Schneier on Security

FEBRUARY 13, 2021

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the m

Surveillance 363

Surveillance Internet Internet Government 363

Lohrman on Security

FEBRUARY 14, 2021

361

361

Troy Hunt

FEBRUARY 16, 2021

As I progressively make my house smarter and smarter , I find I keep butting against the intersection of where smart stuff meets dump stuff. Take light globes, for example, the simplest circuit you can imagine. Pass a current through it, light goes on. Kill the current, light goes off. We worked that out back in the 19th century and everything was fine. until now.

IoT 357

IoT 357

Krebs on Security

FEBRUARY 15, 2021

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.

Retail 347

Retail Accountability Banking Risk 347

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

FEBRUARY 15, 2021

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside. The interaction plays out almost exactly like it did in the department — when Devermont starts asking questions, Fair turns on the music.

Media 359

Media Accountability Hacking 359

Adam Shostack

FEBRUARY 15, 2021

Abhay Bhargav has a really excellent post on Better OKRs for Security through Effective Threat Modeling. I really like how he doesn’t complain about the communication issues between security and management, but offers up a concrete suggestion for improvement. Key quote: “Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program.” I like the post so much

239

239

Krebs on Security

FEBRUARY 19, 2021

The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.

Banking 302

Banking Accountability Cybercrime Mobile 302

Schneier on Security

FEBRUARY 17, 2021

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.). Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less track

VPN 358

VPN 358

Tech Republic Security

FEBRUARY 19, 2021

Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.

Phishing 213

Phishing 213

The Last Watchdog

FEBRUARY 15, 2021

Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so. In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention.

Education 203

Education CISO Security Awareness Cybersecurity 203

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

FEBRUARY 19, 2021

I seem to have spread myself across a whole heap of different things this week which is fine (it's all stuff I love doing), but it has made for rather a "varied" video. I'm talking (somewhat vaguely) about the book I'm working on, how Facebook has nuked all news in Australia (which somehow means I can't even post a link to this blog post there), yet more data breaches, the awesome Prusa 3D printer I now have up and running and a whole heap more about the IoT things I've been doing.

Password Management 185

Password Management IoT Data breaches Passwords 185

Schneier on Security

FEBRUARY 15, 2021

At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild.

Technology 339

Technology Hacking Software 339

Tech Republic Security

FEBRUARY 16, 2021

Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.

Risk 203

Risk DDOS Cybersecurity 203

Zero Day

FEBRUARY 19, 2021

DNS leak leaves footprints in DNS server logs for a Brave user's Tor traffic.

DNS 145

DNS 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

FEBRUARY 19, 2021

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card.

Hacking 145

Hacking Cybersecurity 145

Schneier on Security

FEBRUARY 16, 2021

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner. It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. But a December 2020 update included some new features: However, a rash of malicious activity was recently traced back to the app. Users began noticing something weird going on with their phones: their default browsers kept getting hijacked and redirected to random advertisements,

Advertising 302

Advertising Malware 302

Tech Republic Security

FEBRUARY 19, 2021

A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer.

Ransomware 201

Ransomware 201

Zero Day

FEBRUARY 18, 2021

Microsoft says it has completed its investigation into its SolarWinds-related breach.

145

145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, its name comes from the name of a Linux daemon called watchdogd.

Cryptocurrency 145

Cryptocurrency Hacking Accountability Software 145

Schneier on Security

FEBRUARY 19, 2021

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of Linux. Most devices are still powered with a 2.6 Linux kernel, which is no longer maintained for many years.

Firmware 292

Firmware Software Engineering Internet 292

Tech Republic Security

FEBRUARY 19, 2021

According to Forrester, ZTE will be most helpful with securing and enabling remote workers while removing the difficult user VPNs.

200

200

Bleeping Computer

FEBRUARY 17, 2021

Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data. [.].

Ransomware 145

Ransomware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

FEBRUARY 17, 2021

The audio-chat app Clubhouse is the latest rage in the social media landscape. What makes it so popular and, now it’s part of the social media landscape, can we trust it? The Clubhouse app. Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It is different from other social media in that it focuses on the spoken word.

Media 145

Media Internet Internet Data privacy 145

Schneier on Security

FEBRUARY 15, 2021

The US Cyber Command has released a series of ten Valentine’s Day “Cryptography Challenge Puzzles.” Slashdot thread. Reddit thread. (And here’s the archived link, in case Cyber Command takes the page down.).

281

281

Tech Republic Security

FEBRUARY 18, 2021

In a webinar Wednesday, former US Homeland Security director Christopher Krebs also suggested organizations have COVID workforce coordinators and that cloud mail providers activate MFA by default.

Cybersecurity 200

Cybersecurity 200

Zero Day

FEBRUARY 18, 2021

WatchDog botnet uses exploits to take over servers and mine cryptocurrency.

Cryptocurrency 145

Cryptocurrency 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

FEBRUARY 15, 2021

Phishing attacks rose 220 per cent during the height of the Covid-19 pandemic compared to the yearly average -Gulf Business Continue reading. The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Kratikal Blog. The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Security Boulevard.

Phishing 145

Phishing Cyber threats 145

Schneier on Security

FEBRUARY 18, 2021

The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers.

Information Security 277

Information Security 277

Tech Republic Security

FEBRUARY 17, 2021

Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.

199

199

Zero Day

FEBRUARY 15, 2021

Most cryptocurrency money laundering is concentrated in a few online services, opening the door for law enforcement actions.

Cryptocurrency 145

Cryptocurrency 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity