Sat.Oct 10, 2020 - Fri.Oct 16, 2020

article thumbnail

Breach at Dickey’s BBQ Smokes 3M Cards

Krebs on Security

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country. An ad on the popular carding site Joker’s Stash for “BlazingSun,” which fraud experts have traced back to a card breach at Dickey’s BBQ.

article thumbnail

Hacking Apple for Profit

Schneier on Security

Five researchers hacked Apple Computer’s networks — not their products — and found fifty-five vulnerabilities. So far, they have received $289K. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone’s iCloud account and then do the same to the victim’s contacts.

Hacking 362
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Customised Ubiquiti Clients and Randomised MAC Addresses on Apple Devices

Troy Hunt

You know how some people are what you'd call "house proud" in that they like everything very neat and organised? You walk in there and everything is in its place, nice and clean without clutter. I'm what you'd call "network proud" and the same principle applies to how I manage my IP things: That's just a slice of my Ubiquiti network map which presently has 91 IP addresses on it between clients and network devices.

IoT 355
article thumbnail

Barnes & Noble Experiences Major Data Breach

Adam Levin

Barnes & Noble has confirmed a data breach following a cyberattack that took many of their services offline. . The bookseller sent an email to customers notifying them that their personal information had been exposed, but that their financial information had not been compromised. . “While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if yo

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Krebs on Security

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot , a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks.

article thumbnail

Google Responds to Warrants for “About” Searches

Schneier on Security

One of the things we learned from the Snowden documents is that the NSA conducts “about” searches. That is, searches based on activities and not identifiers. A normal search would be on a name, or IP address, or phone number. An about search would something like “show me anyone that has used this particular name in a communications,” or “show me anyone who was at this particular location within this time frame.” These searches are legal when conducted for the

More Trending

article thumbnail

Weekly Update 213

Troy Hunt

The week's update comes on the back of a very long week for me, but it's good to be "out there" speaking at events even if they are just from the comfort of my own home. There's also more adventures in IoT, Chrome's experiment with URL paths in their omnibox and Apple messing around with MAC addresses on my phone and watch. Oh - and I did manage to track down what my favourite Norwegian beer is following a question from the audience: I was asked about my favourite Norwegian beer during my live s

Wireless 188
article thumbnail

Microsoft Patch Tuesday, October 2020 Edition

Krebs on Security

It’s Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it’s once again time to backup and patch up. Eleven of the vulnerabilities earned Microsoft’s most-dire “critical” rating, which means bad guys or malware could use them to gain

Backups 342
article thumbnail

2020 Workshop on Economics of Information Security

Schneier on Security

The Workshop on Economics of Information Security will be online this year. Register here.

article thumbnail

How to improve the cybersecurity of your remote workers

Tech Republic Security

Cyberattacks against businesses have spiked since the shift to remote work began in early 2020, says Keeper Security.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft Targets Trickbot Botnet

Adam Levin

Microsoft has stepped up its efforts to disrupt the Trickbot malware botnet after receiving permission to take on its network infrastructure. Citing concerns of potential activity to disrupt the upcoming elections, Microsoft was granted approval from the U.S. District Court for the Eastern District of Virginia to disable online servers connected to the botnet. .

article thumbnail

Fancy Bear Imposters Are on a Hacking Extortion Spree

WIRED Threat Level

Nice looking website you've got there. It'd be a shame if someone DDoS'd it.

Hacking 145
article thumbnail

US Cyber Command and Microsoft Are Both Disrupting TrickBot

Schneier on Security

Earlier this month, we learned that someone is disrupting the TrickBot botnet network. Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

article thumbnail

How to recover deleted files in Linux with testdisk

Tech Republic Security

If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.

208
208
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google researcher found BleedingTooth flaws in Linux Bluetooth

Security Affairs

Google security researcher discovered Bluetooth vulnerabilities (BleedingTooth) in the Linux kernel that could allow zero-click attacks. Andy Nguyen, a Google security researcher, has found Bluetooth vulnerabilities, referred to as BleedingTooth, in the Linux kernel that could be exploited by attackers to run arbitrary code or access sensitive information.

article thumbnail

REMnux Tools List for Malware Analysis

Lenny Zeltser

REMnux ® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro? To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. Each grouping, which you’ll find in the Discover the Tools section of the documentation site, represents the type of actions the analysts might need to take: Exa

Malware 145
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’ll be speaking at Cyber Week Online , October 19-21, 2020. I’ll be speaking at the IEEE Symposium on Technology and Society virtual conference, November 12-15, 2020. I’ll be keynoting the 2020 Conference on Cyber Norms on November 12, 2020. I’m speaking at the (ISC)² Security Congress 2020 , November 16, 2020.

article thumbnail

IoT security: University creates new labels for devices to increase awareness for consumers

Tech Republic Security

What if you could compare security on IoT devices, similar to nutrition labels, before you buy them? One organization is trying to make that happen.

IoT 207
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The British government aims at improving its offensive cyber capability

Security Affairs

Britain’s most senior cyber general declared that the UK has implemented an advanced offensive cyberwar capability that could destroy its enemies. Gen Sir Patrick Sanders, the UK’s strategic command chief, announced that that the UK has implemented an advanced offensive cyberwar capability that could potentially “degrade, disrupt and destroy” the critical infrastructure of its adversaries.

article thumbnail

The Man Who Speaks Softly—and Commands a Big Cyber Army

WIRED Threat Level

Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing.

145
145
article thumbnail

The CompTIA Cybersecurity Career Pathway (2020 Refresh): Employable Skills Found Here

CompTIA on Cybersecurity

With the increase in cyberattacks and the number of new connected devices, the need for skilled cybersecurity professionals is growing at a rapid pace. The CompTIA Cybersecurity Career Pathway can help you get into cybersecurity.

article thumbnail

Windows 10: Microsoft's key new security feature helps to protect your information

Tech Republic Security

Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.

203
203
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint security alert to warn of attackers combining VPN and Windows Zerologon flaws to target government networks.

VPN 145
article thumbnail

Split-Second ‘Phantom’ Images Can Fool Tesla’s Autopilot

WIRED Threat Level

Researchers found they could stop a Tesla by flashing a few frames of a stop sign for less than half a second on an internet-connected billboard.

Internet 144
article thumbnail

An Uncommon 20 Years of Commonly Enumerating Vulns

Dark Reading

Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).

131
131
article thumbnail

Professor creates cybersecurity camp to inspire girls to choose STEM careers

Tech Republic Security

Teaching via Zoom has had some unexpected benefits, college professor says, though robotics class is still a challenge. Her real passion is inspiring young women and girls to go into computer science.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

The US DHS’s Homeland Threat Assessment (HTA) report revealed that threat actors have targeted the US Census network during the last year. The US Department of Homeland Security revealed that unknown threat actors have targeted the network of the US Census Bureau during the last year. The attacks were reported in the first Homeland Threat Assessment (HTA) report released earlier this week.

article thumbnail

Internet Freedom Has Taken a Hit During the Covid-19 Pandemic

WIRED Threat Level

From arrests to surveillance, governments are using the novel coronavirus as cover for a crackdown on digital liberty.

Internet 137
article thumbnail

Software AG Data Released After Clop Ransomware Strike – Report

Threatpost

The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.

Software 126
article thumbnail

Barnes & Noble restores Nook services after notifying customers about cyberattack

Tech Republic Security

Analysts point to specific clues from the company's response that show it may have been a ransomware attack.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!