Troy Hunt

JUNE 1, 2020

The situation in Minneapolis at the moment (and many other places in the US) following George Floyd's death is, I think it's fair to say, extremely volatile. I wouldn't even know where to begin commentary on that, but what I do have a voice on is data breaches which prompted me to tweet this out earlier today: I'm seeing a bunch of tweets along the lines of "Anonymous leaked the email addresses and passwords of the Minneapolis police" with links and screen caps of pastes as "evid

Hacking 364

Hacking Passwords Data breaches Accountability 364

Krebs on Security

JUNE 3, 2020

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities.

Banking 355

Banking Advertising Mobile Marketing 355

Schneier on Security

JUNE 4, 2020

Zoom was doing so well. And now we have this : Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "Free users for sure we don't want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose," Yuan said on the call.

Encryption 339

Encryption 339

Tech Republic Security

JUNE 3, 2020

Cybersecurity, remote IT troubleshooting and cloud support will be the most sought-after skills for businesses in the months following the COVID-19 pandemic, according to a survey of CIOs and tech executives.

Cybersecurity 198

Cybersecurity 198

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JUNE 3, 2020

Pwned again. Damn. That's me who's pwned again because my personal data has just turned up in yet another incident from a source I can't attribute. Less than 3 weeks ago I wrote about The Unattributable "db8151dd" Data Breach which, after posting that blog post and a sample of my own data, the community quickly attributed to Covve. My hope is that this blog post helps myself and the 69 million other people in this one work out who collected and then exposed their personal information.

Data breaches 361

Data breaches B2B Marketing Accountability 361

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those don’t. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-1

Ransomware 307

Ransomware Backups Encryption Internet 307

Tech Republic Security

JUNE 4, 2020

Aimed at SMBs, educational facilities, and software companies, the ransomware leverages Java to encrypt server-based files, according to BlackBerry and KPMG.

Ransomware 203

Ransomware Education Encryption Software 203

Troy Hunt

JUNE 5, 2020

It's a total mixed bag this week with a couple of new blog posts thrown in to boot. An award at an event nobody could attend, a SQL injection pattern in an HIBP email that wiped an entire DB, a disinformation campaign by "Anonymous" amidst a tumultuous time in the US and another freaking massive breach (with me in it) that I simply can't attribute. So yeah, life remains pretty unpredictable then ??

VPN 190

VPN Data breaches Hacking Cybersecurity 190

Adam Shostack

JUNE 3, 2020

I generally try to stay on technical topics, because my understanding is that’s what readers want. But events are overwhelming and I believe that not speaking out is now a political choice. I want to start from this Chris Rock video: I hadn’t seen it before, but I have spent a lot of time studying how airlines respond to problems, and you know what?

162

162

Schneier on Security

JUNE 1, 2020

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in place to mitigate harm.

Passwords 269

Passwords Accountability 269

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JUNE 4, 2020

Malicious files masquerading as curriculum vitae are being sent to businesses to install malware that can capture passwords and other sensitive information, says Check Point Research.

Passwords 188

Passwords Malware 188

Adam Levin

JUNE 1, 2020

Administrators of the open source Joomla content management system announced a data incident that potentially compromised the information of 2,700 developers. A database containing the personal data of users of Joomla Resources Directory website was discovered on an unprotected Amazon Web Services bucket following an internal audit. Leaked information included names, addresses, email addresses, phone numbers, encrypted passwords, and IP addresses. “ Data that would be typically used for the purp

Identity Theft 145

Identity Theft Encryption Authentication Passwords 145

Security Affairs

MAY 31, 2020

The hacktivist collective group Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck for more than eight minutes. We are interventionist.

Hacking 145

Hacking Advertising Passwords Internet 145

Schneier on Security

JUNE 3, 2020

This is interesting : The image, a seemingly innocuous sunset (or dawn) sky above placid waters, may be viewed without harm. But if loaded as wallpaper, the phone will crash. The fault does not appear to have been maliciously created. Rather, according to developers following Ice Universe's Twitter thread, the problem lies in the way color space is handled by the Android OS.

265

265

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 3, 2020

A phishing email claims to send the recipient to a VPN configuration page for home access but instead leads them to a credential-stealing site, said Abnormal Security.

VPN 192

VPN Phishing 192

WIRED Threat Level

MAY 31, 2020

Law enforcement has more tools than ever to track your movements and access your communications. Here's how to protect your privacy if you plan to protest.

Surveillance 145

Surveillance 145

Threatpost

JUNE 5, 2020

A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.

Accountability 142

Accountability Data privacy Mobile 142

Schneier on Security

JUNE 2, 2020

Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed.

Accountability 260

Accountability Hacking 260

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 4, 2020

A new partnership with Dedrone has led to a platform that can instantly detect and notify security personnel of drones in sensitive airspace.

Software 196

Software 196

WIRED Threat Level

JUNE 2, 2020

Over several decades, the 1033 program has shipped over $7.4 billion of Defense Department property to more than 8,000 law enforcement agencies.

145

145

Security Affairs

MAY 30, 2020

API Security – There is a considerable demand for data-centric projects, that is why companies have quickly opened their data to their ecosystem through REST or SOAP APIs. APIs work as doors for a company – closely guarding data of an organization. However, there are some challenges created: how do we hold the doors open to the world while simultaneously sealing them off from hackers?

Authentication 142

Authentication Firewall Encryption Passwords 142

Threatpost

JUNE 4, 2020

Westech International provides maintenance for the Minuteman III nuclear-missile program and runs programs for multiple branches of the military.

Ransomware 138

Ransomware Government Malware Hacking 138

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JUNE 3, 2020

Unauthorized access was the most common type of attack in 2019, and it was responsible for 40% of all data breaches, says ForgeRock.

Data breaches 184

Data breaches 184

Adam Shostack

JUNE 4, 2020

As security professionals, have we ever sat down and truly made an effort to empirically determine what controls are actually effective in our environment and what controls do very little to protect our environment or, worse yet, actually work to undermine our security. That’s from The Need for Evidence Based Security , by Chris Frenz, is worth reading.

Risk 100

Risk 100

Security Affairs

JUNE 5, 2020

ST Engineering is the last victim of the Maze Ransomware operators that published their data on their leak website. ST Engineering is one of the leading engineering groups worldwide, it specializes in the aerospace, electronics, land systems, and marine sectors. The group operates in more than 100 countries and reported revenue of $7.86b in FY2019. The Maze ransomware operators announced the release of stolen data on their leak site.

Engineering 143

Engineering Ransomware Cyber Insurance Advertising 143

Threatpost

JUNE 4, 2020

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement.

Encryption 131

Encryption 131

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JUNE 1, 2020

According to a Tessian survey, data protection concerns go out the window for remote employees.

209

209

Dark Reading

JUNE 2, 2020

Insider cyber threats are always an issue during layoffs -- but with record numbers of home office workers heading for the unemployment line, it's never been harder to maintain cybersecurity during offboarding.

Information Security 112

Information Security Cyber threats Cybersecurity 112

Security Affairs

JUNE 2, 2020

A flaw in the IP-in-IP tunneling protocol that can be exploited for DoS attacks and to bypass security controls impact devices from Cisco and other vendors. A vulnerability that affects the IP-in-IP tunneling protocol (aka IP Encapsulation within IP) implemented by Cisco and other vendors could be exploited for denial-of-service (DoS) attacks and to bypass security controls.

DDOS 141

DDOS Advertising Software Cybersecurity 141

Threatpost

JUNE 4, 2020

A $5 billion class-action lawsuit filed in a California federal court alleges that Google's Chrome incognito mode collects browser data without people’s knowledge or consent.

Advertising 113

Advertising Data privacy 113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity