Krebs on Security

DECEMBER 4, 2020

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.

Mobile 317

Mobile Authentication Accountability 317

Schneier on Security

DECEMBER 1, 2020

Many systems are vulnerable : Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. […]. They broadened their research to show how light can be used to manipulate a wider range of digital assistants — including Amazon Echo 3 — but also sensing systems found in medical

Hacking 311

Hacking 311

Troy Hunt

NOVEMBER 28, 2020

What. A. Week. Blog post every day, massive uptick in comments, DMs, newsletter subscribers, followers and especially, blog traffic. More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. This has been a fascinating experience for me and I've enjoyed sharing the journey, complete with all my mistakes ?? I topped the week off by spending a couple of hours talking to Scott Helme about our respective IoT experiences so that's the entirety of this week's update - Sc

IoT 280

IoT Password Management Firmware Passwords 280

Daniel Miessler

DECEMBER 3, 2020

The Lawfare Podcast is one of my few staples, and I just listened to another great episode on espionage against US buisnesses. My main takeaway was this: Foreign governments—and especially China—are pivoting from targeting other governments for their secrets, to instead going after private companies because that’s where most of the intellectual property is.

Government 251

Government Information Security 251

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

DECEMBER 2, 2020

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised.

Accountability 316

Accountability Hacking Scams Media 316

Schneier on Security

DECEMBER 3, 2020

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. So while opening up source code is a good thing, it is not a guarantee of security.

Engineering 309

Engineering Software Cybersecurity 309

Troy Hunt

DECEMBER 4, 2020

It's a lighter weekly update this week, kinda feels like I'm still recovering from last week's epic IoT series TBH. It's also the last update from home before I go on my first decent trip since the whole pandemic thing started and as such, the next five updates will all come from other locations, some of them rather, uh, "remote". But there's still an hour of content today including the fact that it's HIBP's birthday ??

Password Management 239

Password Management IoT Passwords 239

Krebs on Security

DECEMBER 1, 2020

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors. Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad , a gang of young ne’er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks a

DDOS 259

DDOS Hacking Mobile Encryption 259

Schneier on Security

DECEMBER 2, 2020

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ — over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable­ — meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. […].

Passwords 295

Passwords Hacking 295

Adam Levin

DECEMBER 2, 2020

Android users trying to install mods for the wildly popular game title Minecraft may be unintentionally installing adware and malware to their devices. According to new research from cybersecurity and anti-virus company Kaspersky Lab , over twenty apps available to download on Google’s Play store claiming to add additional content to the game were “malvertising,” which launches unwanted popup ads on a user’s device.

Adware 173

Adware Malware Cybersecurity Technology 173

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

NOVEMBER 30, 2020

The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found.

Cybersecurity 187

Cybersecurity 187

Javvad Malik

DECEMBER 4, 2020

Following on from last weeks post in which I summed up my top 5 blogs of the year , the sequel that one person asked me for was, what were the most watched videos of mine during 2020? Well, wonder no more, as I give you the top 5 in reverse order, cue the Top of the Pops intro! 5: Social Distance Club. Nothing to do with security and all to do with staying safe during a pandemic. 4: 7 talks I’m planning once the pandemic is over.

Security Awareness 130

Security Awareness 130

Schneier on Security

DECEMBER 4, 2020

Neat story : German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during World War Two which they believe was thrown overboard from a scuttled submarine. Thinking they had discovered a typewriter entangled in a net on the seabed of Gelting Bay, underwater archaeologist Florian Huber quickly realised the historical significance of the find.

285

285

Adam Levin

DECEMBER 4, 2020

Retailers around the world are anticipating less foot traffic in their shops this holiday season, with more than 75% of consumers expected to do most of their shopping online due to the pandemic. And if there was any doubt as to this proposition, Black Friday certainly proved the point. While that will certainly keep consumers safer when it comes to Covid-19 infections, it could make them more vulnerable to other ills like cybercrime.

Cybersecurity 130

Cybersecurity Firewall Internet Internet 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 30, 2020

Strong passwords are necessary for making sure you and your organization stay protected. Tom Merritt offers five tips for creating strong passwords.

Passwords 200

Passwords 200

Security Affairs

NOVEMBER 29, 2020

A cyber criminal organization has stolen money from at least 35 Italian ATMs with a black box attack technique. A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new black box attack technique. The Carabinieri of Monza dismantled by the gang, the Italian law enforcement agency confirmed that the cybercrime organization stole about 800,000€ in just 7 months using #ATM Black Box attack.

Banking 143

Banking Cybercrime Mobile Manufacturing 143

Schneier on Security

NOVEMBER 30, 2020

I can’t believe that check washing is still a thing: “Check washing” is a practice where thieves break into mailboxes (or otherwise steal mail), find envelopes with checks, then use special solvents to remove the information on that check (except for the signature) and then change the payee and the amount to a bank account under their control so that it could be deposited at out-state-banks and oftentimes by a mobile phone.

Banking 241

Banking Mobile Accountability 241

Adam Levin

DECEMBER 4, 2020

The personal information of over 243 million Brazilians was left accessible online for at least six months. The data leak was discovered by the Brazilian newspaper Estadao and has been attributed to web developers leaving the password to a government database in the source code of a publicly accessible website. The potentially exposed data included full names, addresses, telephone numbers, and medical details of anyone who had registered with the country’s national health system, totaling roughl

Passwords 130

Passwords Government Identity Theft Data breaches 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

NOVEMBER 30, 2020

Is this a bad idea? Learn about the pitfalls and what organizations should be doing to address lax security versus productivity.

Cybersecurity 191

Cybersecurity 191

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159 , the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012.

Hacking 141

Hacking Firmware Internet Internet 141

Schneier on Security

DECEMBER 4, 2020

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free.

Information Security 233

Information Security 233

WIRED Threat Level

NOVEMBER 29, 2020

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

Encryption 143

Encryption 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

DECEMBER 4, 2020

CyberNews analyzed more than 15 billion passwords; if your favorite one is at the top of the list, it's time to change right now.

Passwords 191

Passwords Internet Internet 191

Security Affairs

NOVEMBER 28, 2020

The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files.

Ransomware 145

Ransomware Encryption IoT Malware 145

Adam Shostack

DECEMBER 4, 2020

There’s an interesting paper, Mitigating social bias in knowledge graph embeddings from a team at Amazon, which was presented at an academic workshop on bias in knowledge graph construction. The work is interesting, and the availability of approaches like this will be a welcome shift in how we deal with these important issues. Of course, these approaches are not panaceas, but starting to define and address relatively low hanging fruit is important.

100

100

Thales Cloud Protection & Licensing

DECEMBER 2, 2020

A Solution to Schrems II and the Security of Transatlantic Data Flows. madhav. Thu, 12/03/2020 - 05:24. Five months ago the European Court of Justice ruled that Privacy Shield did not comply with its citizens’ privacy rights. Known as the Schrems II decision , it created serious problems for organizations that transfer data from the European Union into the United States.

Encryption 113

Encryption Data privacy Banking Mobile 113

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

DECEMBER 1, 2020

Cybercriminals can use stolen information for extortion, scams and phishing schemes, and the direct theft of money, says Kaspersky.

Scams 180

Scams Phishing 180

Security Affairs

DECEMBER 4, 2020

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.

Media 144

Media Software Malware Social Engineering 144

WIRED Threat Level

DECEMBER 2, 2020

Efforts to secure the Border Gateway Protocol have picked up critical momentum, including a big assist from Google.

Internet 145

Internet Internet 145

Threatpost

DECEMBER 2, 2020

Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.

Wireless 122

Wireless Mobile 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity