Sat.Jun 27, 2020 - Fri.Jul 03, 2020

COVID-19 ‘Breach Bubble’ Waiting to Pop?

Krebs on Security

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants.

Sales 172

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Security Value of Inefficiency

Schneier on Security

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that's all profitable.

US Cyber Command Alert: Patch Palo Alto Networks Products

Data Breach Today

Critical' Authentication Bypass Risk Posed by Easy-to-Exploit PAN-OS Software Flaw Palo Alto Networks product alert: All users should immediately patch a "critical" flaw in Pan-OS that can be remotely exploited to bypass authentication and take full control of systems or gain access to networks, U.S.

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

Researchers revealed that the number of daily brute-force attacks on Windows RDP has doubled during the pandemic lockdown. Security experts from ESET revealed that the number of daily brute-force attacks on Windows RDP has doubled during the COVID-19 lockdown.

Sustaining Performance Under Extreme Stress

Troy Hunt

I started writing this blog post alone in a hotel room in Budapest last September. It was at the absolute zenith of stress; a time when I had never been under as much pressure as I was right at that moment.

Sales 113

More Trending

University of California SF Pays Ransom After Medical Servers Hit

Dark Reading

As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine

IT 101

POS Malware Using DNS to Steal Payment Card Data

Data Breach Today

Researchers: Revamped Alina Trojan Targeting Windows-Based Devices Fraudsters are using a revamped version of the Alina Trojan to target Windows-based POS devices to steal payment card data, according to Century Link's Black Lotus Labs.

211
211

Refreshing Insights for Modern COBOL

Micro Focus

Introduction In its seventh decade, COBOL’s heritage is legendary. This month sees yet another stride forward in COBOL innovation, with the latest release of the Micro Focus Visual COBOL and Enterprise product sets. But what of its practitioners? Where is the investment?

IT 114

The Worst Hacks and Breaches of 2020 So Far

WIRED Threat Level

Iran, China, Russia—the gang was all here in the first half of this year. Oh, and also an unprecedented pandemic that’s been a boon for hackers. Security Security / Cyberattacks and Hacks

List of data breaches and cyber attacks in June 2020 ­– 7 billion records breached

IT Governance

The first half of 2020 ended on a familiarly bad note, with 92 security incidents accounting for at least 7,021,195,399 breached records.

It's Official: CCPA Enforcement Begins

Data Breach Today

Move Comes Despite Lack of Final Version of Sweeping Data Protection Law Enforcement of the California Consumer Privacy Act officially began Wednesday despite the lack of a final, codified version of the regulation. Experts weigh in on compliance steps organizations should take

IT 207

iPhone Apps Stealing Clipboard Data

Schneier on Security

iOS apps are repeatedly reading clipboard data , which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14.

IT 106

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack.

New Mac Ransomware Is Even More Sinister Than It Appears

WIRED Threat Level

The malware known as ThiefQuest or EvilQuest also has spyware capabilities that allow it to grab passwords and credit card numbers. Security Security / Cyberattacks and Hacks Security / Security News

Operators Behind Valak Malware Expand Malicious Campaign

Data Breach Today

Financial, Manufacturing, Healthcare and Insurance Firms Victimized The operators behind the Valak malware strain have expanded their malicious campaigns to other parts of the world, targeting financial, manufacturing, healthcare and insurance firms, according to Cisco Talos.

Hacked by Police

Schneier on Security

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents.

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products.

Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn

Dark Reading

After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it

IT 100

Brute-Force Attacks Targeting RDP on the Rise

Data Breach Today

ESET Researchers: Attacks Open the Door to Launching Ransomware, Planting Cryptominers Since the start of the COVID-19 pandemic, the number of brute-force attacks targeting RDP connections has steadily increased, spiking to 100,000 incidents per day in April and May, according to the security firm ESET.

Rikke Jacobsen: Helping Danish companies build solid analytics foundations and prepare for change

IBM Big Data Hub

Follow @IBMAnalytics. This story is part of Analytics Heroes, a series of profiles on leaders transforming the future of business analytics

Alleged cyber attacks caused fire and explosions at nuclear and military facilities in Iran

Security Affairs

The root cause of a series of explosions at important facilities in Iran may be cyberattacks allegedly launched by Israel. A recent sequence of fires and explosions at important Iranian facilities may have been caused by cyber attacks as part of an operation conducted by Israel.

Profile of the Post-Pandemic CISO

Dark Reading

Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath

FakeSpy Android Malware Disguised as Postal Service Messages

Data Breach Today

Researchers: Attackers Use SMS Phishing Messages to Spread Info Stealer The operators behind an updated version of the FakeSpy malware are targeting Android devices using SMS phishing messages to spread the info stealer, according to Cybereason.

Marketers: Your Role In Social Discourse Is Critical

John Battelle's Searchblog

How Brands Can Fix the Relationship Between Platforms, Audiences, and Media Companies (Hint: It’s Not a Boycott). Second of a series. The first post reviews the media and platform ecosystem, and laments the role brand marketers have played in its demise.) .

A threat actor is selling databases stolen from 14 companies

Security Affairs

A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020.

Sales 96

Android Apps Stealing Facebook Credentials

Schneier on Security

Google has removed 25 Android apps from its store because they steal Facebook credentials : Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times.

Detecting Network Security Incidents

Data Breach Today

ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents

Another COVID-19 Side Effect: Rising Nation-State Cyber Activity

Dark Reading

While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs

New EvilQuest ransomware targets macOS users

Security Affairs

Experts discovered a new ransomware dubbed EvilQuest designed to target macOS systems, it also installs a keylogger and a reverse shell to take over them.

Schools Already Struggled With Cybersecurity. Then Came Covid-19

WIRED Threat Level

A lack of dedicated funding and resources made it hard to keep data secure—and that was before classes moved almost entirely online. Security Security / Cyberattacks and Hacks

UCSF Med School Pays $1.1 Million Ransom

Data Breach Today

After Ransomware Attack, School Cites Need to Restore Data Related to 'Academic Work' The University of California San Francisco says it paid a $1.14 million ransom earlier this month to obtain decryptor keys to unlock several servers within its school of medicine that were struck with ransomware

DHS Shares Data on Top Cyberthreats to Federal Agencies

Dark Reading

Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN

France Télévisions group hit by a cyber attack, its antennas were not impacted

Security Affairs

The France Télévisions group announced yesterday that it was hit by a cyber attack, targeting one of its broadcasting sites. The France Télévisions group announced Friday that it was the victim of a cyber attack that targeted one of its broadcasting sites.

IT 97