April, 2021

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Security Affairs

Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased.

IT 104

FluBot Malware's Rapid Spread May Soon Hit US Phones

Dark Reading

The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam

111
111
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

Troy Hunt

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works.

IT 114

533 Million Facebook Account Records Posted to Forum

Data Breach Today

Facebook Says Data Comes from Previously Reported 2019 Incident A security researcher found more than 500 million Facebook records made available for free on the darknet, exposing basic user information including any phone numbers associated with accounts.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Krebs on Security

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

More Trending

The cybersecurity researcher Dan Kaminsky has died

Security Affairs

The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter.

Expect an Increase in Attacks on AI Systems

Dark Reading

Companies are quickly adopting machine learning but not focusing on how to verify systems and produce trustworthy results, new report shows

114
114

When AIs Start Hacking

Schneier on Security

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth.

Facebook Tries to 'Scrape' Its Way Through Another Breach

Data Breach Today

Social Network Attempts 'Not Hacking' Spin on Theft of 533 Million Users' Details Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped.

IT 267

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

Experian API Exposed Credit Scores of Most Americans

Krebs on Security

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned.

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

As digital transformation kicks into high gear, it’s certainly not getting any easier to operate IT systems securely, especially for small- and medium-sized businesses. Related: Business-logic attacks target commercial websites. SMBs are tapping into cloud infrastructure and rich mobile app experiences, making great leaps forward in business agility, the same as large enterprises.

Access 156

Joker malware infected 538,000 Huawei Android devices

Security Affairs

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store.

7 Modern-Day Cybersecurity Realities

Dark Reading

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

The FBI Is Now Securing Networks Without Their Owners’ Permission

Schneier on Security

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange.

US Pulls Back Curtain on Russian Cyber Operations

Data Breach Today

Foreign Intelligence Service's Techniques, Partners Revealed While the Biden administration is betting that the latest round of sanctions aimed at Russia and its economy will help deter the country's cyber operations, several U.S.

IT 257

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles.

GUEST ESSAY: The missing puzzle piece in DevSecOps — seamless source code protection

The Last Watchdog

We live in a time where technology is advancing rapidly, and digital acceleration is propelling development teams to create web applications at an increasingly faster rhythm. The DevOps workflow has been accompanying the market shift and becoming more efficient every day – but despite those efforts, there was still something being overlooked: application security. Related: ‘Fileless’ attacks on the rise.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Personal data of 1.3 million Clubhouse users leaked online

Security Affairs

An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3

Challenging Our Education System to Nurture the Cyber Pipeline

Dark Reading

Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War

WIRED Threat Level

Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out. Backchannel Security Security / Cyberattacks and Hacks

A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook

Data Breach Today

Confusion Over Hacking, Scraping and Amassing Highlights Data Lockdown Imperative Criminals love to amass and sell vast quantities of user data, but not all such data sets necessarily pose a fresh risk to users.

Risk 247

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Ubiquiti All But Confirms Breach Response Iniquity

Krebs on Security

NEW TECH: DigiCert unveils ‘Automation Manager’ to help issue, secure digital certificates

The Last Watchdog

How do you bring a $9 billion-a-year, digitally-agile corporation to a grinding halt? Related: Why it’s vital to secure IoT. Ask Spotify. When the popular streaming audio service went offline globally, last August, we saw a glimpse of just how tenuous digital transformation sometimes can be. Someone reportedly forgot to renew Spotify’s TLS certificate. The outage lasted about an hour, until the certificate in question got renewed.

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques.

Mining 109

Password Manager Suffers 'Supply Chain' Attack

Dark Reading

A software update to Click Studios' Passwordstate password manager contained malware

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Signal Adds Cryptocurrency Support

Schneier on Security

According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.”

Texas Man Charged With Planning to Bomb AWS Data Center

Data Breach Today

DOJ: Suspect Believed He Could Disrupt 70% of Internet Traffic A Texas man is facing a federal charge after he allegedly tried to buy explosives from an undercover FBI agent to bomb an AWS data center in Virginia, according to the Justice Department.

246
246

Experian’s Credit Freeze Security is Still a Joke

Krebs on Security

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States.