Krebs on Security

JUNE 9, 2020

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.

Ransomware 363

Ransomware System Administration Backups Technology 363

Schneier on Security

JUNE 12, 2020

This is a weird story : Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. According to Vice, the FBI had tried to hack into Hernandez's computer but failed, as the approach they used "was not tailored for Tails.

Surveillance 312

Surveillance Accountability Hacking Media 312

Adam Levin

JUNE 8, 2020

Japanese automotive manufacturer Honda is investigating a possible ransomware attack that has caused company-wide network outages. Several news outlets have reported that the company’s servers have been infected with the EKANS ransomware which led to network connectivity issues in Europe and Japan over the weekend. “On Sunday, June 7, Honda experienced a disruption in its computer network that has caused a loss of connectivity, thus impacting our business operations,” said a spokespe

Ransomware 283

Ransomware Manufacturing Malware Data breaches 283

Troy Hunt

JUNE 11, 2020

The photo up the top of this blog post was taken 259 days ago, 15 and a half thousand kilometres away in Budapest and with 1.3 billion records less in Have I Been Pwned. It was also taken in an environment that unbeknownst to all of us at the time, would be inconceivable just 6 months later; a packed conference room. Last week I received my third biennial Microsoft Regional Director recognition for doing precisely the sort of thing I was up to in that photo.

Media 238

Media 238

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

JUNE 7, 2020

The co-owners of vDOS , a now-defunct service that for four years helped paying customers launch more than two million distributed denial-of-service (DDoS) attacks that knocked countless Internet users and websites offline, each have been sentenced to six months of community service by an Israeli court. vDOS as it existed on Sept. 8, 2016. A judge in Israel handed down the sentences plus fines and probation against Yarden Bidani and Itay Huri , both Israeli citizens arrested in 2016 at age 18 in

DDOS 319

DDOS Internet Internet Advertising 319

Schneier on Security

JUNE 9, 2020

New research: " Security Analysis of the Democracy Live Online Voting System ": Abstract: Democracy Live's OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and (optionally) online voting. Three states -- Delaware, West Virginia, and New Jersey -- recently announced that they will allow certain voters to cast votes online using OmniBallot, but, despite the well established risks of Internet voting, the system has never been the subject of a public, independent

Internet 227

Internet Internet Risk Engineering 227

Troy Hunt

JUNE 11, 2020

This week's update had a bunch of people drop by and discussion tended to jump around a bit, but frankly it's kinda nice to have some interaction in an era where we're not really doing as much of that any more. The IoT topic got some good engagement as did the fact that we "magically" dropped over a hundred active cases of COVID-19 in Australia today (sounds like the gov just reclassifying what's still considered to be an active case).

IoT 180

IoT Data breaches Phishing Hacking 180

Krebs on Security

JUNE 9, 2020

Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. None of the bugs addressed this month are known to have been exploited or detailed prior to today, but there are a few vulnerabilities that deserve special attention — particularly for enterprises and employees working remotely.

Authentication 312

Authentication Software Backups Accountability 312

Schneier on Security

JUNE 10, 2020

New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN applications, from image recognition to natural language processing (NLP).

Mobile 220

Mobile 220

Tech Republic Security

JUNE 11, 2020

A password alone will not protect sensitive information from hackers--two-factor authentication is also necessary. Here's what security pros and users need to know about two-factor authentication.

Authentication 217

Authentication Passwords 217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Levin

JUNE 12, 2020

The U.S. and global protests of the killing of George Floyd are being used to spread malware according to the cybersecurity non-profit organization abuse.ch. . The Zurich-based group identified a phishing campaign that capitalizes on the Black Lives Matter movement to distribute malware. Emails with the subject line “Vote anonymous about ‘Black Lives Matter’” have been sending a variant of TrickBot, a trojan-style program designed to steal credentials and data from computers running Windows.

Malware 167

Malware Banking Phishing Ransomware 167

WIRED Threat Level

JUNE 12, 2020

The so-called lamphone technique allows for real-time listening in on a room that's hundreds of feet away.

Hacking 145

Hacking 145

Schneier on Security

JUNE 11, 2020

Remember Spectre and Meltdown? Back in early 2018, I wrote : Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research into the Intel ME vulnerability -- have shown researchers where to look, more is coming -- and what they'll find will be worse than either Spectre or Meltdown.

Software 206

Software Hacking 206

Tech Republic Security

JUNE 11, 2020

The COVID-19 pandemic has affected many tech career fields. Learn how it has impacted cybersecurity professionals, and how to help.

Cybersecurity 217

Cybersecurity 217

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JUNE 8, 2020

A researcher is warning that Google is indexing the phone numbers of WhatsApp users raising serious privacy concerns. Google is indexing the phone numbers of WhatsApp users that could be abused by threat actors for malicious activities. Even if Google Search only revealed the phone numbers and not the identities of associated users, ill-intentioned attackers could be able to see users’ profile pictures on WhatsApp and performing a reverse-image search the user’s profile picture to gather additio

Engineering 145

Engineering Advertising Mobile Accountability 145

WIRED Threat Level

JUNE 9, 2020

Just like with foods that display health information the package, researchers are exploring a tool that details how connected devices manage data.

IoT 145

IoT 145

Schneier on Security

JUNE 8, 2020

Good interview.

Internet 197

Internet Internet 197

Tech Republic Security

JUNE 11, 2020

With increased use, phony apps and banking trojans will try to steal account credentials, according to the FBI.

Banking 214

Banking Mobile Accountability 214

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JUNE 6, 2020

A critical vulnerability in traffic light controllers manufactured by SWARCO could have been exploited by attackers to disrupt traffic lights. A critical vulnerability in traffic light controllers designed by SWARCO could have been exploited by hackers to disrupt traffic lights. SWARCO is the world’s largest manufacturer of signal heads and the number two internationally for reflective glass beads.

Manufacturing 144

Manufacturing Advertising Cybersecurity Hacking 144

WIRED Threat Level

JUNE 6, 2020

The best end-to-end encrypted messaging app has a host of security features. Here are the ones you should care about.

Encryption 145

Encryption 145

Threatpost

JUNE 12, 2020

The ransomware attack hit the Tennessee city of Knoxville this week, causing disruptions in various services.

Ransomware 131

Ransomware Phishing Malware 131

Tech Republic Security

JUNE 10, 2020

Application downtime was the most significant side effect of a DNS attack, according to EfficientIP.

DNS 211

DNS 211

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JUNE 12, 2020

Russia-linked Gamaredon APT use a new module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. Reseaerchers from ESET reported that Russia-linked Gamaredon APT has a new tool in its arsenal, it is a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts.

Malware 143

Malware Phishing Advertising Government 143

WIRED Threat Level

JUNE 7, 2020

Developers are working on track-and-trace systems to keep infection levels low. The apps aren't here yet, but here's what they do—and how you can enable them.

139

139

Adam Shostack

JUNE 12, 2020

The Sonatype 2020 DevSecOps Community Survey is a really interesting report. Most interesting to me is the importance of effective communication, with both tools and human communication in developer happiness. But even more important is my belief that to reach developers Star Wars is better than Star Trek is confirmed. No bias there.

Engineering 130

Engineering Software 130

Tech Republic Security

JUNE 10, 2020

The automaker's customer service and financial services are unavailable as it deals with an attack that experts believe is ransomware.

Financial Services 210

Financial Services Ransomware 210

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JUNE 10, 2020

Japanese carmaker Honda announced it has been hit by a cyberattack that disrupted its business in several countries. The Japanese carmaker Honda announced that threat actors have compromised the Honda network disrupting its business in several countries. Source informed about the security incident believe Honda’s systems have been infected with SNAKE Ransomware.

Ransomware 143

Ransomware Advertising Encryption Cyber Attacks 143

WIRED Threat Level

JUNE 12, 2020

The programmer who became a flagrant drug lord and weapons trafficker was sentenced in New York City to 25 years in prison.

133

133

Daniel Miessler

JUNE 8, 2020

THIS WEEK’S TOPICS: COVID-19 Trends, New Zoom Trouble, Facebook Blocking, Chrome Incognito Suit, Retail Rents, Nuclear Contractor Hack, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Retail 130

Retail Technology Hacking Information Security 130

Tech Republic Security

JUNE 11, 2020

COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds.

Cybersecurity 207

Cybersecurity Risk 207

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity