Internet and Presentation - Cyber Security Informer

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

FEBRUARY 14, 2024

The Minnesota-based Internet provider U.S. Internet Corp. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser. Internet with their email.

Internet

Internet Internet Wireless Government

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

Internet

Internet Internet Backups Small Business

Voatz Internet Voting App Is Insecure

Schneier on Security

FEBRUARY 17, 2020

This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. We performed a clean-room reimplementation of Voatz's server and present an analysis of the election process as visible from the app itself.

Internet

Internet Internet Mobile Engineering

IBM finds vulnerability in IoT chips present in billions of devices

Tech Republic Security

AUGUST 19, 2020

Manufactured by Thales, the EHS8 module family has security flaws that could allow attackers to take total control over internet-connected industrial machines.

IoT

IoT Manufacturing Internet Internet

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

Cybersecurity buyers will want a trusted place online to find, evaluate, and purchase products and services from home, as teleworking replaces more traditional methods of in-person sales presentations, trade shows, events and dinners.

eCommerce

eCommerce Cybersecurity B2B Marketing

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

JULY 13, 2021

Which presented another problem: Because I don’t know when to give up, I went back to BlueStacks to work out what went wrong. I had a false start here because I pulled current versions of everything when what I really needed was an old version of BlueStacks and an old version of the Smart Life APK.

Internet

Internet Internet IoT Firmware

Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

Schneier on Security

AUGUST 29, 2024

Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person.

Engineering

Engineering Internet Internet

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

The Last Watchdog

OCTOBER 19, 2022

Matter is intended to be the lingua franca for the Internet of Things. The Internet of Things is a huge new platform for amazing innovation,” Hanna observes. Notably, they’ll connect to the Internet – and to each other – via an advanced type of mesh network. . It’s only a first step and there’s a long way to go.

Internet

Internet Internet Manufacturing Technology

NSO Group’s Pegasus Spyware Used Against US State Department Officials

Schneier on Security

DECEMBER 13, 2021

NSO Group’s descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We don’t know which NSO Group customer trained the spyware on the US. ” .

Spyware

Spyware Internet Internet Government

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

The Last Watchdog

DECEMBER 8, 2022

based web security vendor that provides secure, cloud-based internet isolation. About the essayist: Mark Guntrip is senior director of cybersecurity strategy at Menlo Security , a Mountain View, Calif.-based

Cybersecurity

Cybersecurity Passwords Password Management Ransomware

Using EM Waves to Detect Malware

Schneier on Security

JANUARY 14, 2022

” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. We will present a novel approach of using side channel information to identify the kinds of threats that are targeting the device.

Malware

Malware IoT Firmware Internet

Security Analysis of Apple’s “Find My…” Protocol

Schneier on Security

MARCH 15, 2021

OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. This paper presents the first comprehensive security and privacy analysis of OF.

Engineering

Engineering Internet Internet

The Rise of Large-Language-Model Optimization

Schneier on Security

APRIL 25, 2024

In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. The internet initially promised to change this process. In response, scammers built link farms and spammed comment sections, falsely presenting their trashy pages as authoritative.

Engineering

Engineering Internet Internet Artificial Intelligence

Attacking Driverless Cars with Projected Images

Schneier on Security

FEBRUARY 3, 2020

our experiments show that when presented with various phantoms, a car's ADAS or autopilot considers the phantoms as real objects, causing these systems to trigger the brakes, steer into the lane of oncoming traffic, and issue notifications about fake road signs. The paper will be presented at CyberTech at the end of the month.

Internet

Internet Internet Hacking Technology

Identifying People Using Cell Phone Location Data

Schneier on Security

JANUARY 9, 2023

The example in the presentation is a kidnapper. But if you assume that he has some sort of smart phone in his pocket that identifies itself over the Internet, you might be able to find him in that dataset. He is based in a rural area, so he can’t risk making his ransom calls from that area.

Surveillance

Surveillance Internet Internet Risk

Microsoft Patch Tuesday, December 2023 Edition

Krebs on Security

DECEMBER 12, 2023

Among the critical bugs quashed this month is CVE-2023-35628 , a weakness present in Windows 10 and later versions, as well as Microsoft Server 2008 and later. Also, while ICS is present in all versions of Windows since Windows 7, it is not on by default (although some applications may turn it on). .

Internet

Internet Internet Engineering Malware

Security Vulnerability of Switzerland’s E-Voting System

Schneier on Security

OCTOBER 17, 2023

Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count; and if thousands of voters’ computers are hacked by malware, the malware can change votes as they are transmitted. Switzerland—not low stakes—uses online voting for national elections.

Malware

Malware Internet Internet Government

China’s Olympics App Is Horribly Insecure

Schneier on Security

JANUARY 21, 2022

The app also includes a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies. MY2022 includes features that allow users to report “politically sensitive” content.

Surveillance

Surveillance Encryption Wireless Government

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can’t or won’t upgrade to the latest operating system.

Firmware

Firmware Passwords Internet Internet

Microsoft Patch Tuesday, August 2020 Edition

Krebs on Security

AUGUST 11, 2020

The most concerning of these appears to be CVE-2020-1380 , which is a weaknesses in Internet Explorer that could result in system compromise just by browsing with IE to a hacked or malicious website. This is the sixth month in a row Microsoft has shipped fixes for more than 100 flaws in its products.

Backups

Backups Internet Internet Malware

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

The Last Watchdog

JUNE 9, 2022

And, let’s be honest , the deceptive writing phishing assaults and other cyber threats today employ are skilled enough to fool even the most trained, internet-savvy experts. Ever present threats. Internet and email fraud. Perhaps elderly folks who haven’t spent a lot of time online are easier to deceive.

Identity Theft

Identity Theft Scams Insurance Internet

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. The backdoor web shell is verifiably present on the networks of thousands of U.S.

Hacking

Hacking Software Government Internet

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

As a result, cybersecurity programs must be crafted and implemented not only to defend against lateral movement through data systems by so called “authorized users” but also to treat users on internal networks as if they were no more trustworthy than users accessing via Internet-based connections emanating from halfway around the work.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Wireless

Microsoft Patch Tuesday, February 2023 Edition

Krebs on Security

FEBRUARY 14, 2023

Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver , which is present in Windows 10 and 11 systems, as well as many server versions of Windows. On a lighter note (hopefully), Microsoft drove the final nail in the coffin for Internet Explorer 11 (IE11).

Internet

Internet Internet Malware Cyber threats

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

SEPTEMBER 8, 2021

According to a security advisory from Redmond, the security hole CVE-2021-40444 affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

Software

Software Engineering Internet Internet

Split-Second Phantom Images Fool Autopilots

Schneier on Security

OCTOBER 19, 2020

And they warn that if hackers hijacked an internet-connected billboard to carry out the trick, it could be used to cause traffic jams or even road accidents while leaving little evidence behind. […]. We discuss the challenge that split-second phantom attacks create for ADASs.

Advertising

Advertising Authentication Internet Internet

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

JANUARY 13, 2020

is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Sources tell KrebsOnSecurity that Microsoft Corp. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S.

Internet

Internet Internet Software Media

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

JUNE 3, 2022

Log4J, aka Log4Shell, refers to a gaping vulnerability that exists in an open-source logging library that’s deeply embedded within servers and applications all across the public Internet. Left unpatched, Log4Shell, presents a ripe opportunity for a bad actor to carry out remote code execution attacks, Pericin told me.

Software

Software Internet Internet System Administration

When Your Used Car is a Little Too ‘Mobile’

Krebs on Security

FEBRUARY 5, 2020

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. They did, and Marulla was presented with an online dashboard showing the current location of his old ride and its mileage statistics.

Mobile

Mobile Engineering Internet Internet

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Today, there are two major types of common CMS platforms: •The older “traditional” or “monolithic” CMS platforms include a content repository (usually a multimedia database), the administrative console (where content is added and categorized), the presentation system (which makes nice-looking pages), and the search engine. Gierlinger.

Data breaches

Data breaches Encryption Mobile Technology

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

The Hacker News

JUNE 28, 2024

SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity.

Internet

Internet Internet Technology

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect. What used to be a focus on physical safety has now shifted to cybersecurity due to the widened attack surface that connected cars present. Acohido Pulitzer Prize-winning business journalist Byron V.

Malware

Malware Manufacturing IoT Software

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Krebs on Security

DECEMBER 2, 2021

28, other Ubiquiti employees spotted the unusual downloads, which had leveraged internal company credentials and a Surfshark VPN connection to hide the downloader’s true Internet address. Assuming an external attacker had breached its security, Ubiquiti quickly launched an investigation. A link to the indictment is here (PDF).

VPN

VPN Internet Internet Accountability

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service. com, such as abuseipdb[.]com com , bestiptest[.]com

Malware

Malware VPN Internet Internet

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-friendly website names (example.com) into numeric Internet addresses. “Free services make it easier [to exploit] at scale.

DNS

DNS Internet Internet Phishing

Microsoft Patch Tuesday, August 2021 Edition

Krebs on Security

AUGUST 10, 2021

10 is the worst), and is present in Windows 7 through Windows 10 , and Windows Server 2008 through 2019 (Windows 7 is no longer being supported with security updates). For a complete rundown of all patches released today and indexed by severity, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center.

Software

Software Internet Internet Backups

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices

Trend Micro

MAY 16, 2023

An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.

IoT

IoT Mobile Internet Internet

RSAC Fireside Chat: Keeping persistent email threats at bay requires deeper, cloud-layer vigilance

The Last Watchdog

MAY 11, 2023

Meanwhile, weaponized email continues to pose a clear and present threat to all businesses. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW Email remains by far the no.1 1 business communications tool. I’ll keep watch and keep reporting.

Security Awareness

Security Awareness Phishing Internet Internet

Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets

Tech Republic Security

SEPTEMBER 7, 2023

Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.

IoT

IoT Media Internet Internet

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

FEBRUARY 26, 2020

Today, Zyxel acknowledged the same flaw is present in many of its firewall products. “Do not leave the product directly exposed to the internet. This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. .”

Firewall

Firewall Firmware VPN IoT

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

NOVEMBER 22, 2022

This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW Related: Ransomware bombardments.

Internet

Internet Internet Network Security Ransomware

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

Best Practices Q&A: Guidance about what directors need to hear from CISOs — from a board member

The Last Watchdog

APRIL 8, 2024

I recently attended an IoActive-sponsored event in Seattle at which Pegueros gave a presentation titled: “Merging Cybersecurity, the Board & Executive Team” Pegueros shed light on the land mines that enshroud cybersecurity presentations made at the board level. Here’s that exchange, edited for clarity and length.

CISO

CISO Risk Cybersecurity Insurance

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Security Affairs

JUNE 17, 2024

The investigation revealed that the threat actor had been present in the organization’s on-premises network for about three years, aiming to maintain access for espionage purposes. One method used was exploiting a legacy F5 BIG-IP appliance exposed to the internet, which served as an internal Command and Control (C&C).

Malware

Malware Internet Internet Firewall

U.S. Internet Leaked Years of Internal, Customer Emails

MyBook Users Urged to Unplug Devices from Internet

Trending Sources

Voatz Internet Voting App Is Insecure

IBM finds vulnerability in IoT chips present in billions of devices

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Internet of Things is a Complete Mess (and how to Fix it)

Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

NSO Group’s Pegasus Spyware Used Against US State Department Officials

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

Using EM Waves to Detect Malware

Security Analysis of Apple’s “Find My…” Protocol

The Rise of Large-Language-Model Optimization

Attacking Driverless Cars with Projected Images

Identifying People Using Cell Phone Location Data

Microsoft Patch Tuesday, December 2023 Edition

Security Vulnerability of Switzerland’s E-Voting System

China’s Olympics App Is Horribly Insecure

Another 0-Day Looms for Many Western Digital Users

Microsoft Patch Tuesday, August 2020 Edition

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Microsoft Patch Tuesday, February 2023 Edition

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Split-Second Phantom Images Fool Autopilots

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

When Your Used Car is a Little Too ‘Mobile’

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Who and What is Behind the Malware Proxy Service SocksEscort?

Don’t Let Your Domain Name Become a “Sitting Duck”

Microsoft Patch Tuesday, August 2021 Edition

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices

RSAC Fireside Chat: Keeping persistent email threats at bay requires deeper, cloud-layer vigilance

Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets

Zyxel 0day Affects its Firewall Products, Too

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Best Practices Q&A: Guidance about what directors need to hear from CISOs — from a board member

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Stay Connected