Schneier on Security

FEBRUARY 13, 2021

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the m

Surveillance 362

Surveillance Internet Internet Government 362

Troy Hunt

FEBRUARY 16, 2021

As I progressively make my house smarter and smarter , I find I keep butting against the intersection of where smart stuff meets dump stuff. Take light globes, for example, the simplest circuit you can imagine. Pass a current through it, light goes on. Kill the current, light goes off. We worked that out back in the 19th century and everything was fine. until now.

IoT 350

IoT 350

Krebs on Security

FEBRUARY 15, 2021

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.

Retail 336

Retail Accountability Banking Risk 336

Tech Republic Security

FEBRUARY 18, 2021

In a webinar Wednesday, former US Homeland Security director Christopher Krebs also suggested organizations have COVID workforce coordinators and that cloud mail providers activate MFA by default.

Cybersecurity 189

Cybersecurity 189

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

FEBRUARY 15, 2021

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside. The interaction plays out almost exactly like it did in the department — when Devermont starts asking questions, Fair turns on the music.

Media 356

Media Accountability Hacking 356

Lohrman on Security

FEBRUARY 14, 2021

361

361

Tech Republic Security

FEBRUARY 17, 2021

Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.

189

189

Schneier on Security

FEBRUARY 17, 2021

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.). Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less track

VPN 354

VPN 354

Security Boulevard

FEBRUARY 15, 2021

Phishing attacks rose 220 per cent during the height of the Covid-19 pandemic compared to the yearly average -Gulf Business Continue reading. The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Kratikal Blog. The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Security Boulevard.

Phishing 145

Phishing Cyber threats 145

Trend Micro

FEBRUARY 14, 2021

We discovered vulnerabilities in the SHAREit application. The vulns can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.

Cyber threats 145

Cyber threats Mobile 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

FEBRUARY 19, 2021

Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.

Phishing 208

Phishing 208

Schneier on Security

FEBRUARY 15, 2021

At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild.

Technology 328

Technology Hacking Software 328

Security Boulevard

FEBRUARY 15, 2021

In January 2020, no one could have predicted how unpredictable the coming year would be. But despite the seismic changes to the way we work, the biggest network security threats to organizations were mostly the same old threats we’ve been facing for the past five years. Yet even the largest enterprises with the most advanced, The post Network Security: 5 Fundamentals for 2021 appeared first on Security Boulevard.

Network Security 145

Network Security Cybersecurity 145

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, its name comes from the name of a Linux daemon called watchdogd.

Cryptocurrency 145

Cryptocurrency Hacking Accountability Software 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 17, 2021

Information protection makes sure that only people with permissions see data in Power BI, while retaining the ability to share top-level trends, balancing productivity and security.

170

170

Schneier on Security

FEBRUARY 19, 2021

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of Linux. Most devices are still powered with a 2.6 Linux kernel, which is no longer maintained for many years.

Firmware 285

Firmware Software Engineering Internet 285

Malwarebytes

FEBRUARY 17, 2021

The audio-chat app Clubhouse is the latest rage in the social media landscape. What makes it so popular and, now it’s part of the social media landscape, can we trust it? The Clubhouse app. Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It is different from other social media in that it focuses on the spoken word.

Media 144

Media Internet Internet Data privacy 144

Security Boulevard

FEBRUARY 19, 2021

If you are familiar with “The Flight Attendant,” you know it is a quirky murder mystery shown on HBOMax. Yet, hidden within the murder mystery is a subplot of espionage and intrigue reminiscent of any number of today’s real-life espionage cases involving corporations and nation-states. Teaching moments abound, and it’s worthy of approbation; the series.

Social Engineering 144

Social Engineering Engineering Security Awareness 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

FEBRUARY 16, 2021

Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.

Risk 193

Risk DDOS Cybersecurity 193

Schneier on Security

FEBRUARY 16, 2021

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner. It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. But a December 2020 update included some new features: However, a rash of malicious activity was recently traced back to the app. Users began noticing something weird going on with their phones: their default browsers kept getting hijacked and redirected to random advertisements,

Advertising 282

Advertising Malware 282

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes after the recent attacks on the Oldsmar water treatment plant’s network where attackers tried to raise levels of sodium hydroxid

Passwords 145

Passwords Social Engineering Software System Administration 145

CyberSecurity Insiders

FEBRUARY 16, 2021

Pfizer company that has produced a life saving vaccine to counter the spread of Corona Virus is back in news. The intelligence committee, funded by South Korea’s National Assembly, has revealed that a cyber attack launched on Pfizer at the end of last year was launched by North Korean hackers to steal the intelligence of vaccine research that was co-sponsored by BioNTech.

Cyber Attacks 144

Cyber Attacks Insurance Backups Encryption 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

FEBRUARY 19, 2021

The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Here are tips on how businesses can try to thwart cybercrime.

Cybercrime 161

Cybercrime Security Defenses Cyber Attacks 161

Schneier on Security

FEBRUARY 15, 2021

The US Cyber Command has released a series of ten Valentine’s Day “Cryptography Challenge Puzzles.” Slashdot thread. Reddit thread. (And here’s the archived link, in case Cyber Command takes the page down.).

271

271

SecureList

FEBRUARY 15, 2021

Figures of the year. In 2020: The share of spam in email traffic amounted to 50.37%, down by 6.14 p.p. from 2019. Most spam (21.27%) originated in Russia. Kaspersky solutions detected a total of 184,435,643 malicious attachments. The email antivirus was triggered most frequently by email messages containing members of the Trojan.Win32.Agentb malware family.

Phishing 144

Phishing Malware Accountability Scams 144

CyberSecurity Insiders

FEBRUARY 16, 2021

An Interview with Joe Green, Netskope. Key takeaways. There are risks associated with a remote workforce and the at-home use of business devices and IoT devices, but the right tools are available now to continuously manage these risks. There is an ongoing increase in cloud-delivered malware, and more data loss via cloud file sharing, hosting, and email.

Cybersecurity 143

Cybersecurity IoT Malware Risk 143

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

FEBRUARY 19, 2021

According to Forrester, ZTE will be most helpful with securing and enabling remote workers while removing the difficult user VPNs.

188

188

Schneier on Security

FEBRUARY 18, 2021

The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers.

Information Security 271

Information Security 271

We Live Security

FEBRUARY 16, 2021

The vaccination push provides a vital shot in the arm for the world’s battle against the pandemic, but it's also a topic ripe for exploitation by fraudsters and purveyors of misinformation. The post Beware of COVID‑19 vaccine scams and misinformation appeared first on WeLiveSecurity.

Scams 143

Scams 143

CyberSecurity Insiders

FEBRUARY 15, 2021

Rapid cloud transformation, accelerated by the shift to work-from-anywhere environments throughout 2020, has accelerated the pace of change in nearly every industry. Security teams have been asked to do more with less, securing more cloud assets and workloads than ever before, while adapting to entirely new infrastructures and threat landscapes. They don’t have the time or resources needed to conduct lengthy evaluations for unified cloud security platforms, but they’ve found their existing tools

CISO 143

CISO Marketing Government Cybersecurity 143

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity