Sat.Aug 22, 2020 - Fri.Aug 28, 2020

article thumbnail

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.

article thumbnail

Cory Doctorow on The Age of Surveillance Capitalism

Schneier on Security

Cory Doctorow has writtten an extended rebuttal of The Age of Surveillance Capitalism by Shoshana Zuboff. He summarized the argument on Twitter. Shorter summary: it's not the surveillance part, it's the fact that these companies are monopolies. I think it's both. Surveillance capitalism has some unique properties that make it particularly unethical and incompatible with a free society, and Zuboff makes them clear in her book.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 206

Troy Hunt

Since I recorded this morning, I've had an absolute breakthrough - I CAN OPEN MY GARAGE DOOR WITH MY WATCH ! I know, I know, it shouldn't be this hard and that's a lot of the point I'm making in this week's video. Having said that, some parts have been hard because I've made simple mistakes , but the nature of the IoT ecosystem as it stands today predisposes you to mistakes because there's so freakin' many moving parts that all need to be aligned.

InfoSec 271
article thumbnail

What to Do If and When Zoom Goes Down Again

Adam Levin

Zoom’s service outage on August 24 caused a ripple effect felt in schools and companies across the world. Students were unable to attend classes via remote learning, meetings were cancelled and for roughly three hours users were wondered if the now-ubiquitous platform had been brought down by hackers. Although the company later released an announcement attributing the outage to an “application-level bug,” it made clear that most of us are not prepared for an interruption to a service we’ve grown

Education 246
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

At the height of his cybercriminal career, the hacker known as “ Hieupc ” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer sk

article thumbnail

US Postal Service Files Blockchain Voting Patent

Schneier on Security

The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot information in an election. The system separates voter identification and votes to ensure vote anonymity, and stores votes on a distributed ledger in a blockchain.

Software 275

More Trending

article thumbnail

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

The Last Watchdog

Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Then, in most cases, you’d have to undergo a medical examination and wait a few weeks to get approved and complete the whole process. But this scenario doesn’t seem to fit the fast-paced world we live in anymore. Today’s generation is used to getting everything done fast and easy, so life insurance providers had to get with the times and cover all customers’ needs and requirements

Insurance 190
article thumbnail

Confessions of an ID Theft Kingpin, Part II

Krebs on Security

Yesterday’s piece told the tale of Hieu Minh Ngo , a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services.

article thumbnail

Identifying People by Their Browsing Histories

Schneier on Security

Interesting paper: " Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories ": We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third parties. This work replicates and extends the 2012 paper Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns [ 48 ].

article thumbnail

Microsoft says the pandemic has changed the future of cybersecurity in these five ways

Tech Republic Security

A new report from Microsoft suggests that cloud-based technologies and Zero Trust architecture will become mainstays of businesses' cybersecurity investments going forward.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NEW TECH: Trend Micro flattens cyber risks — from software development to deployment

The Last Watchdog

Long before this awful pandemic hit us, cloud migration had attained strong momentum in the corporate sector. As Covid19 rages on, thousands of large to mid-sized enterprises are now slamming pedal to the metal on projects to switch over to cloud-based IT infrastructure. A typical example is a Seattle-based computer appliance supplier that had less than 10 percent of its 5,000 employees set up to work remotely prior to the pandemic.

article thumbnail

Protest App Bridgefy Riddled with Vulnerabilities

Adam Levin

A messaging app popular with activists and protesters around the globe was found to have several major vulnerabilities that could compromise user privacy. Bridgefy is a mesh messaging app that lets users send and receive texts to others nearby without requiring an internet connection. While the developers of the app say it’s ideal for communicating during large gatherings, natural disasters, or in school settings, the app’s publicized security and encryption features have made it a favorite for

article thumbnail

DiceKeys

Schneier on Security

DiceKeys is a physical mechanism for creating and storing a 192-bit key. The idea is that you roll a special set of twenty-five dice, put them into a plastic jig, and then use an app to convert those dice into a key. You can then use that key for a variety of purposes, and regenerate it from the dice if you need to. This week Stuart Schechter, a computer scientist at the University of California, Berkeley, is launching DiceKeys, a simple kit for physically generating a single super-secure key th

Passwords 230
article thumbnail

North Korean hackers are actively robbing banks around the world, US government warns

Tech Republic Security

The BeagleBoyz have made off with nearly $2 billion since 2015, and they're back to attacking financial institutions after a short lull in activity.

Banking 217
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. The new variant also exploits SMBGhost bug in Windows systems, and is also able to target servers running Redis and Hadoop instances.

Malware 145
article thumbnail

Ransomware Has Gone Corporate—and Gotten More Cruel

WIRED Threat Level

The DarkSide operators are just the latest group to adopt a veneer of professionalism—while at the same time escalating the consequences of their attacks.

article thumbnail

Amazon Supplier Fraud

Schneier on Security

Interesting story of an Amazon supplier fraud: According to the indictment, the brothers swapped ASINs for items Amazon ordered to send large quantities of different goods instead. In one instance, Amazon ordered 12 canisters of disinfectant spray costing $94.03. The defendants allegedly shipped 7,000 toothbrushes costing $94.03 each, using the code for the disinfectant spray, and later billed Amazon for over $650,000.

article thumbnail

IoT botnets: Smart homes ripe for a new type of cyberattack

Tech Republic Security

The burgeoning smart home device market has given rise to digital intrusion and potential energy market manipulation on a massive scale.

IoT 216
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. Original post: [link]. Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. Printers? Not so much.

Hacking 145
article thumbnail

A New Botnet Is Covertly Targeting Millions of Servers

WIRED Threat Level

FritzFrog has been used to try and infiltrate government agencies, banks, telecom companies, and universities across the US and Europe.

Banking 143
article thumbnail

DDoS Attacks Halt NZ Exchange Trading for Third Day

Dark Reading

New Zealand Exchange officials say the motive for the attacks is unclear.

DDOS 140
article thumbnail

Top 5 programming languages for security admins to learn

Tech Republic Security

SecAdmins working to protect infrastructure, whether in a defensively or offensively, may find these programming languages helpful in safeguarding apps, systems, and hardware from threats.

213
213
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

Security Affairs

The Iran-linked Charming Kitten APT group leveraged on WhatsApp and LinkedIn to carry out phishing attacks, researchers warn. Clearsky security researchers revealed that Iran-linked Charming Kitten APT group is using WhatsApp and LinkedIn to conduct spear-phishing attacks. Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organi

Phishing 145
article thumbnail

APIs Are the Next Frontier in Cybercrime

Threatpost

APIs make your systems easier to run -- and make it easier for hackers, too.

article thumbnail

A Tesla Employee Thwarted an Alleged Ransomware Plot

WIRED Threat Level

Elon Musk confirmed Thursday night that a ransomware gang had approached a Gigafactory employee with alleged promises of a big payout.

article thumbnail

Extra security or extra risk? Pros and cons of password managers

Tech Republic Security

Tech consultants and journalists have their own conflicting opinions about the best way to manage access in a world full of security risks.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

Experts found an unsecured data bucket containing seven gigabytes worth of unencrypted files that include 350,000,000 strings of unique email addresses. Original post at: [link]. The CyberNews research team uncovered an unsecured data bucket owned by an unidentified party, containing seven gigabytes worth of unencrypted files that include 350,000,000 strings of unique email addresses.

article thumbnail

Medical Data Leaked on GitHub Due to Developer Errors

Threatpost

Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.

article thumbnail

How WeChat Censored the Coronavirus Pandemic

WIRED Threat Level

In China, the messaging platform blocked thousands of keywords related to the virus, a new report reveals.

134
134
article thumbnail

Microsoft just made securing Windows 10 PCs a whole lot easier for IT admins

Tech Republic Security

New security capabilities designed for SMEs allow IT admins to apply baseline security settings across an organization.

203
203
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!