Krebs on Security

NOVEMBER 21, 2020

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Troy Hunt

NOVEMBER 22, 2020

With the benefit of hindsight, this was a naïve question: Alright clever IoT folks, I've got two of these garage door openers, what do you reckon the best way of connecting them with Apple HomeKit is? [link] — Troy Hunt (@troyhunt) April 25, 2020 In my mind, the answer would be simple: "Just buy X, plug it in and you're good to go". Instead, I found myself heading down the rabbit hole into a world of soldering, custom firmware and community-driven home automation kits.

IoT 361

IoT Firmware Manufacturing Internet 361

Schneier on Security

NOVEMBER 24, 2020

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers for negligent homicide, but the details were more complicated: After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim’s medi

Ransomware 359

Ransomware Cybercrime Hacking 359

Adam Levin

NOVEMBER 23, 2020

The holidays are the most wonderful time of the year, especially for scammers. Consumers are typically spending more, doing it quickly and not paying as much attention to who they’re buying it from because of the rush. With the COVID-19 pandemic, many shoppers will make the bulk of their purchases online, which means this year’s Black Friday and Cyber Monday shopping frenzy could be riskier than usual.

Scams 239

Scams Banking Retail Consumer Protection 239

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

NOVEMBER 24, 2020

If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.

214

214

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. In part 2 , I covered IP addresses and the importance of a decent network to run all this stuff on, followed by Zigbee and the role of low power, low bandwidth devices. I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time.

IoT 355

IoT Firmware Risk Manufacturing 355

Javvad Malik

NOVEMBER 25, 2020

When we talk about privacy and surveillance, discussions usually involve talk of Governments keep the population under manners. But unlike the good old days of the eighteenth century, Governments aren’t the only ones with skin in the population monitoring, control, and profiteering business. We now have a whole slew of middle brothers aka big tech wanting a slice of that mind-control pie.

Surveillance 130

Surveillance Marketing Internet Internet 130

Tech Republic Security

NOVEMBER 25, 2020

Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.

Ransomware 202

Ransomware 202

Troy Hunt

NOVEMBER 26, 2020

This is the fifth and final part of the IoT unravelled blog series. Part 1 was all about what a mess the IoT landscape is, but then there's Home Assistant to unify it all. In part 2 I delved into networking bits and pieces, namely IP addresses, my Ubiquiti UniFi gear and Zigbee. Part 3 was all about security and how that's all a bit of a mess too, particularly as it relates to firmware patching and device isolation on networks.

IoT 353

IoT Firmware Technology 353

Schneier on Security

NOVEMBER 23, 2020

Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it had finally been achieved, based on a recently published paper. I want to add some caveats to the discussion. Basically, obfuscation makes a computer program “unintelligible” by performing its functionality.

Encryption 253

Encryption 253

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Shostack

NOVEMBER 23, 2020

We get many things from whiteboards. One of those is a sense of impermanence – that the work on them is a work in progress. That it’s a sketch, rather than a final product. And I missed whiteboards, so working with my partners at Agile Stationery, we created not only whiteboards, but also stencils to help you neaten up your threat models as you iterate through them.

Engineering 130

Engineering 130

Tech Republic Security

NOVEMBER 23, 2020

The Android apps promised Minecraft modifications but instead delivered intrusive ads aimed at kids and teenagers, says Kaspersky.

189

189

Troy Hunt

NOVEMBER 25, 2020

The first few parts of this series have all been somewhat technical in nature; part 1 was how much of a mess the IoT ecosystem is and how Home Assistant aims to unify it all, part 2 got into the networking layer with both Wi-Fi and Zigbee and in part 3 , I delved into security. Now let's tackle something really tricky - humans. I love the idea of automating stuff in the home, but I love the idea of a usable home even more.

IoT 340

IoT Firmware Media Marketing 340

Schneier on Security

NOVEMBER 25, 2020

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine.

Cybersecurity 231

Cybersecurity 231

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

NOVEMBER 23, 2020

The U.S. FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware 145

Ransomware Encryption VPN Backups 145

Tech Republic Security

NOVEMBER 25, 2020

Tech companies are offering this emerging technology to help financial institutions secure data while it is being processed.

Banking 183

Banking Technology 183

Troy Hunt

NOVEMBER 23, 2020

In part 1 , I deliberately kept everything really high level because frankly, I didn't want to scare people off. I'm not ashamed to say that the process of getting even the basics working absolutely did my head in as I waded through a sea of unfamiliar technologies, protocols and acronyms. I wish I'd had just the fundamentals down pat before going deeper and that was my intention with the first part of the series.

Firmware 336

Firmware IoT Wireless Manufacturing 336

Dark Reading

NOVEMBER 24, 2020

As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.

Backups 145

Backups Ransomware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

NOVEMBER 26, 2020

US Fertility, the largest network of fertility centers in the U.S., discloses a ransomware attack that took place in September 2020. US Fertility , the largest network of fertility centers in the U.S., revealed that a ransomware attack hit its systems in September 2020. The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its clinics with 130,000 babies have been born. “On September 14, 2020, USF experienced

Ransomware 145

Ransomware Data breaches Encryption Malware 145

Tech Republic Security

NOVEMBER 26, 2020

As you plan your big data strategy for next year, keep these seven goals in mind.

Big data 216

Big data 216

SecureWorld News

NOVEMBER 24, 2020

Do two wrongs make a right? Newly revealed court documents show us the math on that idea still does not add up. This case involves three players. Two of them are charged with being dirty cops who demanded bribes in certain situations. The other person is Thomas Moyer, Apple's Global Head of Security and former Chief Compliance Officer. He is accused of going along with bribery demands made by the officers to get what he needed.

131

131

We Live Security

NOVEMBER 26, 2020

Here’s what to know about attacks where a fraudster has your number, literally and otherwise. The post SIM swap scam: What it is and how to protect yourself appeared first on WeLiveSecurity.

Scams 128

Scams 128

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

NOVEMBER 24, 2020

2FA bypass discovered in web hosting software cPanel. More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel , a popular software suite that facilitates the management of a web hosting server.

Hacking 144

Hacking Authentication Accountability Software 144

Tech Republic Security

NOVEMBER 24, 2020

Capturing the phone's IMSI number and MAC address, the leaked data could have made users trackable, potentially over their lifetimes, says Palo Alto Networks.

155

155

WIRED Threat Level

NOVEMBER 23, 2020

The company is rolling out a patch today for the vulnerabilities, which allowed one researcher to break into one in 90 seconds and drive away.

Hacking 145

Hacking 145

Trend Micro

NOVEMBER 26, 2020

We recently discovered a new backdoor we believe to be related to the OceanLotus group. Some of the updates of this new variant include new behavior and domain names.

Malware 128

Malware 128

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

NOVEMBER 22, 2020

A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs. A threat actor, who goes online with the moniker “pumpedkicks,” has leaked online a list of exploits that could be exploited to steal VPN credentials from almost 50,000 Fortinet VPN devices. Researchers from Bank Security first reported the availability of the list of 49,577 IPs vulnerable to Fortinet SSL VPN CVE-2018-13379.

VPN 144

VPN Banking Government Hacking 144

Tech Republic Security

NOVEMBER 24, 2020

If you're looking for the best Android VPN, Jack Wallen thinks Google's take on the service might be the perfect fit for those wanting both performance and security.

VPN 147

VPN 147

CompTIA on Cybersecurity

NOVEMBER 23, 2020

Everyone should be prepared for a cyberattack. Developing an incident response plan and running a war gaming exercise gives employees the tools they need to respond quickly, mitigate the situation and return to business as usual.

124

124

Javvad Malik

NOVEMBER 27, 2020

I saw Cygenta posted their top 5 blogs of the year on Twitter and thought that it was a wonderful idea to rip off / borrow / be inspired by. So, I proudly present, my top 5 read blogs during the course of 2020. From my blog that is. I’ve written many other articles on other sites this year, and I’m sure some of them have been read more. Anyhow – on to the list. 5: Writing better risk statements Do you struggle to articulate security risks?

InfoSec 100

InfoSec CISO Risk 100

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity