June, 2020

What Will Cybersecurity's 'New Normal' Look Like?

Dark Reading

The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward

How Covid-19 Contact Tracing Works on Your Phone

WIRED Threat Level

Developers are working on track-and-trace systems to keep infection levels low. The apps aren't here yet, but here's what they do—and how you can enable them. Gear Gear / How To and Advice Security

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Attackers Target Vulnerable Exchange Servers

Data Breach Today

Microsoft Urges Patching, Other Mitigation Steps Microsoft is warning its customers that attackers are increasingly targeting unpatched Exchange servers, with a significant uptick in activity since April

IT 210

Anonymous Stole and Leaked a Megatrove of Police Documents

WIRED Threat Level

The so-called BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies. Security Security / Cyberattacks and Hacks

City Pays Ransom Despite Pre-Ransomware Outbreak Hack Alert

Data Breach Today

DoppelPaymer Hit Comes as Ransomware Attacks - and Data-Leaking Shakedowns - Surge The attack sounds ripped from an episode of TV show "24": Hackers have infiltrated a government network, and they're days away from unleashing ransomware.

Google Removes More Than 70 Malicious Chrome Extensions

Data Breach Today

Researchers Find Extensions Could Steal Credentials and Security Tokens Google has removed more than 70 malicious Chrome extensions after researchers with security firm Awake Security discovered the extensions could be used to steal users' credentials and security tokens

More Trending

How to keep your remote work team together

OpenText Information Management

Remote work teams around the world are showing that despite today’s extraordinary circumstances, we can still churn out hearty levels of productivity. But it’s challenging.

IT 90

7 Ransomware Trends: Gangs Join Forces, Decryptors Improve

Data Breach Today

Can't Stop the Crypto-Locking Malware Attacks? Criminals Keep Hitting Big Targets Ransomware gangs continue to innovate: Recently, reports have emerged of collaboration between the Maze and Lockbit gangs, and REvil not just leaking stolen data for free, but auctioning it off to the highest bidder.

Turn on MFA Before Crooks Do It For You

Krebs on Security

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen.

IT 249

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted.

Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Dark Reading

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them

Even Ethical Hackers Abuse Cloud Services

Data Breach Today

Cloud 239

Facebook and Twitter Want to Keep the Justice System Skewed Against Defendants

WIRED Threat Level

Their CEOs have pledged support for reform amid the George Floyd protests—while their lawyers are fighting to preserve law enforcement’s advantage in court. Security Security / Privacy

Delivery Hero Confirms Foodora Data Breach

Data Breach Today

Personal Details on 727,000 Accounts in 14 Countries Leaked Delivery Hero, the online food delivery service, has confirmed a data breach of its Foodora brand.

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Krebs on Security

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week.

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

The Last Watchdog

Parents have long held a special duty to protect their school-aged children from bad actors on the Internet.

Bank Card "Master Key" Stolen

Schneier on Security

South Africa's Postbank experienced a catastrophic security failure. The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards.

Google is indexing the phone numbers of WhatsApp users raising privacy concerns

Security Affairs

A researcher is warning that Google is indexing the phone numbers of WhatsApp users raising serious privacy concerns. Google is indexing the phone numbers of WhatsApp users that could be abused by threat actors for malicious activities.

Spies Can Eavesdrop by Watching a Light Bulb's Vibrations

WIRED Threat Level

The so-called lamphone technique allows for real-time listening in on a room that's hundreds of feet away. Security Security / Cyberattacks and Hacks

Nephilim Ransomware Gang Tied to Citrix Gateway Hacks

Data Breach Today

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware.

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress.

Hosting Provider Hit With Largest-Ever DDoS Attack

Dark Reading

Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai

111
111

AWS mitigated largest DDoS attack ever of 2.3 Tbps

Security Affairs

AWS announced it has mitigated a 2.3 Tbps DDoS attack, the largest ever, which surpassed the previous record of 1.7 Tbps that took place in March 2018. Amazon announced it has mitigated the largest ever DDoS attack of 2.3 Tbps, the news is surprising if we consider that the previous record was of 1.7

Access 111

?Nonlethal? Anti-Protest Weapons Can Cause Serious Harm

WIRED Threat Level

Rubber bullets and tear gas are billed as relatively safe. They're anything but. Security Security / Security News

7 Ransomware Trends: Gangs Join Forces, Auction Stolen Data

Data Breach Today

Can't Stop the Crypto-Locking Malware Attacks? Criminals Keep Hitting Big Targets Ransomware gangs keep innovating: Maze has begun leaking data on behalf of both Lockbit and RagnarLocker, while REvil has started auctioning data - from victims who don't meet its ransom demands - to the highest bidder.

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

Krebs on Security

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.

IT 240

NEW TECH: Cequence Security’s new ‘API Sentinel’ helps identify, mitigate API exposures

The Last Watchdog

Application Programming Interfaces – APIs. Without them digital transformation would never have gotten off the ground. Related: Defending botnet-driven business logic hacks APIs made possible the astounding cloud, mobile and IoT services we have today. This happened, at a fundamental level, by freeing up software developers to innovate on the fly. APIs have exploded in enterprise use over the past several years.

COVID-19 Risks of Flying

Schneier on Security

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer than any other time in my adult life -- and I have no future flights scheduled.

Risk 109

Maze Ransomware leaks files of ST Engineering group

Security Affairs

ST Engineering is the last victim of the Maze Ransomware operators that published their data on their leak website. ST Engineering is one of the leading engineering groups worldwide, it specializes in the aerospace, electronics, land systems, and marine sectors.

New 'Tycoon' Ransomware Strain Targets Windows, Linux

Dark Reading

Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before

'Anonymous' Leak of Minneapolis Police Data Is a Hoax

Data Breach Today

Hacktivism or Disinformation? Whoever Leaked the Data, It's Culled From Old Breaches Not all data breaches are what they might seem, and not all leakers are who they might claim to be.

Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion

Krebs on Security

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2

Paper 242

Honda Hit By Possible Ransomware Attack

Adam Levin

Japanese automotive manufacturer Honda is investigating a possible ransomware attack that has caused company-wide network outages.