Sat.Jul 04, 2020 - Fri.Jul 10, 2020

Ransomware + Exfiltration + Leaks = Data Breach

Data Breach Today

Data-Leaking Extortionists' Revised Playbook Goes Way Beyond Ransomware Ransomware-wielding attackers continue to pummel organizations.

Half a Million IoT Passwords Leaked

Schneier on Security

It is amazing that this sort of thing can still happen: the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet?

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Traffic Analysis of Home Security Cameras

Schneier on Security

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread.

Cloud 86

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you.

CISA warns organizations of cyberattacks from the Tor network

Security Affairs

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about cyberattacks from the Tor network.

Risk 113

Fight Phishing with Intention

Dark Reading

Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them

More Trending

Employee Surveillance: Who's the Boss(ware)?

Data Breach Today

Pandemic Drives Increased Adoption of Workplace Monitoring Tools With so many employees working from home during the COVID-19 pandemic, vendors of time-tracking and productivity-monitoring software report surging interest in their wares.

NASA Still Struggling With Agency-Wide Cybersecurity Program

Data Breach Today

IG Report Finds Agency's Infrastructure Remains Tempting Target for Hackers A recent Inspector General's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3 billion on IT, networking and security technology in 2019.

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

WIRED Threat Level

For companies that haven't patched their BIG-IP products, it may already be too late. Security Security / Cyberattacks and Hacks

IT 93

Google Tsunami vulnerability scanner is now open-source

Security Affairs

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami.

Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition

Dark Reading

For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived

Malware Found Pre-Installed on Low-Cost Android Smartphones

Data Breach Today

Phones Sold Through US Government-Subsidized Program For the second time this year, security researchers have found malware embedded in low-cost Android smartphones distributed through a U.S. government program, security firm Malwarebytes reports

Enterprise Architect Salary: What to Expect and Why

erwin

Enterprise architecture plays a key role in the modern enterprise, so the average enterprise architect salary reflects the demand. In this post: Average Salary for an Enterprise Architect. What Does an Enterprise Architect Do? Enterprise Architect Salary Expectations.

15 billion credentials available in the cybercrime marketplaces

Security Affairs

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts.

As Offices Reopen, Hardware from Home Threatens Security

Dark Reading

Devices out of sight for the past several months could spell trouble when employees bring them back to work

5 Billion Unique Credentials Circulating on Darknet

Data Breach Today

Bank Account Credentials Sell for an Average of $71, Report Finds Five billion unique user credentials are circulating on darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks, according to the security firm Digital Shadows.

Access 248

2020 Likely To Break Records for Breaches

Adam Levin

2020 is on the path to becoming a record-breaking year for data breaches and compromised personal data. A recent article released by cybersecurity and antivirus firm Bitdefender shows that 8.4 billion records have already been exposed, and that’s only accounting for the first quarter of 2020.

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

Security Affairs

Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability.

UK cyber crime rate has doubled in the past five years

IT Governance

The number of UK businesses that have suffered cyber attacks has doubled in the past five years, according to a new report. Beaming’s Five Years in Cyber Security found that 1.5 million organisations fell victim to cyber crime in 2019.

Health Data Breach Trends: A Mid-Year Assessment

Data Breach Today

Biggest Incidents Have a Wide Variety of Causes What major health data breach trends emerged in the first half of 2020? Here's a rundown of the latest statistics - plus an analysis by experts

iKure + IBM: Trusted data brings resilience to rural communities

IBM Big Data Hub

Follow @IBMAnalytics. It could be said there’s really no wealth but health itself, but in rural India, some 840 million people are challenged by obtaining the healthcare they need. For the average citizen, just getting to a medical appointment might require a day-long journey.

IT 91

Cisco Talos discloses technicals details of Chrome, Firefox flaws

Security Affairs

Cisco’s Talos experts disclosed the details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers. Researchers from Cisco Talos disclosed technical details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers.

Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure

Dark Reading

The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability

Mac Malware Primarily Infostealer, Not Ransomware

Data Breach Today

Encryption-Busting EARN IT Act Advances in Senate

WIRED Threat Level

Plus: A massive crime bust in Europe, a warning from US Cyber Command, and more of the week's top security news. Security Security / Security News

Try2Cry ransomware implements wormable capability to infect other Windows systems

Security Affairs

A new piece of ransomware dubbed Try2Cry leverages infected USB flash drives and Windows shortcuts (LNK files) to infect other Windows systems. A new ransomware dubbed Try2Cry implements wormable capabilities to infect other Windows systems by using USB flash drives or Windows shortcuts (LNK files).

US Charges Kazakhstani Citizen With Hacking Into More Than 300 Orgs

Dark Reading

The accused man, and members of his cybercriminal group, allegedly made at least $1.5 million hacking into companies and selling access to systems over the past three years

Lawsuits After Ransomware Incidents: The Trend Continues

Data Breach Today

In Latest Case, Florida Practice Sued for Damages, and Security Mandates Sought A lawsuit seeking damages as well as security mandates has been filed against a Florida-based orthopedic group in the wake of a ransomware incident.

Russian Hackers Targeting Remote Workers

Adam Levin

A Russia-based hacking group is exploiting the current Covid-19 pandemic to target and compromise U.S. companies with multiple strains of malware, according to a new report.

Project Freta, a free service that allows finding malware in OS memory snapshots

Security Affairs

Microsoft launched Project Freta, a free service that allows users to find malware, including rootkit, in operating system memory snapshots. Microsoft has unveiled a new project, dubbed Project Freta , for the discovery of malicious code in operating system memory snapshots.

Cloud 99

How to Assess More Sophisticated IoT Threats

Dark Reading

Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis

IoT 87

Zoom-Themed Phishing Campaign Targets Office 365 Credentials

Data Breach Today

Fraudsters Using Fake Account Alerts to Steal Microsoft Credentials A recently uncovered phishing campaign is using spoofed Zoom account alerts to steal Microsoft Office 365 credentials, according to a report from Abnormal Security.

What Ventana says about the future of finance and analytics

IBM Big Data Hub

Follow @IBMAnalytics. Ventana Research is a leading benchmark research and advisory services organization, providing some of the most comprehensive analyst and research coverage for business

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States.