Troy Hunt

MAY 15, 2020

I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Here's what I know: Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance.

Data breaches 363

Data breaches InfoSec 363

Krebs on Security

MAY 11, 2020

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network. Canton, Ohio-based Diebold [ NYSE: DBD ] is currently the largest ATM provider in the United States, with an estimated 35 percent of the cash machine market worldwide.

Ransomware 348

Ransomware Retail Malware Data breaches 348

Daniel Miessler

MAY 14, 2020

I wrote an article recently on how to secure your home network in three different tiers of protection. In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. These are the diet and exercise of the computer safety world. So, I decided to update the advice myself.

Risk 345

Risk Password Management Passwords Accountability 345

The Last Watchdog

MAY 13, 2020

Chief Information Security Officers were already on the hot seat well before the COVID-19 global pandemic hit, and they are even more so today. Related: Why U.S. cybersecurity policy needs to match societal values CISOs must preserve and protect their companies in a fast-changing business environment at a time when their organizations are under heavy bombardment.

CISO 309

CISO Cybersecurity Digital transformation Risk 309

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MAY 15, 2020

Long and nuanced story about Marcus Hutchins, the British hacker who wrote most of the Kronos malware and also stopped WannaCry in real time. Well worth reading.

Malware 262

Malware Cybercrime Hacking 262

Krebs on Security

MAY 12, 2020

Microsoft today issued software updates to plug at least 111 security holes in Windows and Windows-based programs. None of the vulnerabilities were labeled as being publicly exploited or detailed prior to today, but as always if you’re running Windows on any of your machines it’s time once again to prepare to get your patches on. May marks the third month in a row that Microsoft has pushed out fixes for more than 110 security flaws in its operating system and related software.

Backups 303

Backups Software Risk Media 303

Troy Hunt

MAY 15, 2020

I think I'm going to stick with the live weekly update model for the foreseeable future. It makes life so much easier when it comes to editing, rendering and uploading and it means I always have something out on time. So, that's that, other news this week is mostly just bits and pieces here and there and some banter with the audience and that's just fine, it's nice having a quieter week sometimes ??

VPN 194

VPN 194

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data. And while his attack in many cases requires opening a target laptop's case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes.

Firmware 252

Firmware Manufacturing Encryption Hacking 252

Adam Shostack

MAY 14, 2020

For Threat Model Thursday, I want to look at models and modeling in a tremendously high-stakes space: COVID models. There are a lot of them. They disagree. Their accuracy is subject to a wide variety of interventions. (For example, few disease models forecast a politicized response to the disease, or a massively inconsistent response within an area where people can travel freely.

147

147

Tech Republic Security

MAY 15, 2020

A new study of publicly reported data shows the average person experienced a breach every three months last year.

217

217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

MAY 12, 2020

At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story. .

Internet 145

Internet Internet Hacking 145

Schneier on Security

MAY 14, 2020

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. The first of the new malware variants, COPPERHEDGE , is described as a Remote Access Tool (RAT) "used by advanced persistent threat (APT) cyber actors in the targeting of cryptocurrency exchanges and related entities.

Government 252

Government Malware Antivirus Cryptocurrency 252

Security Affairs

MAY 11, 2020

During COVID-19 outbreak data processors have to be extra vigilant to maintain their compliance with data protection authorities like GDPR. COVID-19 has abruptly changed the world. It has imposed online learning and earning, which in turn has open new doors of cybersecurity threats and data breaches. Now the data processors have to be extra vigilant to maintain their compliance with data protection authorities like GDPR.

Encryption 145

Encryption Data breaches Advertising Passwords 145

Tech Republic Security

MAY 11, 2020

The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.

Phishing 213

Phishing Accountability 213

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

MAY 10, 2020

The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and affects any PC manufactured before 2019.

Manufacturing 144

Manufacturing Hacking 144

Schneier on Security

MAY 13, 2020

The Army is developing a new electronic warfare pod capable of being put on drones and on trucks.the Silent Crow pod is now the leading contender for the flying flagship of the Army's rebuilt electronic warfare force. Army EW was largely disbanded after the Cold War, except for short-range jammers to shut down remote-controlled roadside bombs. Now it's being urgently rebuilt to counter Russia and China , whose high-tech forces unlike Afghan guerrillas -- rely heavily on radio and radar systems,

Computers and Electronics 242

Computers and Electronics Wireless Artificial Intelligence 242

Security Affairs

MAY 13, 2020

Magellan Health, a for-profit managed health care and insurance firm, was the victim of a ransomware attack. Magellan Health Inc. is an American for-profit managed health care company, its customers include health plans and other managed care organizations, employers, labor unions, various military and governmental agencies and third-party administrators.

Data breaches 145

Data breaches Healthcare Ransomware Identity Theft 145

Tech Republic Security

MAY 11, 2020

Millions of employees working remotely have gotten no information about how to keep their devices and home networks safe.

Cybersecurity 210

Cybersecurity 210

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

MAY 10, 2020

Pick who sees your tweets, posts, and stories—and choose what you want to see, too.

141

141

Schneier on Security

MAY 11, 2020

The California Consumer Privacy Act is a lesson in missed opportunities. It was passed in haste, to stop a ballot initiative that would have been even more restrictive: In September 2017, Alastair Mactaggart and Mary Ross proposed a statewide ballot initiative entitled the "California Consumer Privacy Act." Ballot initiatives are a process under California law in which private citizens can propose legislation directly to voters, and pursuant to which such legislation can be enacted through voter

Data privacy 238

Data privacy Surveillance Internet Internet 238

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. “On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) released three Malware Analysis Reports (MA

Malware 144

Malware Advertising Government Cryptocurrency 144

Tech Republic Security

MAY 14, 2020

In an industry still experiencing a talent shortage despite the pandemic, recruiters and observers offer advice on what job seekers should and should not do.

Cybersecurity 208

Cybersecurity 208

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

MAY 9, 2020

Though social networks have pledged to take more concerted action against it, the theory has continued to spread, inspiring a surge of attacks. .

136

136

Adam Levin

MAY 13, 2020

In the wake of an April ransomware attack, Fortune 500 healthcare company Magellan Health announced that a hacker exfiltrated customer data. The ransomware attack was first detected by Magellan Health April 11, 2020, and was traced back to a phishing email that had been sent and opened five days earlier. Subsequent investigation revealed that customer data had been exfiltrated prior to the deployment of the ransomware.

Ransomware 133

Ransomware Healthcare Phishing Passwords 133

Security Affairs

MAY 15, 2020

Britain’s Ministry of Defence contractor Interserve has been hacked, intruders have stolen up to 100,000 past and present employees’ details. Interserve, a contractor for the Britain’s Ministry of Defence suffered a security breach, hackers have stolen up to 100,000 of past and current employees details. The company currently has around 53,000 employees.

Hacking 144

Hacking Data breaches Advertising Banking 144

Tech Republic Security

MAY 11, 2020

These threats are designed to capture usernames, passwords, bank details, network information, and other sensitive data, says security provider Lastline.

Banking 207

Banking Passwords 207

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

MAY 9, 2020

Plus: A GoDaddy breach, a ransomware attack, and more of the week's top security news.

Ransomware 136

Ransomware 136

Adam Levin

MAY 12, 2020

A major entertainment and media law firm experienced a massive data breach that may have compromised the data of many celebrities including Bruce Springsteen, Lady Gaga, Madonna, Nicki Minaj, Christina Aguilera, and others. Grubman Shire Meiselas & Sacks, a New York-based law firm, was hit by a ransomware attack that compromised at least 756 gigabytes of client data, including contracts, non-disclosure agreements, contact information and personal correspondence.

Data breaches 131

Data breaches Media Ransomware Hacking 131

Security Affairs

MAY 9, 2020

The Sodinokibi ransomware gang stolen gigabytes of legal documents from the law firm of the stars, Grubman Shire Meiselas & Sacks (GSMLaw). The Sodinokibi ransomware group claims to have stolen gigabytes of legal documents from the entertainment and law firm Grubman Shire Meiselas & Sacks (GSMLaw) that has dozens of international stars and celebrities among its clients.

Hacking 144

Hacking Ransomware Advertising Cryptocurrency 144

Tech Republic Security

MAY 13, 2020

The outbreak of COVID-19 has triggered a wave of scams, from fake pharmacies to stimulus payment promises to phony cryptocurrency wallets, says Bolster.

Scams 207

Scams Cryptocurrency 207

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity