Krebs on Security

JULY 4, 2020

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States.

Accountability 305

Accountability Passwords Authentication Insurance 305

Troy Hunt

JULY 6, 2020

Last week, I received my 10th Microsoft Most Valuable Professional award. Being recognised as an MVP was a pivotal moment in my career and to continue receiving the award all these years later is an honour. Particularly given recent events that have made it exceptionally difficult to sustain community contributions , the recognition is particularly significant this year.

Media 269

Media 269

Adam Levin

JULY 7, 2020

A Russia-based hacking group is exploiting the current Covid-19 pandemic to target and compromise U.S. companies with multiple strains of malware, according to a new report. Cybersecurity firm Symantec released a warning that the Russian hacking group “Evil Corp” has been behind a widespread hacking campaign against over thirty U.S. organizations, including eight Fortune 500 companies.

Ransomware 261

Ransomware Hacking Malware Banking 261

Schneier on Security

JULY 9, 2020

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread.

290

290

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JULY 6, 2020

A low-quality batch of malicious tools can sell for as low as $70, while a premium set can go as high as $6,000, according to the security research site Privacy Affairs.

Malware 200

Malware 200

Troy Hunt

JULY 10, 2020

Wow! Loving that 4K camera ?? Or perhaps more specifically, just loving that camera and lens and I reckon it'll still be awesome in 1080p. But this week, I decided to go all out in super hi-def just to see how it looked. The captured video was 13.1GB but rendered down at 2.3GB out of Premiere so it's obviously applied some compression, but still looks amazing IMHO.

Authentication 180

Authentication 180

Schneier on Security

JULY 8, 2020

It is amazing that this sort of thing can still happen: the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long way to go to secure the IoT.

IoT 279

IoT Passwords Internet Internet 279

Tech Republic Security

JULY 6, 2020

The US National Security Agency has noticed a surge in cyberattacks targeting VPNs since the COVID-19 pandemic has forced more people to work from home.

VPN 192

VPN 192

Daniel Miessler

JULY 6, 2020

THIS WEEK’S TOPICS: Encrochat breach, F5 Big Problem, DHS Social Election Query, WastedLocker, India Bans Chinese Apps, Florida DNA Privacy, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —. If you get value from this content, you can support it directly by becoming a member.

Technology 130

Technology Information Security 130

Adam Levin

JULY 8, 2020

There is no overestimating the value of your company’s domain name. Whether you work for a big brand or run a mom-and-pop dot-com, the goal is easy navigation to your site. A prospective client or customer types your company name and their browser does the rest. What would happen if you typed in “Amazon,” the corresponding domain popped up, and you clicked, but instead of finding the world’s largest online retailer, you landed on a 1980s WarGames-themed page with a lau

Hacking 130

Hacking Retail Cyber Insurance Authentication 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

JULY 7, 2020

The BSA -- also known as the Software Alliance, formerly the Business Software Alliance -- is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things.". They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and international policies.

IoT 274

IoT Internet Internet Software 274

Tech Republic Security

JULY 8, 2020

The US Secret Service has warned organizations about a rise in hacks of MSPs and offers advice on how to beef up security.

Hacking 207

Hacking 207

Security Affairs

JULY 5, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about cyberattacks from the Tor network. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) is warning enterprises of cyberattacks launched from the Tor network. Threat actors leverage the Tor network to hide the real source of their attacks and avoid that their C2 infrastructure could be identified and shut down by.

Risk 145

Risk Hacking Cybersecurity Technology 145

Adam Shostack

JULY 7, 2020

The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. It’s an important and broad coalition to protect the ability of American companies to deliver security to their customers. I’m honored to be one of the signers.

Internet 100

Internet Internet Encryption 100

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JULY 10, 2020

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's management of distant-water fishing (DWF), and crucial for protecting the squid fishing industry.

272

272

Tech Republic Security

JULY 6, 2020

A new phishing campaign spotted by Abnormal Security attempts to trick people with a phony Twitter security notification.

Phishing 205

Phishing Accountability 205

Security Affairs

JULY 9, 2020

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data.

Engineering 145

Engineering Advertising Authentication Passwords 145

Threatpost

JULY 9, 2020

Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.

Adware 124

Adware Malware Government Wireless 124

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

JULY 6, 2020

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It's a good reminder to get your software from trustworthy sources, like developers whose code is "signed" by Apple to prove its legitimacy, or from Apple's App Store itself.

Ransomware 270

Ransomware Spyware Cryptocurrency Passwords 270

Tech Republic Security

JULY 9, 2020

In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.

Phishing 193

Phishing 193

Security Affairs

JULY 9, 2020

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the UMX U686CL phone was sold with pre-installed malware as part of the government-funded Lifeline Assistance program by Vi

Malware 145

Malware Wireless Mobile Advertising 145

Threatpost

JULY 10, 2020

Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.

Wireless 134

Wireless Internet Internet 134

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Schneier on Security

JULY 10, 2020

It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more. Stop by. And thank you for supporting EFF.

262

262

Tech Republic Security

JULY 7, 2020

The certification company will host prep sessions for the National Cyber League's cybersecurity competitions for individuals and teams.

Cybersecurity 186

Cybersecurity 186

Security Affairs

JULY 4, 2020

F5 Networks has published a security advisory warning customers to patch a critical flaw in BIG-IP product that is very likely to be exploited. F5 Networks has addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. “This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP managemen

Technology 133

Technology Banking Engineering Authentication 133

Dark Reading

JULY 6, 2020

Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.

IoT 106

IoT Internet Internet 106

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Schneier on Security

JULY 10, 2020

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and acquisitions; the group typically requests hundreds of thousands or even millions of dollars as part of its hus

Scams 245

Scams Accountability Authentication Phishing 245

Tech Republic Security

JULY 9, 2020

A new variant targeted Android users to subscribe them to premium services without their consent, according to Check Point Research.

Malware 186

Malware 186

Security Affairs

JULY 8, 2020

Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability. Unfortunately, threat actors in the wild were already using the bypass technique before its public disclosure.

Advertising 144

Advertising InfoSec Government Healthcare 144

Dark Reading

JULY 10, 2020

Devices out of sight for the past several months could spell trouble when employees bring them back to work.

136

136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity