Troy Hunt

APRIL 16, 2020

Hot on the heels of onboarding the USA government to Have I Been Pwned last month , I'm very happy to welcome another national government - Iceland! As of today, Iceland's National Computer Security Incident Response Team ( CERT-IS ), now has access to the full gamut of their gov domains for both on-demand querying and ongoing monitoring. As with the USA and Iceland, I expect to continue onboarding additional governments over the course of 2020 and expanding their access to meaningful data about

Government 333

Government 333

Krebs on Security

APRIL 15, 2020

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it’s helping hospitals avoid becoming the next ransomware victim or kneecapping new COVID-19-themed scam websites, these nascent partnerships may well end up saving lives.

Cybersecurity 307

Cybersecurity Cyber threats Government Phishing 307

The Last Watchdog

APRIL 16, 2020

Ransomware continues to endure as a highly lucrative criminal enterprise. Ransomware hacking groups extorted at least $144.35 million from U.S. organizations between January 2013 and July 2019. That’s the precise figure recently disclosed by the FBI — the true damage is almost certainly a lot steeper, given only a portion of cyber crimes ever get reported to law enforcement.

Ransomware 276

Ransomware Authentication Hacking Manufacturing 276

Schneier on Security

APRIL 13, 2020

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy protections; they're well thought out. I was going to write a long essay about the security and privacy concerns, but Ross Anderson beat me to it.

363

363

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Levin

APRIL 13, 2020

Researchers at the cybersecurity firm Sucuri have uncovered a new set of e-skimming attacks targeting websites using the WordPress WooCommerce e-commerce plugin. E-skimming attacks typically use injected code on websites to intercept customer data as it is being entered by customers. This allows hackers to bypass otherwise secure encryption and steal credit card and personal information. .

Malware 244

Malware Marketing Encryption Cybersecurity 244

Krebs on Security

APRIL 16, 2020

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic.

Cyber threats 290

Cyber threats Phishing Data collection Government 290

Schneier on Security

APRIL 14, 2020

Originally, ransomware didn't involve any data theft. Malware would encrypt the data on your computer, and demand a ransom for the encryption key. Now ransomware is increasingly involving both encryption and exfiltration. Brian Krebs wrote about this in December. It's a further incentive for the victims to pay. Recently, the aerospace company Visser Precision was hit by the DoppelPaymer ransomware.

Ransomware 311

Ransomware Encryption Malware 311

Troy Hunt

APRIL 16, 2020

Spiders! Ok, not your normal start to a weekly update but yeah, we had a bit of an infestation this week which did take the mind of other current events for a while. Much of what's happened beyond that this week has resulted in various tweet storms; the Zoom credential stuffing situation, the Coronavirus tracking app (holy cow that has some "robust" debate around it) and the (seemingly endless) thread of progress as I build up my Ubiquiti network.

Data breaches 199

Data breaches Government Media Passwords 199

Krebs on Security

APRIL 14, 2020

Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.

Backups 274

Backups Software Internet Internet 274

Adam Levin

APRIL 15, 2020

The Covid-19 pandemic created an opportunity for hackers to target the newly remote workforce. Hospitals have been targeted by ransomware (despite initial assurances to the contrary), phishing scams are using pandemic-related scare tactics, and video conferencing apps have become the new go-to for everything from domain-spoofing attacks to zoombombing.

Phishing 195

Phishing Risk Malware Firewall 195

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

APRIL 16, 2020

This one isn't even related to contact tracing: On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal information through telehealth medi

Government 278

Government 278

Tech Republic Security

APRIL 17, 2020

Zoom has become a household name because lots of people are working from home and using the video conferencing software. Here is your guide to Zoom basics, including its security vulnerabilities.

Software 217

Software 217

Daniel Miessler

APRIL 16, 2020

I’ve been thinking a lot about this Zoom situation. It’s fascinating to me that millions are using it as a lifeboat to humanity while others label it a threat. Throughout the media you have people substituting their in-person events with virtual ones, and they all seem to be using Zoom. John Krasinski gave this medium a pulse when he had the entire cast of Hamilton perform together for a little girl.

Internet 190

Internet Internet Risk InfoSec 190

Adam Levin

APRIL 17, 2020

Two critical zero-day exploits for the Zoom video conferencing platform just hit the market. The alleged exploits take advantage of vulnerabilities in Zoom’s Windows and MacOS applications, allowing hackers to spy on calls, and in some cases, take control of Windows machines. Zero-day exploits are vulnerabilities that are discovered by hackers before they can be identified and patched by software companies, and often fetch a high price on the dark web.

Marketing 173

Marketing Encryption Software Technology 173

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

APRIL 17, 2020

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them : GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. The status of various efforts is simply unknown because no one has tracked their progress.

Education 276

Education Accountability Cybersecurity Software 276

Tech Republic Security

APRIL 16, 2020

Cybercriminals are threatening not only to hold sensitive data hostage but also to release it publicly unless the ransom is paid, says cyber threat intelligence provider Check Point Research.

Cyber threats 202

Cyber threats Ransomware 202

Scary Beasts Security

APRIL 13, 2020

6-5-0-who? The 6502 is an iconic processor that dominated home computing in the late 70s and early to mid 80s. It was used in machines ranging from the Apple II to the Atari 2600 to the Commodore 64 to the Nintendo Entertainment System. In pop culture, it powered Bender , not to mention the Terminator ! It often clocked at a modest 1MHz, with faster variants available.

Software 181

Software Accountability Architecture Engineering 181

Daniel Miessler

APRIL 14, 2020

THIS WEEK’S TOPICS: Thunderbolt Attack, Celebrity Ransomware, ClearView Government, Blackhat DEFCON Virtual, War Thunder, 5G Bio Attacks, PC Game Cheating, Zoom Keybase, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.

Government 130

Government Technology Ransomware Information Security 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

APRIL 14, 2020

This is a current list of where and when I am scheduled to speak: I'm being interviewed on " Hacking in the Public Interest " as part of the Black Hat Webcast Series, on Thursday, April 16, 2020 at 2:00 PM EDT. The list is maintained on this page.

Hacking 229

Hacking 229

Tech Republic Security

APRIL 13, 2020

The Internet Security Forum predicts the coming threats with a very good track record so far. Get your company ready for these threats.

IoT 197

IoT Internet Internet 197

The Last Watchdog

APRIL 14, 2020

In one sense, digital transformation is all about machines. Related: Authenticating IoT devices Physical machines, like driverless vehicles and smart buildings; but, even more so, virtual machines. I’m referring to the snippets of “ microservice ” coding placed inside of modular software “ containers ” that get mixed and matched in “ storage buckets ,” and then processed in “ serverless computers ” residing in the Internet cloud.

Digital transformation 138

Digital transformation Passwords Retail Software 138

Security Affairs

APRIL 13, 2020

Zoom accounts are flooding the dark web, over 500 hundred thousand Zoom accounts are being sold on hacker forums. Over 500 hundred thousand Zoom accounts are available for sale on the dark web and hacker forums. Sellers are advertising them for.0020 cents each, in some cases they are offered for free. The huge trove of account credentials was not stolen by Zoom, instead, it appears the result of credential stuffing attacks that leverage records from third-party data breaches.

Accountability 145

Accountability Passwords Advertising Phishing 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

APRIL 14, 2020

New research found that almost half of companies had malware on their corporate-associated home networks - in comparison to malware being found on only 13 percent of corporate networks.

Malware 129

Malware Risk 129

Tech Republic Security

APRIL 14, 2020

One tech company is harnessing artificial intelligence, thermal imaging, and real-time surveillance data to mitigate the spread of the coronavirus. However, serious privacy questions remain.

Surveillance 160

Surveillance Artificial Intelligence 160

WIRED Threat Level

APRIL 14, 2020

Five years ago, the Department of Defense set dozens of security hygiene goals. A new report finds that it has abandoned or lost track of most of them.

Cybersecurity 132

Cybersecurity 132

Security Affairs

APRIL 12, 2020

Security researchers discovered an archive available on a dark web forum that includes thousands of compromised Zoom credentials. Researchers discovered a database available on an underground forum in the dark web that contained more than 2,300 compromised Zoom credentials. Some of the records also included meeting IDs, names and host keys. The archive included credentials for Zoom accounts belonging to organizations in various industries, including banking, consultancy, healthcare software comp

Healthcare 145

Healthcare Phishing Accountability Banking 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

APRIL 14, 2020

The popular video-sharing apps’s use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.

Media 128

Media Mobile Hacking 128

Tech Republic Security

APRIL 15, 2020

Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave.

Scams 147

Scams 147

Dark Reading

APRIL 15, 2020

With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?

InfoSec 112

InfoSec 112

Security Affairs

APRIL 14, 2020

Quidd , an online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019. Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sour

Accountability 145

Accountability Hacking Data breaches Passwords 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity