Troy Hunt

APRIL 16, 2020

Hot on the heels of onboarding the USA government to Have I Been Pwned last month , I'm very happy to welcome another national government - Iceland! As of today, Iceland's National Computer Security Incident Response Team ( CERT-IS ), now has access to the full gamut of their gov domains for both on-demand querying and ongoing monitoring. As with the USA and Iceland, I expect to continue onboarding additional governments over the course of 2020 and expanding their access to meaningful data about

Government 334

Government 334

Krebs on Security

APRIL 15, 2020

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it’s helping hospitals avoid becoming the next ransomware victim or kneecapping new COVID-19-themed scam websites, these nascent partnerships may well end up saving lives.

Cybersecurity 310

Cybersecurity Cyber threats Government Phishing 310

Schneier on Security

APRIL 13, 2020

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy protections; they're well thought out. I was going to write a long essay about the security and privacy concerns, but Ross Anderson beat me to it.

279

279

The Last Watchdog

APRIL 16, 2020

Ransomware continues to endure as a highly lucrative criminal enterprise. Ransomware hacking groups extorted at least $144.35 million from U.S. organizations between January 2013 and July 2019. That’s the precise figure recently disclosed by the FBI — the true damage is almost certainly a lot steeper, given only a portion of cyber crimes ever get reported to law enforcement.

Ransomware 276

Ransomware Authentication Hacking Manufacturing 276

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Adam Levin

APRIL 13, 2020

Researchers at the cybersecurity firm Sucuri have uncovered a new set of e-skimming attacks targeting websites using the WordPress WooCommerce e-commerce plugin. E-skimming attacks typically use injected code on websites to intercept customer data as it is being entered by customers. This allows hackers to bypass otherwise secure encryption and steal credit card and personal information. .

Malware 244

Malware Marketing Encryption Cybersecurity 244

Krebs on Security

APRIL 16, 2020

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic.

Cyber threats 293

Cyber threats Phishing Data collection Government 293

Troy Hunt

APRIL 16, 2020

Spiders! Ok, not your normal start to a weekly update but yeah, we had a bit of an infestation this week which did take the mind of other current events for a while. Much of what's happened beyond that this week has resulted in various tweet storms; the Zoom credential stuffing situation, the Coronavirus tracking app (holy cow that has some "robust" debate around it) and the (seemingly endless) thread of progress as I build up my Ubiquiti network.

Data breaches 220

Data breaches Government Media Passwords 220

Tech Republic Security

APRIL 17, 2020

Zoom has become a household name because lots of people are working from home and using the video conferencing software. Here is your guide to Zoom basics, including its security vulnerabilities.

Software 218

Software 218

Krebs on Security

APRIL 14, 2020

Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.

Backups 284

Backups Software Internet Internet 284

Schneier on Security

APRIL 16, 2020

This one isn't even related to contact tracing: On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal information through telehealth medi

Government 218

Government 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

APRIL 13, 2020

We’ve come to rely on our smartphones to live out our digital lives, both professionally and personally. When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy. Reacting to the BYOD craze , mobile security frameworks have veered from one partially effective approach to the next over the past decade.

Mobile 205

Mobile Computers and Electronics Encryption Data privacy 205

Tech Republic Security

APRIL 16, 2020

Cybercriminals are threatening not only to hold sensitive data hostage but also to release it publicly unless the ransom is paid, says cyber threat intelligence provider Check Point Research.

Cyber threats 211

Cyber threats Ransomware 211

Adam Levin

APRIL 15, 2020

The Covid-19 pandemic created an opportunity for hackers to target the newly remote workforce. Hospitals have been targeted by ransomware (despite initial assurances to the contrary), phishing scams are using pandemic-related scare tactics, and video conferencing apps have become the new go-to for everything from domain-spoofing attacks to zoombombing.

Phishing 195

Phishing Risk Malware Firewall 195

Schneier on Security

APRIL 17, 2020

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them : GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. The status of various efforts is simply unknown because no one has tracked their progress.

Education 216

Education Accountability Cybersecurity Software 216

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Daniel Miessler

APRIL 16, 2020

I’ve been thinking a lot about this Zoom situation. It’s fascinating to me that millions are using it as a lifeboat to humanity while others label it a threat. Throughout the media you have people substituting their in-person events with virtual ones, and they all seem to be using Zoom. John Krasinski gave this medium a pulse when he had the entire cast of Hamilton perform together for a little girl.

Internet 190

Internet Internet Risk InfoSec 190

Tech Republic Security

APRIL 13, 2020

The Internet Security Forum predicts the coming threats with a very good track record so far. Get your company ready for these threats.

IoT 207

IoT Internet Internet 207

Scary Beasts Security

APRIL 13, 2020

6-5-0-who? The 6502 is an iconic processor that dominated home computing in the late 70s and early to mid 80s. It was used in machines ranging from the Apple II to the Atari 2600 to the Commodore 64 to the Nintendo Entertainment System. In pop culture, it powered Bender , not to mention the Terminator ! It often clocked at a modest 1MHz, with faster variants available.

Software 181

Software Accountability Architecture Engineering 181

Schneier on Security

APRIL 14, 2020

This is a current list of where and when I am scheduled to speak: I'm being interviewed on " Hacking in the Public Interest " as part of the Black Hat Webcast Series, on Thursday, April 16, 2020 at 2:00 PM EDT. The list is maintained on this page.

Hacking 189

Hacking 189

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Levin

APRIL 17, 2020

Two critical zero-day exploits for the Zoom video conferencing platform just hit the market. The alleged exploits take advantage of vulnerabilities in Zoom’s Windows and MacOS applications, allowing hackers to spy on calls, and in some cases, take control of Windows machines. Zero-day exploits are vulnerabilities that are discovered by hackers before they can be identified and patched by software companies, and often fetch a high price on the dark web.

Marketing 173

Marketing Encryption Software Technology 173

Tech Republic Security

APRIL 16, 2020

Why cell phones can hold the key to tracking future cases of COVID-19 with artificial intelligence.

Artificial Intelligence 183

Artificial Intelligence 183

Security Affairs

APRIL 16, 2020

Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker. The threat is not new, hackers are again attacking clients of Portuguese banking organizations via a specially crafted Android Trojan-Banker from phishing campaigns launched from Brazil. The last occurrence this line was recorded on March 13rd, 2020, where a similar Trojan-Banker was disseminated targeting other clients of different banking organizations.

Banking 145

Banking Authentication Phishing Mobile 145

WIRED Threat Level

APRIL 14, 2020

Five years ago, the Department of Defense set dozens of security hygiene goals. A new report finds that it has abandoned or lost track of most of them.

Cybersecurity 145

Cybersecurity 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

APRIL 17, 2020

A recent U.S. House Oversight Committee meeting was the latest victim of Zoom bombing, according to an internal letter.

Government 140

Government 140

Tech Republic Security

APRIL 14, 2020

One tech company is harnessing artificial intelligence, thermal imaging, and real-time surveillance data to mitigate the spread of the coronavirus. However, serious privacy questions remain.

Surveillance 165

Surveillance Artificial Intelligence 165

Security Affairs

APRIL 14, 2020

Consumer reports received since January 2020 revealed that that approximately $12 million were lost due to Coronavirus-related scams, FTC says. The U.S. Federal Trade Commission revealed that Coronavirus-related scams reported by consumers since January 2020 caused approximately $12 million losses. FTC received 16,778 reports of frauds, roughly 46.3% of fraud complaints also reporting a loss between January 1, 2020 – April 12, 2020 – “FTC has received more than 16K Coronavirus-

Scams 145

Scams Advertising Cybercrime Media 145

WIRED Threat Level

APRIL 12, 2020

Online tracking can often feel downright invasive. From using VPNs to clearing browser histories, we've got your back.

145

145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Last Watchdog

APRIL 14, 2020

In one sense, digital transformation is all about machines. Related: Authenticating IoT devices Physical machines, like driverless vehicles and smart buildings; but, even more so, virtual machines. I’m referring to the snippets of “ microservice ” coding placed inside of modular software “ containers ” that get mixed and matched in “ storage buckets ,” and then processed in “ serverless computers ” residing in the Internet cloud.

Digital transformation 138

Digital transformation Passwords Software Retail 138

Tech Republic Security

APRIL 17, 2020

Microsoft claims a machine learning models its built for software developers can distinguish between security and non-security bugs 99% of the time.

Software 154

Software 154

Security Affairs

APRIL 13, 2020

Zoom accounts are flooding the dark web, over 500 hundred thousand Zoom accounts are being sold on hacker forums. Over 500 hundred thousand Zoom accounts are available for sale on the dark web and hacker forums. Sellers are advertising them for.0020 cents each, in some cases they are offered for free. The huge trove of account credentials was not stolen by Zoom, instead, it appears the result of credential stuffing attacks that leverage records from third-party data breaches.

Accountability 145

Accountability Passwords Advertising Phishing 145

WIRED Threat Level

APRIL 17, 2020

“Is BGP Safe Yet” is a new site that names and shames internet service providers who don't tend to their routing. .

Internet 139

Internet Internet 139

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity