Joseph Steinberg

FEBRUARY 10, 2021

Criminals are impersonating attorneys and law firms as part of sophisticated versions of classic “Nigerian Prince” scams. Nigerian Prince scams (AKA “advance fee scams” or “419 scams”) involve criminals contacting people with fraudulent “news” of large amounts of money owed to the recipient (as an inheritance from a long lost distant relative, for assistance in performing some transaction, etc.) – and informing their would-be victims that the money will

Scams 363

Scams Artificial Intelligence Technology Banking 363

Schneier on Security

FEBRUARY 9, 2021

MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. “The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report sha

Software 363

Software 363

Krebs on Security

FEBRUARY 10, 2021

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect of the incident seems to be that we learned about it at all.

Hacking 360

Hacking Media Cybersecurity Ransomware 360

Lohrman on Security

FEBRUARY 7, 2021

348

348

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Joseph Steinberg

FEBRUARY 11, 2021

It seems like every day that I see social media posts in which people share photos of the official COVID-19 vaccine card that they have received after being vaccinated against the novel coronavirus that has inflicted tremendous suffering worldwide over the past year. While it is easy to understand why people are eager to celebrate their vaccinations, sharing photos of your physical vaccination card (in the USA, The CDC “COVID-19 Vaccination Record Card”) opens the door for multiple potential pro

Media 363

Media Artificial Intelligence Social Engineering Manufacturing 363

Schneier on Security

FEBRUARY 8, 2021

Hackers are exploiting zero-day in SonicWall: In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.” In Monday’s update, SonicWall representatives said the company’s engineering team confirmed that the submission by NCC Group included a “critical zero-day” in the SMA 100 s

Hacking 340

Hacking Engineering Cybersecurity 340

Adam Levin

FEBRUARY 8, 2021

An Android app with over 10 million installations spread malware to its users in a recent update. Barcode Scanner is an app available in the Google Play store for Android devices. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. The app has been a popular download among Android users for several years and before the most recent update had never engaged in questionable practices.

Mobile 303

Mobile Advertising Malware Risk 303

Joseph Steinberg

FEBRUARY 7, 2021

People living in many different areas of the USA are reporting receiving to their homes in recent days unexpected shipments of COVID-19 protection supplies – such as packs of surgical masks and face shields – products that they never ordered. While some folks who receive such items may feel lucky – protective gear can sometimes be difficult to find in local stores – these “gifts” appear to be part of a cyber-scam, sometimes known as “ brushing ,” about which you should be familiar.

Scams 363

Scams Artificial Intelligence Identity Theft Cybersecurity 363

Schneier on Security

FEBRUARY 10, 2021

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the company’s data, among last year’s top earners, there were groups like Ryuk, Maze (now-defunct), Doppelpaymer, Netwalker ( disrupted by authorities ), Conti, and REvil (aka Sodinokibi).

Ransomware 335

Ransomware Cryptocurrency 335

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.

Phishing 307

Phishing Scams Banking Mobile 307

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Javvad Malik

FEBRUARY 11, 2021

First off, happy new year! (Well if the tax man can start the new year in April, I can start it on Feb 11th!). Secondly, Infosecurity Magazine was ever so kind as to feature an interview with me in the Q1, 2021, Voume 18, Issue 1 edition. (the link should take you to the digital version if you’re so inclined). Of course, I won’t miss any opportunity to brag and blow my own trumpet.

245

245

Tech Republic Security

FEBRUARY 9, 2021

Local officials said someone took over their TeamViewer system and dangerously increased the levels of lye in the town's water.

218

218

Schneier on Security

FEBRUARY 12, 2021

Sonja Drummer describes (with photographs) two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second is for integrity: hashed lines written above and below a block of text ensure that no one can add additional text at a later date.

Authentication 326

Authentication 326

Joseph Steinberg

FEBRUARY 9, 2021

As I discussed last month, smaller businesses continue to suffer a disproportionate share of severe cyber-breaches , and a significant percentage of those organizations that are successfully penetrated go out-of-business within a year as a result. One significant contributing factor to the danger faced by smaller firms is that once they are large enough to operate their own infrastructure, their security teams and technologies often function primarily in a reactive mode, a problem caused, at lea

Firewall 164

Firewall Technology Artificial Intelligence Risk 164

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

FEBRUARY 12, 2021

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain.

System Administration 145

System Administration Data breaches Engineering Accountability 145

Tech Republic Security

FEBRUARY 9, 2021

All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.

Media 218

Media DDOS Internet Internet 218

Schneier on Security

FEBRUARY 12, 2021

A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.

Manufacturing 295

Manufacturing Firewall Media Passwords 295

Hot for Security

FEBRUARY 12, 2021

Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients Hackers bragged about the poor state of firm’s security. Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy ses

Data collection 145

Data collection Data breaches Ransomware 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Zero Day

FEBRUARY 12, 2021

The Russian company said the employee sold access to 4,887 user email accounts.

Accountability 145

Accountability 145

Tech Republic Security

FEBRUARY 12, 2021

Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?

Insurance 217

Insurance Cybersecurity 217

Schneier on Security

FEBRUARY 8, 2021

It seems to be the season of sophisticated supply-chain attacks. This one is in the NoxPlayer Android emulator : ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company’s official API (api.bignox.com) and file-hosting servers (res06.bignox.com). Using this access, hackers tampered with the download URL of NoxPlayer updates in the API server to deliver malware to NoxPlayer users. […].

Malware 247

Malware 247

Security Affairs

FEBRUARY 9, 2021

Adobe released security patches for 50 flaws affecting six products, including a zero-day flaw in Reader that has been exploited in the wild. Adobe has released security updates that address 50 vulnerabilities affecting its Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver products. Adobe fixed 23 CVEs in Adobe Reader , 17 of which have been rated as Critical.

Hacking 145

Hacking Software Information Security Malware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Zero Day

FEBRUARY 11, 2021

The Accellion FTA file transfer service has been at the heart of recent hacks at banks, telcos, and government organizations across the world.

Hacking 145

Hacking Banking Government 145

Tech Republic Security

FEBRUARY 8, 2021

A Comparitech report found that Japan and the UAE have the most expensive identities available on illicit marketplaces at an average price of $25.

217

217

CyberSecurity Insiders

FEBRUARY 9, 2021

Ensure the security of your organization’s sensitive data with this data loss prevention checklist, intended to help mitigate both internal and outsider threats. For companies worldwide, it has become essential to safeguard sensitive information such as Personally Identifiable Information (PII), Protected Health Information (PHI), and customer financial information.

Unstructured Data 145

Unstructured Data Risk Education Marketing 145

Graham Cluley

FEBRUARY 11, 2021

British police have arrested eight men in connection with a series of SIM-swapping attacks which saw criminals hijack the social media accounts of well-known figures and their families. Read more in my article on the Tripwire State of Security blog.

Media 145

Media Accountability Cryptocurrency Mobile 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Zero Day

FEBRUARY 9, 2021

New "dependency confusion" technique, also known as a "substitution attack," allows threat actors to sneak malicious code inside private code repositories by registering internal library names on public package indexes.

145

145

Tech Republic Security

FEBRUARY 8, 2021

The Global Risks Report highlights the onslaught of cyberattacks and a failure of governments to stop them.

Government 217

Government Cybersecurity Risk 217

Security Affairs

FEBRUARY 11, 2021

An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at the Rey Juan Carlos University in Madrid, he developed the AvaddonDecrypter utility that could be used by victims of the ransomware when their computers should not have

Ransomware 145

Ransomware Malware Encryption Hacking 145

Hot for Security

FEBRUARY 9, 2021

Ransomware gang Conti blamed for attack on Florida-based Leon Medical Center Malware delivered via a poisoned document mistakenly opened by staff member. The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.

Healthcare 145

Healthcare Ransomware Insurance Malware 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity