Sullivan is a business consulting firm involved in market research and analysis, growth strategy consulting, and corporate training across multiple industries.

Data breaches 145

Data breaches Backups Advertising Hacking 145

Threatpost

JUNE 25, 2020

Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more.

145

145

WIRED Threat Level

JUNE 26, 2020

After releasing over a million hacked law enforcement files, DDoSecrets got banned from Twitter. But it has no plans to slow down.

Hacking 135

Hacking 135

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JUNE 24, 2020

Spending on cybersecurity technology rose last quarter but will dip this year due to budgetary constraints, says Canalys.

Marketing 215

Marketing Cybersecurity Technology 215

Security Affairs

JUNE 26, 2020

A new botnet, tracked as Lucifer, appeared in the threat landscape, it leverages close to a dozen exploits to hack Windows systems. A new botnet tracked as Lucifer appeared in the threat landscape, it leverages a dozen exploits for high and critical severity flaws affecting Windows systems. Upon infecting a system the bot turns it into a cryptomining client and could use it to launch distributed denial-of-service (DDoS) attacks.

DDOS 138

DDOS Malware Advertising Passwords 138

Threatpost

JUNE 23, 2020

Remote work is opening up new insider threats - whether it's negligence or malicious employees - and companies are scrambling to stay on top of these unprecedented risks.

Risk 116

Risk Data privacy Hacking 116

SecureWorld News

JUNE 23, 2020

COVID-19 has dramatically changed our relationship with remote work. Some of this shift was in place before the global pandemic, but coronavirus is a pivot point, particularly when it comes to managing remote employees and cybersecurity. COVID-19 also revealed and created significant security gaps around Identity and Access Management (IAM). That is why SecureWorld recently convened a panel of cybersecurity experts to talk through this challenge.

Authentication 98

Authentication CISO Cybersecurity Accountability 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity