Krebs on Security

JUNE 9, 2020

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.

Ransomware 362

Ransomware System Administration Backups Technology 362

Schneier on Security

JUNE 12, 2020

This is a weird story : Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. According to Vice, the FBI had tried to hack into Hernandez's computer but failed, as the approach they used "was not tailored for Tails.

Surveillance 303

Surveillance Accountability Hacking Media 303

Adam Levin

JUNE 8, 2020

Japanese automotive manufacturer Honda is investigating a possible ransomware attack that has caused company-wide network outages. Several news outlets have reported that the company’s servers have been infected with the EKANS ransomware which led to network connectivity issues in Europe and Japan over the weekend. “On Sunday, June 7, Honda experienced a disruption in its computer network that has caused a loss of connectivity, thus impacting our business operations,” said a spokespe

Ransomware 283

Ransomware Manufacturing Malware Data breaches 283

Troy Hunt

JUNE 11, 2020

The photo up the top of this blog post was taken 259 days ago, 15 and a half thousand kilometres away in Budapest and with 1.3 billion records less in Have I Been Pwned. It was also taken in an environment that unbeknownst to all of us at the time, would be inconceivable just 6 months later; a packed conference room. Last week I received my third biennial Microsoft Regional Director recognition for doing precisely the sort of thing I was up to in that photo.

Media 217

Media 217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

JUNE 7, 2020

The co-owners of vDOS , a now-defunct service that for four years helped paying customers launch more than two million distributed denial-of-service (DDoS) attacks that knocked countless Internet users and websites offline, each have been sentenced to six months of community service by an Israeli court. vDOS as it existed on Sept. 8, 2016. A judge in Israel handed down the sentences plus fines and probation against Yarden Bidani and Itay Huri , both Israeli citizens arrested in 2016 at age 18 in

DDOS 317

DDOS Internet Internet Advertising 317

Schneier on Security

JUNE 10, 2020

New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN applications, from image recognition to natural language processing (NLP).

Mobile 280

Mobile 280

Adam Levin

JUNE 12, 2020

The U.S. and global protests of the killing of George Floyd are being used to spread malware according to the cybersecurity non-profit organization abuse.ch. . The Zurich-based group identified a phishing campaign that capitalizes on the Black Lives Matter movement to distribute malware. Emails with the subject line “Vote anonymous about ‘Black Lives Matter’” have been sending a variant of TrickBot, a trojan-style program designed to steal credentials and data from computers running Windows.

Malware 167

Malware Banking Phishing Ransomware 167

Krebs on Security

JUNE 9, 2020

Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. None of the bugs addressed this month are known to have been exploited or detailed prior to today, but there are a few vulnerabilities that deserve special attention — particularly for enterprises and employees working remotely.

Authentication 303

Authentication Software Backups Accountability 303

Schneier on Security

JUNE 9, 2020

New research: " Security Analysis of the Democracy Live Online Voting System ": Abstract: Democracy Live's OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and (optionally) online voting. Three states -- Delaware, West Virginia, and New Jersey -- recently announced that they will allow certain voters to cast votes online using OmniBallot, but, despite the well established risks of Internet voting, the system has never been the subject of a public, independent

Internet 277

Internet Internet Risk Engineering 277

Tech Republic Security

JUNE 8, 2020

The CFO of a small company that was the victim of a ransomware attack and reveals why they paid the ransom (in Bitcoin) to gain back control of their systems.

Small Business 218

Small Business Ransomware 218

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Troy Hunt

JUNE 11, 2020

This week's update had a bunch of people drop by and discussion tended to jump around a bit, but frankly it's kinda nice to have some interaction in an era where we're not really doing as much of that any more. The IoT topic got some good engagement as did the fact that we "magically" dropped over a hundred active cases of COVID-19 in Australia today (sounds like the gov just reclassifying what's still considered to be an active case).

IoT 164

IoT Data breaches Phishing Hacking 164

Adam Shostack

JUNE 12, 2020

The Sonatype 2020 DevSecOps Community Survey is a really interesting report. Most interesting to me is the importance of effective communication, with both tools and human communication in developer happiness. But even more important is my belief that to reach developers Star Wars is better than Star Trek is confirmed. No bias there.

Engineering 130

Engineering Software 130

Schneier on Security

JUNE 11, 2020

Remember Spectre and Meltdown? Back in early 2018, I wrote : Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research into the Intel ME vulnerability -- have shown researchers where to look, more is coming -- and what they'll find will be worse than either Spectre or Meltdown.

Software 264

Software Hacking 264

Tech Republic Security

JUNE 11, 2020

COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds.

Cybersecurity 198

Cybersecurity Risk 198

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Daniel Miessler

JUNE 8, 2020

THIS WEEK’S TOPICS: COVID-19 Trends, New Zoom Trouble, Facebook Blocking, Chrome Incognito Suit, Retail Rents, Nuclear Contractor Hack, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Retail 130

Retail Technology Hacking Information Security 130

Adam Shostack

JUNE 8, 2020

There’s an interesting new draft, Best Practices for IoT Security:What Does That Even Mean? It’s by Christopher Bellman and Paul C. van Oorschot. The abstract starts: “Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices.

IoT 124

IoT Manufacturing Internet Internet 124

Security Affairs

JUNE 6, 2020

A critical vulnerability in traffic light controllers manufactured by SWARCO could have been exploited by attackers to disrupt traffic lights. A critical vulnerability in traffic light controllers designed by SWARCO could have been exploited by hackers to disrupt traffic lights. SWARCO is the world’s largest manufacturer of signal heads and the number two internationally for reflective glass beads.

Manufacturing 142

Manufacturing Advertising Cybersecurity Hacking 142

Tech Republic Security

JUNE 12, 2020

Only 37% of "high performer" organizations monitor the risk of IoT devices used by third parties, and current IoT risk-management programs can't keep pace, study said.

IoT 192

IoT Risk 192

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JUNE 9, 2020

Just like with foods that display health information the package, researchers are exploring a tool that details how connected devices manage data.

IoT 135

IoT 135

Adam Shostack

JUNE 9, 2020

Contextualisation of Data Flow Diagrams for security analysis is a new paper to which I contributed: “Abstract: Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and r

100

100

Security Affairs

JUNE 8, 2020

A researcher is warning that Google is indexing the phone numbers of WhatsApp users raising serious privacy concerns. Google is indexing the phone numbers of WhatsApp users that could be abused by threat actors for malicious activities. Even if Google Search only revealed the phone numbers and not the identities of associated users, ill-intentioned attackers could be able to see users’ profile pictures on WhatsApp and performing a reverse-image search the user’s profile picture to gather additio

Engineering 144

Engineering Advertising Mobile Accountability 144

Tech Republic Security

JUNE 11, 2020

The COVID-19 pandemic has affected many tech career fields. Learn how it has impacted cybersecurity professionals, and how to help.

Cybersecurity 215

Cybersecurity 215

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

JUNE 7, 2020

Developers are working on track-and-trace systems to keep infection levels low. The apps aren't here yet, but here's what they do—and how you can enable them.

116

116

Schneier on Security

JUNE 8, 2020

Good interview.

Internet 255

Internet Internet 255

Security Affairs

JUNE 12, 2020

Russia-linked Gamaredon APT use a new module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. Reseaerchers from ESET reported that Russia-linked Gamaredon APT has a new tool in its arsenal, it is a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts.

Malware 137

Malware Phishing Advertising Government 137

Tech Republic Security

JUNE 12, 2020

A honeypot created by Cybereason to lure cybercriminals and analyze their methods showed that ransomware attacks infiltrate their victims in multiple stages.

Ransomware 190

Ransomware 190

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

JUNE 12, 2020

The so-called lamphone technique allows for real-time listening in on a room that's hundreds of feet away.

Hacking 141

Hacking 141

Threatpost

JUNE 10, 2020

The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American energy company, researchers said.

Ransomware 122

Ransomware Malware 122

Security Affairs

JUNE 10, 2020

Japanese carmaker Honda announced it has been hit by a cyberattack that disrupted its business in several countries. The Japanese carmaker Honda announced that threat actors have compromised the Honda network disrupting its business in several countries. Source informed about the security incident believe Honda’s systems have been infected with SNAKE Ransomware.

Ransomware 133

Ransomware Advertising Encryption Cyber Attacks 133

Tech Republic Security

JUNE 10, 2020

The automaker's customer service and financial services are unavailable as it deals with an attack that experts believe is ransomware.

Financial Services 203

Financial Services Ransomware 203

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity