April, 2021

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Security Affairs

Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased.

IT 104

FluBot Malware's Rapid Spread May Soon Hit US Phones

Dark Reading

The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam

107
107
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

Troy Hunt

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works.

IT 114

Cofense and StrikeForce Announce Acquisitions

Data Breach Today

Meanwhile, OneTrust Receives Additional Funding Email security provider Cofense and data security firm StrikeForce Technologies both have announced strategic acquisitions this pas week. Meanwhile, data protection firm OneTrust received additional funding

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Experian API Exposed Credit Scores of Most Americans

Krebs on Security

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned.

More Trending

The cybersecurity researcher Dan Kaminsky has died

Security Affairs

The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter.

7 Modern-Day Cybersecurity Realities

Dark Reading

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War

WIRED Threat Level

Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out. Backchannel Security Security / Cyberattacks and Hacks

533 Million Facebook Account Records Posted to Forum

Data Breach Today

Facebook Says Data Comes from Previously Reported 2019 Incident A security researcher found more than 500 million Facebook records made available for free on the darknet, exposing basic user information including any phone numbers associated with accounts.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Krebs on Security

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

The Last Watchdog

Historically, consumers have had to rely on self-discipline to protect themselves online. Related: Privacy war: Apple vs. Facebook. I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual private networks, or VPNs, came along, providing a pretty nifty little tool that any individual could use to deflect invasive online tracking. Consumer-grade VPNs have steadily gained a large following.

B2C 166

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K.

Expect an Increase in Attacks on AI Systems

Dark Reading

Companies are quickly adopting machine learning but not focusing on how to verify systems and produce trustworthy results, new report shows

114
114

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

The FBI Is Now Securing Networks Without Their Owners’ Permission

Schneier on Security

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange.

Biden Seeks to Boost CISA's Budget by $110 Million

Data Breach Today

Additional Money Would Address Range of Cybersecurity Issues President Joe Biden is asking Congress to boost CISA's budget by $110 million in 2021 to allow the agency to address a range of cybersecurity issues following several high-profile incidents that have happened in the past six months

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles.

NEW TECH: DigiCert unveils ‘Automation Manager’ to help issue, secure digital certificates

The Last Watchdog

How do you bring a $9 billion-a-year, digitally-agile corporation to a grinding halt? Related: Why it’s vital to secure IoT. Ask Spotify. When the popular streaming audio service went offline globally, last August, we saw a glimpse of just how tenuous digital transformation sometimes can be. Someone reportedly forgot to renew Spotify’s TLS certificate. The outage lasted about an hour, until the certificate in question got renewed.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature

Security Affairs

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads.

IT 113

Challenging Our Education System to Nurture the Cyber Pipeline

Dark Reading

Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers

Signal Adds a Payments Feature—With Cryptocurrency

WIRED Threat Level

The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals. Security Security / Privacy

Unscripted: 3 Security Leaders Dissect Today's Top Trends

Data Breach Today

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Ubiquiti All But Confirms Breach Response Iniquity

Krebs on Security

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

As digital transformation kicks into high gear, it’s certainly not getting any easier to operate IT systems securely, especially for small- and medium-sized businesses. Related: Business-logic attacks target commercial websites. SMBs are tapping into cloud infrastructure and rich mobile app experiences, making great leaps forward in business agility, the same as large enterprises.

Access 127

Russia-linked APT SVR actively targets these 5 flaws

Security Affairs

The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The U.S.

SOC 2 Attestation Tips for SaaS Companies

Dark Reading

Attestation helps SaaS vendors demonstrate that digital security is a primary focus

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Backdoor Added — But Found — in PHP

Schneier on Security

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits , with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users.

Payment Card Theft Ring Tech Leader Gets 10-Year Sentence

Data Breach Today

Fedir Hladyr of Ukraine Admitted to Working as System Admin for FIN7 A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

Experian’s Credit Freeze Security is Still a Joke

Krebs on Security

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States.