Joseph Steinberg

FEBRUARY 11, 2021

It seems like every day that I see social media posts in which people share photos of the official COVID-19 vaccine card that they have received after being vaccinated against the novel coronavirus that has inflicted tremendous suffering worldwide over the past year. While it is easy to understand why people are eager to celebrate their vaccinations, sharing photos of your physical vaccination card (in the USA, The CDC “COVID-19 Vaccination Record Card”) opens the door for multiple potential pro

Media 363

Media Artificial Intelligence Social Engineering Manufacturing 363

Schneier on Security

FEBRUARY 9, 2021

MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. “The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report sha

Software 362

Software 362

Krebs on Security

FEBRUARY 10, 2021

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect of the incident seems to be that we learned about it at all.

Hacking 356

Hacking Media Cybersecurity Ransomware 356

Adam Levin

FEBRUARY 8, 2021

An Android app with over 10 million installations spread malware to its users in a recent update. Barcode Scanner is an app available in the Google Play store for Android devices. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. The app has been a popular download among Android users for several years and before the most recent update had never engaged in questionable practices.

Mobile 303

Mobile Advertising Malware Risk 303

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Joseph Steinberg

FEBRUARY 10, 2021

Criminals are impersonating attorneys and law firms as part of sophisticated versions of classic “Nigerian Prince” scams. Nigerian Prince scams (AKA “advance fee scams” or “419 scams”) involve criminals contacting people with fraudulent “news” of large amounts of money owed to the recipient (as an inheritance from a long lost distant relative, for assistance in performing some transaction, etc.) – and informing their would-be victims that the money will

Scams 363

Scams Artificial Intelligence Technology Banking 363

Schneier on Security

FEBRUARY 8, 2021

Hackers are exploiting zero-day in SonicWall: In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.” In Monday’s update, SonicWall representatives said the company’s engineering team confirmed that the submission by NCC Group included a “critical zero-day” in the SMA 100 s

Hacking 325

Hacking Engineering Cybersecurity 325

Tech Republic Security

FEBRUARY 9, 2021

All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.

Media 216

Media DDOS Internet Internet 216

Joseph Steinberg

FEBRUARY 7, 2021

People living in many different areas of the USA are reporting receiving to their homes in recent days unexpected shipments of COVID-19 protection supplies – such as packs of surgical masks and face shields – products that they never ordered. While some folks who receive such items may feel lucky – protective gear can sometimes be difficult to find in local stores – these “gifts” appear to be part of a cyber-scam, sometimes known as “ brushing ,” about which you should be familiar.

Scams 363

Scams Artificial Intelligence Identity Theft Cybersecurity 363

Schneier on Security

FEBRUARY 10, 2021

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the company’s data, among last year’s top earners, there were groups like Ryuk, Maze (now-defunct), Doppelpaymer, Netwalker ( disrupted by authorities ), Conti, and REvil (aka Sodinokibi).

Ransomware 324

Ransomware Cryptocurrency 324

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.

Phishing 294

Phishing Scams Banking Mobile 294

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

FEBRUARY 11, 2021

When workers need to get things done in a dangerous locale, sometimes they have to be distant. This opens up plenty of cybersecurity hazards. We spoke with one expert about how to achieve that security.

Cyber Risk 210

Cyber Risk Risk Cybersecurity 210

Lohrman on Security

FEBRUARY 7, 2021

347

347

Schneier on Security

FEBRUARY 12, 2021

Sonja Drummer describes (with photographs) two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second is for integrity: hashed lines written above and below a block of text ensure that no one can add additional text at a later date.

Authentication 316

Authentication 316

The Hacker News

FEBRUARY 12, 2021

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain.

System Administration 145

System Administration Data breaches Engineering Accountability 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 8, 2021

A Comparitech report found that Japan and the UAE have the most expensive identities available on illicit marketplaces at an average price of $25.

215

215

Hot for Security

FEBRUARY 12, 2021

Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients Hackers bragged about the poor state of firm’s security. Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy ses

Data collection 145

Data collection Data breaches Ransomware 145

Schneier on Security

FEBRUARY 12, 2021

A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.

Manufacturing 288

Manufacturing Firewall Media Passwords 288

Graham Cluley

FEBRUARY 11, 2021

British police have arrested eight men in connection with a series of SIM-swapping attacks which saw criminals hijack the social media accounts of well-known figures and their families. Read more in my article on the Tripwire State of Security blog.

Media 145

Media Accountability Cryptocurrency Mobile 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

FEBRUARY 8, 2021

There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You'll need to issue a global policy.

194

194

Zero Day

FEBRUARY 9, 2021

New "dependency confusion" technique, also known as a "substitution attack," allows threat actors to sneak malicious code inside private code repositories by registering internal library names on public package indexes.

145

145

CyberSecurity Insiders

FEBRUARY 9, 2021

Ensure the security of your organization’s sensitive data with this data loss prevention checklist, intended to help mitigate both internal and outsider threats. For companies worldwide, it has become essential to safeguard sensitive information such as Personally Identifiable Information (PII), Protected Health Information (PHI), and customer financial information.

Unstructured Data 145

Unstructured Data Risk Education Marketing 145

Hot for Security

FEBRUARY 9, 2021

Ransomware gang Conti blamed for attack on Florida-based Leon Medical Center Malware delivered via a poisoned document mistakenly opened by staff member. The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.

Healthcare 145

Healthcare Ransomware Insurance Malware 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

FEBRUARY 7, 2021

Data loss is the number one result of a fruitful phishing campaign, but account compromises and ransomware attacks can threaten your organization as well, says Proofpoint.

Phishing 192

Phishing Accountability Ransomware 192

Graham Cluley

FEBRUARY 8, 2021

A remote hacker managed to gain access to computer systems at the water treatment plant in Oldsmar, Florida, and briefly increased the amount of sodium hydroxide in the water by a dramatic amount.

Authentication 145

Authentication Hacking 145

Bleeping Computer

FEBRUARY 9, 2021

A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [.].

Hacking 145

Hacking Software 145

Security Affairs

FEBRUARY 7, 2021

Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. The attack is possible because the machines use a smart card payment system that leverages insecure technology, the MIFARE Classic smart cards.

Hacking 145

Hacking Technology Software Engineering 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

FEBRUARY 12, 2021

Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?

Insurance 215

Insurance Cybersecurity 215

Security Boulevard

FEBRUARY 7, 2021

“The Hitchhiker’s Guide to the Galaxy,” by Douglas Adams, could actually be a guide to cybersecurity if read in a different context. The crux of the problem in present-day cybersecurity practice is summed up in this exchange from the book: After seven and a half million years of computing, “The answer to the Great Question of. The post Cybersecurity 2021: Asking the Right Question appeared first on Security Boulevard.

Cybersecurity 145

Cybersecurity CISO Malware 145

The Hacker News

FEBRUARY 8, 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category.

Software 145

Software 145

Security Affairs

FEBRUARY 7, 2021

The Largest compilation of emails and passwords (COMB), more than 3.2 billion login credentials, has been leaked on a popular hacking forum. More than 3.2 billion unique pairs of cleartext emails and passwords have been leaked on a popular hacking forum, the collection aggregates data from past leaks, such as Netflix, LinkedIn , Exploit.in , Bitcoin, and more.

Passwords 145

Passwords Hacking Accountability Banking 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity