Sat.Jul 18, 2020 - Fri.Jul 24, 2020

Twitter Hacking for Profit and the LoLs

Krebs on Security

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter.

Mining 223

Rise of the Robots: How You Should Secure RPA

Dark Reading

Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to Check Your Devices for Stalkerware

WIRED Threat Level

You deserve privacy. Here's how to check your phone, laptop, and online accounts to make sure no one's looking over your shoulder. Security Security / Privacy Security / Security Advice

NSA, CISA Warn of Threats to US Critical Infrastructure

Data Breach Today

Remote Access by Decentralized Workforce Creates Risks The NSA and CISA issued a joint warning that U.S. critical infrastructure is increasingly becoming a hacking target and organizations need to guard against attacks.

Risk 236

Thinking of a Cybersecurity Career? Read This

Krebs on Security

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills.

ROUNDTABLE: What’s next, now that we know V.I.P Twitter users can so easily be spoofed?

The Last Watchdog

Judging from the criminals’ meager pay day, the high-profile hack of Twitter , disclosed last week, was nothing much. Related: Study shows disinformation runs rampant on Twitter The hackers insinuated their way deep into Twitter’s internal system. They were able to get into a position from which they could access some 350 million Twitter accounts, including numerous accounts of the rich and famous.

More Trending

Emotet Botnet Returns After Months-Long Hiatus

Data Breach Today

Security Researchers Detect New Spam Campaigns in US and UK After a nearly six-month hiatus, the Emotet botnet has sprung back to life with a spam campaign targeting the U.S. and U.K., according to multiple security research reports.

NY Charges First American Financial for Massive Data Leak

Krebs on Security

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003.

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Last Watchdog

Cloud migration, obviously, is here to stay. Related: Threat actors add ‘human touch’ to hacks To be sure, enterprises continue to rely heavily on their legacy, on-premises datacenters. But there’s no doubt that the exodus to a much greater dependency on hybrid cloud and multi-cloud resources – Infrastructure-as-a-Service ( IaaS ) and Platforms-as-a-Service ( PaaS ) – is in full swing.

Cloud 123

Twitter Cracks Down on QAnon. Your Move, Facebook

WIRED Threat Level

Twitter's new policy won't make the conspiracy group disappear. But experts say it could dramatically reduce its ability to spread. Security Security / National Security

IT 110

DOJ: Chinese Hackers Targeted COVID-19 Vaccine Research

Data Breach Today

2 Indicted for Theft of a Broad Range of Intellectual Property in US and Elsewhere The U.S. Department of Justice has charged two Chinese nationals with hacking into the systems of hundreds of organizations in the U.S. and abroad.

236
236

Email Security Features Fail to Prevent Phishable 'From' Addresses

Dark Reading

The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers

Garmin shut down its services after an alleged ransomware attack

Security Affairs

Smartwatch and wearable device maker Garmin had to shut down some of its connected services and call centers following a ransomware attack.

Hacking a Power Supply

Schneier on Security

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers.).

Paper 96

Garmin Tight-Lipped About Cause of Outage

Data Breach Today

Some Employees Reportedly Say Ransomware Likely Involved Garmin has not yet announced what caused an outage of its Garmin Connect fitness tracking service as well as its website. But some employees reportedly are attributing the outage to ransomware

A Hidden Risk for Domestic Violence Victims: Family Phone Plans

WIRED Threat Level

Abusers can use shared accounts to stalk and harass victims, and plans aren’t always easy to escape. Security Security / Privacy

Risk 91

REVil ransomware infected 18,000 computers at Telecom Argentina

Security Affairs

Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend. Telecom Argentina , one of the largest internet service providers in Argentina, was hit by a ransomware attack.

Update on NIST's Post-Quantum Cryptography Program

Schneier on Security

China-Backed APT Group Reportedly Targets India, Hong Kong

Data Breach Today

Researchers: Recently Uncovered Hacking Group Has Been Operating Since 2014 An hacking group that appears to have ties to the government of China has been targeting victims in India and Hong Kong, according to the security firm Malwarebytes

Internet Scan Shows Decline in Insecure Network Services

Dark Reading

While telnet, rsync, and SMB, exposure surprisingly have dropped, proper patching and encryption adoption remain weak worldwide

Spanish state-owned railway infrastructure manager ADIF infected with ransomware

Security Affairs

ADIF, a Spanish state-owned railway infrastructure manager under the responsibility of the Ministry of Development, was hit by REVil ransomware operators.

Fawkes: Digital Image Cloaking

Schneier on Security

Fawkes is a system for manipulating digital images so that they aren't recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking.

Paper 85

Twitter Hijackers Used Well-Honed Fraudster Playbook

Data Breach Today

Customer Service Representatives Have Long Been Targeted for Account Takeovers The hijacking of 130 Twitter accounts last week is extraordinary in perhaps one particular aspect: Why didn't it happen sooner?

IT 208

DDoS Botnets Are Entrenched in Asia & Amplification Attacks Set Records

Dark Reading

China, Vietnam, and Taiwan are top sources of DDoS botnet activity, but the top data floods use a variety of amplification attacks, a report finds

88

Diebold Nixdorf warns of a wave of ATM black box attacks across Europe

Security Affairs

ATM maker Diebold Nixdorf is warning banks a new ATM black box attack technique that was recently employed in cyber thefts in Europe. Black box attacks are a type of jackpotting attack aimed at forcing an ATM to dispense the cash by sending a command through a “black box” device.

This Simple Hack Could Tank Your Business

Adam Levin

Cyberattacks are constantly getting more sophisticated.

Battling ID Fraud With Behavioral Biometrics

Data Breach Today

Javelin's John Buzzard on Spotting Patterns of Fraud Continuous authentication can play a key role in combating fraud, says John Buzzard, lead fraud and security analyst at Javelin Strategy and Research, who discusses the role of behavioral biometrics

North Korea's Lazarus Group Developing Cross-Platform Malware Framework

Dark Reading

The APT group, known for its attack on Sony Pictures in 2014, has created an "advanced malware framework" that can launch and manage attacks against systems running Windows, MacOS, and Linux

IT 86

Tedrade banking malware families target users worldwide

Security Affairs

The Tetrade term coined by Kaspersky experts to refer four large banking trojan families developed and spread by Brazilian crooks worldwide.

Fraudster tried to steal football club’s £1 million transfer fee

IT Governance

An unnamed Premier League team nearly faced disaster this season when a cyber criminal attempted to steal a £1 million transfer fee. The fraudster hacked the email account of the club’s managing director during a transfer negotiation, and was trying to reroute the payment before the bank intervened.

First American Title Insurance Co. Faces Charges in NY

Data Breach Today

Company Could Be Fined $1,000 for Each Violation of State Cybersecurity Law The New York State Department of Financial Services has filed civil charges against First American Title Insurance Co.,

Twilio Security Incident Shows Danger of Misconfigured S3 Buckets

Dark Reading

Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers

Cloud 85

US agencies offer $2M in reward for Ukrainian hackers that breached the SEC

Security Affairs

The US State Department and Secret Service offered $2 million in reward money for help capturing two Ukrainian SEC hackers.

Common Problems with Content Migrations

AIIM

The international standard on records management, ISO 15489 defines migration as the: "Act of moving records from one system to another, while maintaining the records' authenticity, integrity, reliability, and usability.". But, migration is much broader than just records.