Sat.May 23, 2020 - Fri.May 29, 2020

article thumbnail

Report: ATM Skimmer Gang Had Protection from Mexican Attorney General’s Office

Krebs on Security

A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division.

article thumbnail

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

The Last Watchdog

Doing authentication well is vital for any company in the throes of digital transformation. Digital commerce would fly apart if businesses could not reliably affirm the identities of all humans and all machines, that is, computing instances, that are constantly connecting to each other across the Internet. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Websites Conducting Port Scans

Schneier on Security

Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors. Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I marked out the ports and what they are known for (with a few blanks for ones I am unfamiliar with): 5900: VNC. 5901: VNC port 2. 5902: VNC port 3. 5903: VNC port 4. 5279: 3389: Windows remote desktop / RD

Banking 308
article thumbnail

Weekly Update 193

Troy Hunt

First time back in a restaurant! Wandering down my local dining area during the week, I was rather excited to see a cafe that wasn't just open, but actually had spare seating. Being limited to only 10 patrons at present, demand is well in excess of supply and all you have to do is leave some contact info in case someone else in the restaurant tests positive at a later date.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Riding the State Unemployment Fraud ‘Wave’

Krebs on Security

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S. states struggle to combat a tsunami of phony Pandemic Unemployment Assistance (PUA) claims.

Insurance 350
article thumbnail

MY TAKE: Technologists, privacy advocates point to flaws in the Apple-Google COVID-19 tracing app

The Last Watchdog

If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profoundly and permanently disrupted by the coronavirus pandemic. The tech giants are partnering on a tool for public good, but critics worry it will ultimately get used for predatory surveillance Related: Europe levies big fines for data privacy missteps If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profou

More Trending

article thumbnail

Social engineering: A cheat sheet for business professionals

Tech Republic Security

People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.

article thumbnail

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offende

article thumbnail

Breached Mathway App Credentials Offered on Dark Web

Adam Levin

Over 25 million user logins and passwords from a popular math app are being offered for sale on the dark web following a data breach. Mathway, a popular app for iOS and Android devices, recently uncovered evidence of the breach after a hacking group announced it was selling Mathway user data on the dark web for roughly $4,000 in Bitcoin. . ShinyGroup, a hacking group notorious for selling compromised data, announced that they had breached Mathway in January 2020.

article thumbnail

Bogus Security Technology: An Anti-5G USB Stick

Schneier on Security

The 5GBioShield sells for £339.60, and the description sounds like snake oil : its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF [electromagnetic field] emitting device".

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google, Microsoft most spoofed brands in latest phishing attacks

Tech Republic Security

Scammers are increasingly exploiting file sharing sites such as Google Docs and Microsoft Sway to steal user credentials, according to Barracuda Networks.

Phishing 207
article thumbnail

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail.

article thumbnail

Unsupervised Learning: No. 230

Daniel Miessler

THIS WEEK’S TOPICS: Twitter Bots, Face Recognition Headsets, Chrome Bug Memories, Virtual Currency, White House OPSEC, Realtime Language Translation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. Subscribe To Podcast. Show Notes.

article thumbnail

Bluetooth Vulnerability: BIAS

Schneier on Security

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Phishing attack impersonates Amazon Web Services to steal user credentials

Tech Republic Security

The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security.

Phishing 211
article thumbnail

An archive with 20 Million Taiwanese? citizens leaked in the dark web

Security Affairs

Security experts from Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. A few weeks ago, threat intelligence firm Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. According to the experts, the leak includes government data of an entire country, it was leaked online by a reputable actor that goes online with moniker ‘Toogod.”. “A few weeks ago, our researchers came across a leaked databa

article thumbnail

How to Pay a Ransom

Dark Reading

Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your organization has fallen victim and is going to pay. Here's how to handle it.

article thumbnail

Facebook Announces Messenger Security Features that Don't Compromise Privacy

Schneier on Security

Note that this is " announced ," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling out on Android in March and is now bringing to iOS, uses machine learning analysis of communications across Faceb

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Security expert weighs in on cybersecurity regulation and ransomware attacks of US cities

Tech Republic Security

Bryson Bort, founder and CEO of cybersecurity company SCYTHE, fears "death by a thousand paper cuts" more than than a digital apocalypse. He also shares his views on how well cyber-deterrence works.

article thumbnail

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

Experts reported the existence of a botnet, tracked as Silent Night based on the Zeus banking Trojan that is available for sale in several underground forums. This week researchers from Malwarebytes and HYAS published a report that included technical details on a recently discovered botnet, tracked as Silent Night, being distributed via the RIG exploit kit and COVID-19 malspam campaign. .

Banking 144
article thumbnail

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

WIRED Threat Level

In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim.

Hacking 142
article thumbnail

SLR as a Webcam

Adam Shostack

As I built out my home studio to record videos for my distributed classes, I was lucky enough to be able to find an in-stock HDMI capture card, but those are harder and harder to find. As it turns out, you may be able to avoid the need for that with a mix of apps. This article on PetaPixel points to Camera Live (Maybe Canon only), Camtwist. The key step in getting this to work with Zoom is. sudo codesign --remove-signature /Applications/zoom.us.app/.

100
100
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Security expert weighs in on cybersecurity regulation and ransomware attacks of US cities

Tech Republic Security

Bryson Bort, founder and CEO of cybersecurity company SCYTHE, fears "death by a thousand paper cuts" more than than a digital apocalypse. He also shares his views on how well cyber-deterrence works.

article thumbnail

Steganography in targeted attacks on industrial enterprises in Japan and Europe

Security Affairs

Threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks, Kaspersky reported. Researchers from Kaspersky’s ICS CERT unit reported that threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks. The experts first observed the attacks in early 2020, while in early May, threat actors targeted organizations in Japan, Italy, Germany and the UK.

Phishing 145
article thumbnail

Use of cloud collaboration tools surges and so do attacks

InfoWorld on Security

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

143
143
article thumbnail

Code: science and production

Adam Shostack

There’s an interesting article by Phil Bull, “ Why you can ignore reviews of scientific code by commercial software developers “ It’s an interesting, generally convincing argument, with a couple of exceptions. (Also worth remembering: What We Can Learn From the Epic Failure of Google Flu Trends.). The first interesting point is the difference between production code and exploratory code.

Software 100
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Zero trust security: A cheat sheet

Tech Republic Security

Zero trust means rethinking the safety of every bit of tech on a network. Learn five steps to building a zero trust environment.

207
207
article thumbnail

The Florida Unemployment System suffered a data breach

Security Affairs

Officials revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims. The Florida Department of Economic Opportunity revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims. It has notified 98 people that have been impacted by the incident, government representatives didn’t disclose when the breach took place either the number of the affected indivi

article thumbnail

Security 101: SQL Injection

Dark Reading

A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.

111
111
article thumbnail

There's a Jailbreak Out for the Current Version of iOS

WIRED Threat Level

The Unc0ver tool works on all versions of iOS from 11 to 13.5, the current release.

145
145
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.