Krebs on Security

DECEMBER 4, 2020

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.

Mobile 328

Mobile Authentication Accountability 328

Schneier on Security

DECEMBER 1, 2020

Many systems are vulnerable : Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. […]. They broadened their research to show how light can be used to manipulate a wider range of digital assistants — including Amazon Echo 3 — but also sensing systems found in medical

Hacking 321

Hacking 321

Troy Hunt

NOVEMBER 28, 2020

What. A. Week. Blog post every day, massive uptick in comments, DMs, newsletter subscribers, followers and especially, blog traffic. More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. This has been a fascinating experience for me and I've enjoyed sharing the journey, complete with all my mistakes ?? I topped the week off by spending a couple of hours talking to Scott Helme about our respective IoT experiences so that's the entirety of this week's update - Sc

IoT 293

IoT Password Management Firmware Passwords 293

Daniel Miessler

DECEMBER 3, 2020

The Lawfare Podcast is one of my few staples, and I just listened to another great episode on espionage against US buisnesses. My main takeaway was this: Foreign governments—and especially China—are pivoting from targeting other governments for their secrets, to instead going after private companies because that’s where most of the intellectual property is.

Government 251

Government Information Security 251

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

DECEMBER 2, 2020

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised.

Accountability 326

Accountability Hacking Scams Media 326

Schneier on Security

DECEMBER 3, 2020

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. So while opening up source code is a good thing, it is not a guarantee of security.

Engineering 317

Engineering Software Cybersecurity 317

Joseph Steinberg

DECEMBER 1, 2020

Social media users’ delight at receiving notification that their accounts have qualified for Verification (that is, receiving the often-coveted “blue check mark” that appears on the social media profiles of public figures) has become the latest target of criminal exploitation. Cybercrooks intent on stealing people’s identities (or worse) have begun sending well-crafted messages that both impersonate various major social-media providers, as well as mimic the instructions that such media platforms

Media 246

Media Accountability Phishing Scams 246

Krebs on Security

DECEMBER 1, 2020

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors. Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad , a gang of young ne’er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks a

DDOS 264

DDOS Hacking Mobile Encryption 264

Schneier on Security

DECEMBER 2, 2020

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ — over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable­ — meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. […].

Passwords 303

Passwords Hacking 303

Tech Republic Security

NOVEMBER 30, 2020

Strong passwords are necessary for making sure you and your organization stay protected. Tom Merritt offers five tips for creating strong passwords.

Passwords 208

Passwords 208

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Levin

DECEMBER 2, 2020

Android users trying to install mods for the wildly popular game title Minecraft may be unintentionally installing adware and malware to their devices. According to new research from cybersecurity and anti-virus company Kaspersky Lab , over twenty apps available to download on Google’s Play store claiming to add additional content to the game were “malvertising,” which launches unwanted popup ads on a user’s device.

Adware 173

Adware Malware Cybersecurity Technology 173

Security Affairs

DECEMBER 3, 2020

E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea. E-Land Group takes part in retail malls, restaurants, theme parks, hotels and construction businesses as well as its cornerstone, fashion apparel business.

Ransomware 145

Ransomware Retail Encryption Malware 145

Schneier on Security

DECEMBER 4, 2020

Neat story : German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during World War Two which they believe was thrown overboard from a scuttled submarine. Thinking they had discovered a typewriter entangled in a net on the seabed of Gelting Bay, underwater archaeologist Florian Huber quickly realised the historical significance of the find.

292

292

Tech Republic Security

NOVEMBER 30, 2020

Is this a bad idea? Learn about the pitfalls and what organizations should be doing to address lax security versus productivity.

Cybersecurity 201

Cybersecurity 201

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

DECEMBER 2, 2020

Efforts to secure the Border Gateway Protocol have picked up critical momentum, including a big assist from Google.

Internet 145

Internet Internet 145

Security Affairs

DECEMBER 2, 2020

Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack iPhone devices. Google Project Zero white-hat hacker Ian Beer has disclosed technical details of a critical “wormable” iOS bug that could have allowed a remote attacker to take over any device in the vicinity over Wi-Fi.

Hacking 145

Hacking Wireless Mobile Information Security 145

Schneier on Security

NOVEMBER 30, 2020

I can’t believe that check washing is still a thing: “Check washing” is a practice where thieves break into mailboxes (or otherwise steal mail), find envelopes with checks, then use special solvents to remove the information on that check (except for the signature) and then change the payee and the amount to a bank account under their control so that it could be deposited at out-state-banks and oftentimes by a mobile phone.

Banking 259

Banking Mobile Accountability 259

Tech Republic Security

DECEMBER 4, 2020

CyberNews analyzed more than 15 billion passwords; if your favorite one is at the top of the list, it's time to change right now.

Passwords 199

Passwords Internet Internet 199

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

NOVEMBER 29, 2020

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

Encryption 145

Encryption 145

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.

Malware 145

Malware Accountability Hacking Government 145

Schneier on Security

DECEMBER 4, 2020

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free.

Information Security 249

Information Security 249

Tech Republic Security

NOVEMBER 30, 2020

The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found.

Cybersecurity 198

Cybersecurity 198

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

DECEMBER 2, 2020

Robust Intelligence is among a crop of companies that offer to protect clients from efforts at deception.

Artificial Intelligence 145

Artificial Intelligence 145

Security Affairs

NOVEMBER 28, 2020

The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files.

Ransomware 145

Ransomware Encryption IoT Malware 145

Javvad Malik

DECEMBER 4, 2020

Following on from last weeks post in which I summed up my top 5 blogs of the year , the sequel that one person asked me for was, what were the most watched videos of mine during 2020? Well, wonder no more, as I give you the top 5 in reverse order, cue the Top of the Pops intro! 5: Social Distance Club. Nothing to do with security and all to do with staying safe during a pandemic. 4: 7 talks I’m planning once the pandemic is over.

Security Awareness 130

Security Awareness 130

Tech Republic Security

DECEMBER 1, 2020

Cybercriminals can use stolen information for extortion, scams and phishing schemes, and the direct theft of money, says Kaspersky.

Scams 191

Scams Phishing 191

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

DECEMBER 3, 2020

A Google researcher found flaws in Apple's AWDL protocol that would have allowed for a complete device takeover.

Hacking 144

Hacking 144

Security Affairs

DECEMBER 4, 2020

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.

Media 145

Media Software Malware Social Engineering 145

Adam Levin

DECEMBER 4, 2020

Retailers around the world are anticipating less foot traffic in their shops this holiday season, with more than 75% of consumers expected to do most of their shopping online due to the pandemic. And if there was any doubt as to this proposition, Black Friday certainly proved the point. While that will certainly keep consumers safer when it comes to Covid-19 infections, it could make them more vulnerable to other ills like cybercrime.

Cybersecurity 130

Cybersecurity Firewall Internet Internet 130

Tech Republic Security

DECEMBER 1, 2020

November saw a spike in phishing emails spoofing shipping companies such as DHL, Amazon, and FedEx, says Check Point Research.

Scams 162

Scams Phishing 162

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity