February, 2020

NextMotion plastic surgery tech firm data leak

Security Affairs

Photos and personal information belonging to patients of the NextMotion plastic surgery tech firm have been exposed online through an unsecured S3 bucket.

WiFi: A New Way to Spread Emotet Malware

Data Breach Today

Researchers Say Trojan's Developers Devising Ways to Spread Trojan to More Devices Security researchers have found that the developers of the Emotet Trojan have created a new way to spread it to more victims - attackers are using unsecured WiFi networks as a way to deliver the malware to more devices.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How a Hacker's Mom Broke Into a Prison—and the Warden's Computer

WIRED Threat Level

Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother. Security Security / Cyberattacks and Hacks

How AI Is Tracking the Coronavirus Outbreak

WIRED Threat Level

Machine-learning programs are analyzing websites, news reports, and social media posts for signs of symptoms, such as fever or breathing problems. . Business Business / Artificial Intelligence Security

BEC Group Favors G-Suite, Physical Checks: Report

Data Breach Today

Agari Says 'Exaggerated Lion' Has Targeted Businesses Throughout US A business email compromise group targeting U.S. businesses is using G-Suite for their scams and collecting money through physical checks instead of wire transfers, according to the security firm Agari

44% of Security Threats Start in the Cloud

Dark Reading

Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud

Cloud 87

More Trending

MGM Data Breach Affects Over 10 Million Customers

Adam Levin

The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year.

6 Truths About Disinformation Campaigns

Dark Reading

Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know

Ransomware Attacks Growing More Targeted and Professional

Data Breach Today

McAfee's John Fokker Charts the Increasingly Advanced Cybercrime Service Economy Ransomware-wielding attackers - aided by a service economy that gives them access to more advanced attack tools - are increasingly targeting organizations rather than individuals to shake them down for bigger ransom payoffs, says McAfee's John Fokker.

Hackers Were Inside Citrix for Five Months

Krebs on Security

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents.

Lawsuit Claims HIV Data Exposed in Leak

Data Breach Today

Legal Action Stems From Misconfigured Database at UW Medicine A lawsuit seeking class action status filed against UW Medicine in the wake of a data leak incident has been amended to reflect that at least one HIV patient allegedly had their data exposed.

New Mexico Sues Google Over Children's Privacy

Data Breach Today

State Alleges Data About Young Students Is Illegally Collected New Mexico is suing Google, alleging the company violates a federal child privacy law by collecting the personal data of students younger than age 13 without their parents' consent.

Plastic Surgery Database Exposed: Researchers

Data Breach Today

French Technology Firm's Database Was Unprotected, Report Says An unsecured database belonging to a French technology firm that supplies video and digital equipment to plastic surgery and determatology clinics exposed content on 900,000 patients, according to a report from two independent security researchers.

Olympics Could Face Disruption from Regional Powers

Dark Reading

Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say

110
110

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.”

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

Krebs on Security

The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data.

Russia Doesn't Want Bernie Sanders. It Wants Chaos

WIRED Threat Level

The point of Kremlin interference has always been to find democracy’s loose seams, and pull. Security Security / National Security

IT 114

2020 Oscar Nominees Used to Spread Malware

Adam Levin

Online scammers are using the 2020 Oscars to spread malware. A recent study released by Kaspersky Labs uncovered several hacking and phishing campaigns promising their targets free and early access to Best Picture nominees for this year’s Academy Awards.

Defense Department Agency Reports Data Breach

Data Breach Today

Defense Information Systems Agency Has a Security Mission A U.S.

New Trickbot Delivery Method Focuses on Windows 10

Dark Reading

Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10

112
112

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol.

Dangerous Domain Corp.com Goes Up for Sale

Krebs on Security

As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com.

Sales 257

Signal Is Finally Bringing Its Secure Messaging to the Masses

WIRED Threat Level

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream. Security Security / Security News

Joker malware still able to bypass Google Play Store checks

Security Affairs

The infamous Joker malware has found a way to bypass the security checks to be published in the official Play Store, new clicker was found by experts.

Report: Iowa Caucus App Vulnerable to Hacking

Data Breach Today

Veracode Finds Insecure Data Transmission, ProPublica Reports A review of the mobile app that malfunctioned during Iowa's critical tally of the Democratic Party's caucus has uncovered a security vulnerability, ProPublica reports.

10 Tough Questions CEOs Are Asking CISOs

Dark Reading

CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

The Last Watchdog

When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program.

China's Hacking Spree Will Have a Decades-Long Fallout

WIRED Threat Level

Equifax. Anthem. Marriott. The data that China has amassed about US citizens will power its intelligence activities for a generation. Security Security / National Security

IT 113

Google removed nearly 600 apps from the Play Store for ad policy violation

Security Affairs

Google announced to have removed nearly 600 Android apps in the official Play Store that were violating two ad-related policies.

Access 112

FBI: BEC Losses Totaled $1.7 Billion in 2019

Data Breach Today

Business Email Compromises Accounted for Nearly Half of Cybercrime Losses Last Year Cybercrime led to $3.5 billion in losses in the U.S.

259
259

Coronavirus Raises New Business Continuity, Phishing Challenges for InfoSec

Dark Reading

What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

The Last Watchdog

Just five years ago, the Public Key Infrastructure, or PKI , was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI.

Booter Boss Busted By Bacon Pizza Buy

Krebs on Security

A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today.