Troy Hunt

JANUARY 21, 2020

Geez time flies. It's just a tad under 4 years ago that I wrote about teaching kids to code with code.org which is an amazing resource for young ones to start learning programming basics. In that post I shared a photo of my then 6-year-old son Ari holding a Lenovo Yoga 900 I gifted him as part of the Insiders program I'm involved in: He got a lot of mileage out of that machine and learned a lot about the basics of both code and using a PC.

Backups 313

Backups Software 313

Krebs on Security

JANUARY 20, 2020

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. Tucker Preston , 22, of Macon, Ga., pleaded guilty last week in a New Jersey court to one count of damaging protected computers by transmission of a program, code or command.

DDOS 315

DDOS Internet Internet System Administration 315

Schneier on Security

JANUARY 22, 2020

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service , a remote access protoco

IoT 324

IoT Passwords Internet Internet 324

The Last Watchdog

JANUARY 20, 2020

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

Cyber Insurance 222

Cyber Insurance Insurance Data breaches Risk 222

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JANUARY 24, 2020

Alright, let me get this off my chest first - I've totally lost it with these bloody Instamics. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception). I was left with a zero-byte file on my unit which we tried to recover to no avail. It's not just that; the mobile app is clunky AF (Scott was demonstrating how many times he had to mash a button on his just to get it to connect to a mic),

Firmware 223

Firmware Mobile 223

Krebs on Security

JANUARY 24, 2020

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers

DNS 282

DNS Social Engineering Engineering Accountability 282

Adam Levin

JANUARY 21, 2020

The FBI has seized the domain of WeLeakInfo.com, an online service that sold data from hacked and breached websites. The domain seizure and termination of WeLeakInfo’s services was the result of a joint operation with the UK National Crime Agency, the Netherlands National Police Corps, the German Bundeskriminalamt (the Federal Criminal Police Office of Germany), and the Police Service of Northern Ireland. . “The website had claimed to provide its users a search engine to review and obtain

Data breaches 167

Data breaches Passwords Marketing Engineering 167

Troy Hunt

JANUARY 18, 2020

We're in Norway! More specifically, Scott Helme and I are in Hafjell and recording this after a day on the snow before heading back to Oslo and the NDC Security conference next week. For now though, we're talking about some really screwy global roaming behaviour with telcos, the Danish gov coming onto HIBP, babies in data breaches and the takedown of We Leak Info.

Data breaches 166

Data breaches 166

Krebs on Security

JANUARY 22, 2020

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. Beta versions of iOS 13.3.1 include a new setting that lets users disable the “Ultra Wideband” feature, a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature.

Wireless 244

Wireless Technology Software 244

Schneier on Security

JANUARY 24, 2020

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that "appears to be an Arabic language promotional film about telecommunications.

Hacking 317

Hacking Backups Spyware Encryption 317

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Shostack

JANUARY 22, 2020

There’s a fascinating talk by Dan Luu, “ Files are Fraught With Peril. ” The talk itself is fascinating, in a horrifying, nothing works, we’re going to give up and raise goats now sort of way. He starts from the startling decision of Dropbox to drop support for all Linux filesystems except Ext4. This surprising decision stems from the fact that a filesystem is a leaky abstraction, The interaction between performance and reliability means that fsync behaves strangely.

Engineering 162

Engineering Software 162

Tech Republic Security

JANUARY 21, 2020

Among 60,000 large companies analyzed by security ratings company BitSight, almost 90% still have Windows 7 PCs in their environment.

204

204

Adam Levin

JANUARY 24, 2020

Mitsubishi Electric Corporation announced that it experienced a major data breach in June 2019 that has been traced back to a Chinese hacking group. “[O]ur network has been subject to unauthorised access by third parties. We have confirmed that trade secrets may have leaked out,” the company announced in a brief press release January 20. . The announcement from the electronics giant was released shortly after two Japanese newspapers, Nikkei and Asahi Shimbum reported on the breach.

Data breaches 131

Data breaches Hacking Software 131

Schneier on Security

JANUARY 21, 2020

SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside the phone companies.

Authentication 305

Authentication Wireless Backups Accountability 305

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JANUARY 20, 2020

Expert found a hardcoded SSH public key in Fortinet ’s Security Information and Event Management FortiSIEM that can allow access to the FortiSIEM Supervisor. . Andrew Klaus, a security specialist from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used by attackers to the FortiSIEM Supervisor. .

Authentication 145

Authentication Advertising Firmware Firewall 145

Tech Republic Security

JANUARY 22, 2020

The cybercriminals behind the powerful banking malware have turned their attention to government targets like Sen. Cory Booker.

Malware 177

Malware Banking Government 177

Dark Reading

JANUARY 24, 2020

The DEF CON Social Engineering Capture the Flag contest inspired a new event aimed at teaching both security and non-security professionals on the fine art of hacking human behavior.

Social Engineering 108

Social Engineering Engineering Hacking 108

Schneier on Security

JANUARY 20, 2020

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared.

Identity Theft 301

Identity Theft Government Technology 301

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JANUARY 24, 2020

Danish security researcher Ollypwn has released DOS exploit PoC for critical vulnerabilities in the Windows RDP Gateway. The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

Advertising 145

Advertising Firewall Education Engineering 145

Tech Republic Security

JANUARY 21, 2020

A security key is a good option to use for two-factor authentication when logging into certain websites.

Authentication 184

Authentication 184

Thales Cloud Protection & Licensing

JANUARY 22, 2020

Organizations are actively working to prevent data breaches by encrypting their sensitive information. Encryption isn’t a foolproof security measure, however. If attackers get control of an organization’s encryption keys, for instance, they can use them to decrypt its data and thereby steal its plaintext contents. Fortunately, organizations can bolster their implementations of encryption by practicing good key management.

Encryption 144

Encryption Marketing Software Architecture 144

Schneier on Security

JANUARY 21, 2020

Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking: Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a "clear role in facilitating the commission of a crime.

Cybercrime 190

Cybercrime Passwords Government Hacking 190

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JANUARY 21, 2020

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. This is not the first time Fbot analysis has been published, and also Fbot binaries have been actively infecting the IoT devices since way before 2018.

DDOS 145

DDOS IoT Malware Advertising 145

Tech Republic Security

JANUARY 21, 2020

Managing multiple devices can be a full-time job. With a few tools in your arsenal, you can optimize mobile devices for zero-touch management.

Mobile 156

Mobile 156

Dark Reading

JANUARY 24, 2020

There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.

IoT 120

IoT 120

Threatpost

JANUARY 24, 2020

The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.

Passwords 116

Passwords 116

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

JANUARY 20, 2020

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. According to the company, attackers did not obtain sensitive information about defense contracts. The breach was detected almost eight months ago, on June 28, 2019, with the delay being attributed to the increased complexity of the investigation caused by the attac

Data breaches 143

Data breaches Media Computers and Electronics Cyber Attacks 143

Tech Republic Security

JANUARY 24, 2020

Cybercriminals created a homemade RAT that uses multiple cloud services and targets countries like Saudi Arabia, Iraq, Egypt, Libya, Algeria, and Morocco.

143

143

Dark Reading

JANUARY 22, 2020

For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.

Ransomware 93

Ransomware 93

Threatpost

JANUARY 24, 2020

Ransomware actors are turning their sights on larger enterprises, making both average cost and downtime inflicted from attacks skyrocket.

Ransomware 104

Ransomware Phishing Malware 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity