Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. Triada first came to light in 2016 in articles published by Kaspersky here and here , the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered.

Firmware 263

Firmware Manufacturing Malware Mobile 263

Krebs on Security

JUNE 19, 2019

A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers. The filing, first reported by Bloomberg, comes from the Retrieval-Masters Creditors Bureau , the parent company of the American Medical Collection Agency (AMCA).

Data breaches 244

Data breaches Hacking 244

Troy Hunt

JUNE 21, 2019

So first things first - my patience for the Instamics we're wearing just reached zero. One of them recorded and one of them didn't which means we've had to fallback to audio captured by the iPhone I was recording from so apologies it's sub-par. I ended up just uploading the unedited clip direct from the phone because frankly, after trying to recover the non-existent audio both my time and patience were well into the red.

159

159

Adam Shostack

JUNE 19, 2019

Juneteenth is the celebration of the end of slavery in the US. We should have more holidays that celebrate freedom for the sake of freedom. So happy Juneteenth, everyone!

113

113

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JUNE 19, 2019

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud.

Password Management 257

Password Management Passwords Risk 257

Thales Cloud Protection & Licensing

JUNE 18, 2019

As organizations move more of their sensitive data to cloud platforms for the efficiency, flexibility and scalability that it promises, security and control continue to be a significant obstacle to this adoption. Although the 2019 Thales Data Threat Report-Global Edition tells us that 90% of organizations report using the cloud and 71% say they are using sensitive data in cloud environments, it also finds that, globally, 60% of organizations surveyed have been breached at some point in their his

Encryption 127

Encryption Big data Data breaches Threat Reports 127

Dark Reading

JUNE 18, 2019

How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.

Technology 105

Technology 105

Schneier on Security

JUNE 20, 2019

Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM.

Firmware 235

Firmware Hacking Manufacturing Banking 235

Thales Cloud Protection & Licensing

JUNE 20, 2019

Quantum computing attacks may have already begun. Confidential data is being exchanged using algorithms that will eventually be broken by quantum computers. Even though attackers cannot break the communications today (for we lack sufficiently powerful quantum computers), they can patiently record them for future analysis. Perhaps the most popular way to share confidential data between two remote parties is through a TLS connection.

Authentication 108

Authentication Encryption Risk 108

Security Affairs

JUNE 16, 2019

On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim ema i l servers, that already compromised some Azure installs. Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers. Microsoft Azure is not immune , recently experts reported several attacks leveraging the platform to host tech-support scam and phishing templates.

Advertising 111

Advertising Internet Internet Malware 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

JUNE 20, 2019

Three cybersecurity firms have identified phishing attacks stemming from Iran—that may lay the groundwork for something more destructive.

Phishing 104

Phishing Cybersecurity Hacking 104

Schneier on Security

JUNE 20, 2019

Matthew Green intelligently speculates about how Apple's new "Find My" feature works. If you haven't already been inspired by the description above, let me phrase the question you ought to be asking: how is this system going to avoid being a massive privacy nightmare? Let me count the concerns: If your device is constantly emitting a BLE signal that uniquely identifies it, the whole world is going to have (yet another) way to track you.

Marketing 226

Marketing Scams 226

Dark Reading

JUNE 20, 2019

Early information suggests threat actors gained access to the managed service provider's remote monitoring and management tools and used them to attack the firm's clients.

Ransomware 90

Ransomware 90

Security Affairs

JUNE 15, 2019

Cybercriminals are attempting to exploit an API misconfiguration in Docker containers to infiltrate them and run the Linux bot AESDDoS. Hackers are attempting to exploit an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community to infiltrate containers and run the Linux bot AESDDoS (Backdoor.Linux.DOFLOO.AA).

DDOS 110

DDOS Malware Advertising Cryptocurrency 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JUNE 21, 2019

A jury this week finds that Minneapolis police officers abused their license database access. Dozens of other lawsuits have made similar claims.

95

95

Schneier on Security

JUNE 19, 2019

Maciej Ceg?owski has a really good essay explaining how to think about privacy today: For the purposes of this essay, I'll call it "ambient privacy" -- the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small details of our daily lives should pass by unremembered.

Surveillance 224

Surveillance Media Technology Software 224

Dark Reading

JUNE 19, 2019

Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.

Scams 98

Scams Phishing 98

Security Affairs

JUNE 21, 2019

Security experts at Malwarebytes have discovered a new macOS crypto miner, tracked as Bird Miner, that works by emulating Linux. Researchers at MalwareBytes have spotted a new cryptominer, tracked as Bird Miner, that targets macOS and emulates Linux. The malware spreads via a cracked installer for the music production software Ableton Live that is distributed on a piracy website called VST Crack, and that is over 2.6 GB in size. “ A new Mac cryptocurrency miner Malwarebytes detects as Bird

Malware 109

Malware Advertising Software Cryptocurrency 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JUNE 17, 2019

Scammers are taking advantage of default calendar settings to try to trick users into clicking malicious links.

Scams 108

Scams Phishing Hacking 108

Schneier on Security

JUNE 17, 2019

Surveillance 254

Surveillance 254

Dark Reading

JUNE 20, 2019

Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad.

Cybercrime 88

Cybercrime 88

Security Affairs

JUNE 16, 2019

Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan. Recently a new botnet, tracked Echobot, appeared in the threat landscape its operators are adding new exploits to infect a broad range of systems, including IoT devices, enterprise apps Oracle WebLogic and VMware SD-Wan.

IoT 108

IoT Advertising Wireless Malware 108

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

JUNE 18, 2019

A security researcher who disclosed flaws impacting 2 million IoT devices in April - and has yet to see a patch or even hear back from the manufacturers contacted - is sounding off on the dire state of IoT security.

IoT 77

IoT Manufacturing Internet Internet 77

eSecurity Planet

JUNE 21, 2019

Which IT security projects deliver the most value and protection from risk? Gartner analysts offer their views.

Risk 95

Risk 95

Dark Reading

JUNE 17, 2019

Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.

100

100

Security Affairs

JUNE 20, 2019

The Riviera Beach City, Florida, agreed to pay $600,000 in ransom to decrypt its data after a ransomware-based attack hit its computer system. The Riviera Beach City Council voted unanimously to pay $600,000 in ransom to decrypt its records after a ransomware attack hit its systems. The council has previously agreed to spend $941,000 to modernize the entire IT infrastructure after hackers broke into the city’s system three weeks ago, ecrypting data managed by the City.

Insurance 108

Insurance Ransomware Advertising Government 108

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

JUNE 19, 2019

Rampant security-operations bungling allowed cyberattackers to infiltrate JPL's network, which carries human mission data.

Government 91

Government Cybersecurity Hacking 91

WIRED Threat Level

JUNE 20, 2019

The Global Hawk can fly at an altitude of 55,000 feet and stay aloft for 30 hours straight.

Surveillance 103

Surveillance 103

Dark Reading

JUNE 20, 2019

Early information suggests threat actors gained access to remote monitoring and management tools from Webroot and Kaseya to distribute malware.

Ransomware 97

Ransomware Malware 97

Security Affairs

JUNE 18, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708). After Microsoft and the US NSA , the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw ( CVE-2019-0708 ). Experts at the CISA Agency successfully exploited the BlueKeep flaw on a machine running Windows 2000.

Authentication 103

Authentication Advertising Malware Firewall 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity