Threatpost The First Stop For Security News
by Tara Seals on July 7, 2020 at 9:01 pm
The Nigerian native has been extradited from Dubai after a string of over-the-top Instagram posts.
by Lindsey O’Donnell on July 7, 2020 at 8:05 pm
Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months.
by Lindsey O’Donnell on July 7, 2020 at 4:27 pm
The Cerberus malware can steal banking credentials, bypass security measures and access text messages.
by Tara Seals on July 7, 2020 at 2:44 pm
Admins should patch their Citrix ADC and Gateway installs immediately.
by Elizabeth Montalbano on July 7, 2020 at 1:25 pm
A campaign discovered by Malwarebytes Labs in mid-April has lifted credentials from a number of e-commerce portals.
WeLiveSecurity News, views, and insight from the ESET security community
by Amer Owaida on July 6, 2020 at 3:08 pm
The Federal Reserve looks at ways to counter what is thought to be the fastest-growing type of financial crime in the country
The post The Fed shares insight on how to combat synthetic identity fraud appeared first on WeLiveSecurity
by Tomáš Foltýn on July 3, 2020 at 3:28 pm
Brute-force attacks against RDP surge – Is contact tracing the answer to ending the COVID-19 crisis? – Microsoft ships urgent security updates
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
by Amer Owaida on July 3, 2020 at 3:06 pm
European police infiltrate EncroChat, go on to crack down on crime kingpins and seize guns, drugs, cars and millions in cash
The post Hundreds arrested after police crack encrypted chat network appeared first on WeLiveSecurity
by Amer Owaida on July 2, 2020 at 2:43 pm
The cybercriminal behind the ransom raids on almost 23,000 databases threatens to leak the data and alert GDPR regulators
The post Thousands of MongoDB databases ransacked, held for ransom appeared first on WeLiveSecurity
by Tomáš Foltýn on July 1, 2020 at 12:06 pm
The out-of-band update plugs two remote code execution bugs in the Windows Codecs library, including one rated as critical
The post Microsoft releases emergency update to fix two serious Windows flaws appeared first on WeLiveSecurity
Hacker News Links for the intellectually curious, ranked by readers.
Never Have I Seen So Much Fake Unemployment and Jobs Data by the Bureau of Labor
on July 8, 2020 at 4:25 am
Yoloface-500k:ultra-light real-time face detection model, 500kb
on July 8, 2020 at 3:00 am
FBI chief says China threatens families to coerce overseas critics to return
on July 8, 2020 at 2:50 am
Scientists warn of potential wave of Covid-linked brain damage
on July 8, 2020 at 2:35 am
on July 8, 2020 at 1:04 am
Krebs on Security In-depth security news and investigation
by BrianKrebs on July 4, 2020 at 10:24 pm
One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online.
A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security’s myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.
by BrianKrebs on July 2, 2020 at 1:10 am
We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.
Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism.
by BrianKrebs on June 30, 2020 at 3:00 pm
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.
by BrianKrebs on June 27, 2020 at 5:27 pm
A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.
by BrianKrebs on June 25, 2020 at 11:52 pm
The U.S. Justice Department today criminally charged a Canadian and a Northern Ireland man for allegedly conspiring to build multiple botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced to drug treatment and 18 months community confinement for his admitted role in the conspiracy.
Dark Reading: Dark Reading: Connecting the Information and Security Community
by Dark Reading Staff on July 7, 2020 at 9:05 pm
Its North American branch was notified of the attack because intruders reportedly gained access to ‘at least some information’ stored in its systems.
by Dark Reading Staff on July 7, 2020 at 7:45 pm
A new advisory from FinCEN helps financial institutions spot illicit activities and actors.
by Jai Vijayan Contributing Writer on July 7, 2020 at 7:15 pm
Court grants company’s bid to shut down infrastructure used in recent campaigns against Office 365 users.
by Robert Lemos Contributing Writer on July 7, 2020 at 7:05 pm
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.
by Kelly Sheridan Staff Editor, Dark Reading on July 7, 2020 at 6:35 pm
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
Schneier on Security A blog covering security and security technology.
IoT Security Principles
by Bruce Schneier on July 7, 2020 at 11:38 am
The BSA — also known as the Software Alliance, formerly the Business Software Alliance (which explains the acronym) — is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things." They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and international policies. Establishing regularly updated…
ThiefQuest Ransomware for the Mac
by Bruce Schneier on July 6, 2020 at 11:43 am
There’s a new ransomware for the Mac called ThiefQuest or EvilQuest. It’s hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It’s a good reminder to get your software from trustworthy sources, like developers whose code is…
Friday Squid Blogging: Strawberry Squid
by Bruce Schneier on July 3, 2020 at 9:07 pm
Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here….
EncroChat Hacked by Police
by Bruce Schneier on July 3, 2020 at 3:39 pm
French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat’s phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm’s…
The Security Value of Inefficiency
by Bruce Schneier on July 2, 2020 at 2:26 pm
For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that’s a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that’s all profitable. Inefficiency, on the other hand, is waste. Extra inventory is inefficient. Overcapacity is inefficient. Using…
Naked Security Computer Security News, Advice and Research
by Paul Ducklin on July 7, 2020 at 2:09 pm
Why hack into a server when you can just send vistors to a fake alternative instead?
by Lisa Vaas on July 7, 2020 at 9:27 am
It’s a short jump from a Rolls Royce ride to extradition from the UAE. Goodbye, Dubai, goodbye, Palazzo Versace, hello, Chicago jail cell.
by Lisa Vaas on July 6, 2020 at 10:33 am
To help end systemic racism, we’ll stay away from an error-prone technology that’s been shown to have racial bias, the city council said.
by Naked Security writer on July 6, 2020 at 9:32 am
Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time.
by Paul Ducklin on July 3, 2020 at 3:05 pm
At the risk of giving you a feeling of déjà vu all over again, it’s time to talk about Facebook hoaxes once more.