Troy Hunt

JUNE 1, 2020

The situation in Minneapolis at the moment (and many other places in the US) following George Floyd's death is, I think it's fair to say, extremely volatile. I wouldn't even know where to begin commentary on that, but what I do have a voice on is data breaches which prompted me to tweet this out earlier today: I'm seeing a bunch of tweets along the lines of "Anonymous leaked the email addresses and passwords of the Minneapolis police" with links and screen caps of pastes as "evid

Hacking 364

Hacking Passwords Data breaches Accountability 364

Krebs on Security

JUNE 3, 2020

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities.

Banking 357

Banking Advertising Mobile Marketing 357

Schneier on Security

JUNE 4, 2020

Zoom was doing so well. And now we have this : Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "Free users for sure we don't want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose," Yuan said on the call.

Encryption 266

Encryption 266

Tech Republic Security

JUNE 1, 2020

According to a Tessian survey, data protection concerns go out the window for remote employees.

214

214

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

JUNE 3, 2020

Pwned again. Damn. That's me who's pwned again because my personal data has just turned up in yet another incident from a source I can't attribute. Less than 3 weeks ago I wrote about The Unattributable "db8151dd" Data Breach which, after posting that blog post and a sample of my own data, the community quickly attributed to Covve. My hope is that this blog post helps myself and the 69 million other people in this one work out who collected and then exposed their personal information.

Data breaches 361

Data breaches B2B Marketing Accountability 361

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those don’t. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-1

Ransomware 311

Ransomware Backups Encryption Internet 311

Tech Republic Security

JUNE 4, 2020

Aimed at SMBs, educational facilities, and software companies, the ransomware leverages Java to encrypt server-based files, according to BlackBerry and KPMG.

Ransomware 211

Ransomware Education Encryption Software 211

Troy Hunt

JUNE 5, 2020

It's a total mixed bag this week with a couple of new blog posts thrown in to boot. An award at an event nobody could attend, a SQL injection pattern in an HIBP email that wiped an entire DB, a disinformation campaign by "Anonymous" amidst a tumultuous time in the US and another freaking massive breach (with me in it) that I simply can't attribute. So yeah, life remains pretty unpredictable then ??

VPN 211

VPN Data breaches Hacking Cybersecurity 211

Adam Shostack

JUNE 3, 2020

I generally try to stay on technical topics, because my understanding is that’s what readers want. But events are overwhelming and I believe that not speaking out is now a political choice. I want to start from this Chris Rock video: I hadn’t seen it before, but I have spent a lot of time studying how airlines respond to problems, and you know what?

162

162

Schneier on Security

JUNE 1, 2020

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in place to mitigate harm.

Passwords 210

Passwords Accountability 210

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JUNE 3, 2020

Cybersecurity, remote IT troubleshooting and cloud support will be the most sought-after skills for businesses in the months following the COVID-19 pandemic, according to a survey of CIOs and tech executives.

Cybersecurity 207

Cybersecurity 207

Security Affairs

JUNE 5, 2020

ST Engineering is the last victim of the Maze Ransomware operators that published their data on their leak website. ST Engineering is one of the leading engineering groups worldwide, it specializes in the aerospace, electronics, land systems, and marine sectors. The group operates in more than 100 countries and reported revenue of $7.86b in FY2019. The Maze ransomware operators announced the release of stolen data on their leak site.

Engineering 145

Engineering Ransomware Cyber Insurance Advertising 145

WIRED Threat Level

JUNE 2, 2020

Rubber bullets and tear gas are billed as relatively safe. They're anything but.

145

145

Schneier on Security

JUNE 3, 2020

This is interesting : The image, a seemingly innocuous sunset (or dawn) sky above placid waters, may be viewed without harm. But if loaded as wallpaper, the phone will crash. The fault does not appear to have been maliciously created. Rather, according to developers following Ice Universe's Twitter thread, the problem lies in the way color space is handled by the Android OS.

209

209

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JUNE 4, 2020

A new partnership with Dedrone has led to a platform that can instantly detect and notify security personnel of drones in sensitive airspace.

Software 203

Software 203

Security Affairs

MAY 31, 2020

The hacktivist collective group Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck for more than eight minutes. We are interventionist.

Hacking 145

Hacking Advertising Passwords Internet 145

WIRED Threat Level

JUNE 2, 2020

Over several decades, the 1033 program has shipped over $7.4 billion of Defense Department property to more than 8,000 law enforcement agencies.

145

145

Schneier on Security

JUNE 2, 2020

Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed.

Accountability 202

Accountability Hacking 202

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 3, 2020

A phishing email claims to send the recipient to a VPN configuration page for home access but instead leads them to a credential-stealing site, said Abnormal Security.

VPN 202

VPN Phishing 202

Adam Levin

JUNE 1, 2020

Administrators of the open source Joomla content management system announced a data incident that potentially compromised the information of 2,700 developers. A database containing the personal data of users of Joomla Resources Directory website was discovered on an unprotected Amazon Web Services bucket following an internal audit. Leaked information included names, addresses, email addresses, phone numbers, encrypted passwords, and IP addresses. “ Data that would be typically used for the purp

Identity Theft 145

Identity Theft Encryption Authentication Passwords 145

WIRED Threat Level

MAY 31, 2020

Law enforcement has more tools than ever to track your movements and access your communications. Here's how to protect your privacy if you plan to protest.

Surveillance 145

Surveillance 145

Security Affairs

JUNE 2, 2020

A flaw in the IP-in-IP tunneling protocol that can be exploited for DoS attacks and to bypass security controls impact devices from Cisco and other vendors. A vulnerability that affects the IP-in-IP tunneling protocol (aka IP Encapsulation within IP) implemented by Cisco and other vendors could be exploited for denial-of-service (DoS) attacks and to bypass security controls.

DDOS 144

DDOS Advertising Software Cybersecurity 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 4, 2020

Malicious files masquerading as curriculum vitae are being sent to businesses to install malware that can capture passwords and other sensitive information, says Check Point Research.

Passwords 200

Passwords Malware 200

Threatpost

JUNE 5, 2020

A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.

Accountability 142

Accountability Data privacy Mobile 142

WIRED Threat Level

JUNE 5, 2020

Research shows that calm and negotiation, not excessive force, reduces damage. So why are officers still turning to tear gas?

130

130

Security Affairs

MAY 30, 2020

API Security – There is a considerable demand for data-centric projects, that is why companies have quickly opened their data to their ecosystem through REST or SOAP APIs. APIs work as doors for a company – closely guarding data of an organization. However, there are some challenges created: how do we hold the doors open to the world while simultaneously sealing them off from hackers?

Authentication 145

Authentication Firewall Encryption Passwords 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JUNE 3, 2020

Unauthorized access was the most common type of attack in 2019, and it was responsible for 40% of all data breaches, says ForgeRock.

Data breaches 195

Data breaches 195

Threatpost

JUNE 4, 2020

Westech International provides maintenance for the Minuteman III nuclear-missile program and runs programs for multiple branches of the military.

Ransomware 138

Ransomware Government Malware Hacking 138

WIRED Threat Level

MAY 30, 2020

Plus: A LiveJournal hack, Qatar's contact tracing privacy failure, and more of the week's top security news.

Hacking 120

Hacking 120

Security Affairs

MAY 31, 2020

Two security flaws in the PageLayer WordPress plugin can be exploited to potentially wipe the contents or take over WordPress sites. Security experts from WordFence discovered two high severity security vulnerabilities in the PageLayer WordPress plugin that could potentially allow attackers to wipe the contents or take over WordPress sites using vulnerable plugin versions.

Hacking 144

Hacking Advertising Authentication Accountability 144

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity