Friday, June 5, 2020
Internet Storm Center Infocon Status


The Register

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise

That's Systems Operating Centre to you. Chuffed with that, says Royal Signals brigadier The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a...
Security Weekly

IP in IP Vulns, Anonymous Returns, & Deep Fakes – Wrap Up – SWN #40

Show news, Anonymous Returns, Deep Fakes and Deep Fake Hunters, IP in IP hacks, and IPv6.   Show Notes: Visit for all the latest episodes!   Follow us on Twitter: Like us on Facebook:

Unpatched Microsoft Systems Vulnerable to CVE-2020-0796

Original release date: June 5, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March...

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...
The Register

Kind of goes without saying, but fix your admin passwords or risk getting borged by this brute-forcing botnet

Publishing platforms, hosts being targeted by Stealthworker malware Servers are being targeted with a malware attack that uses its infected hosts to brute-force other machines.…

QNAP NAS devices targeted in another wave of ransomware attacks

eCh0raix ransomware gang returns with a new wave of attacks against QNAP NAS devices.

Name That Toon: Sign of the Tides

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

North Dakota Contact Tracing App Ends Data Share with Foursquare

North Dakota Contact Tracing App Ends Data Share with Foursquare The operators of a North Dakota contact tracing app have had a rethink when it comes to sharing users' data with third-party services.  Care19 was created by ProudCrowd LLC to track the...

Local, State Governments Face Cybersecurity Crisis

Ransomware hit small government organizations hard in 2019. Now they have to deal with budget cuts, pandemic precautions, social unrest, and the coming election cycle.

IBM Releases Open Source Toolkits for Processing Data While Encrypted

IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted. read more
The Register

UK govt publishes contracts granting Amazon, Microsoft, Google and AI firms access to COVID-19 health data

Questions linger over involvement of biz linked to Dominic Cummings and Vote Leave campaign UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days...

Florida Student Discovers Flaws in Leading Doorbell Security Cameras

Florida Student Discovers Flaws in Leading Doorbell Security Cameras "Systematic design flaws" have been discovered in leading internet-connected doorbell and security cameras by a Florida Institute of Technology student. Blake Janes unearthed vulnerabilities in devices manufactured by Ring, Nest, SimpliSafe,...

Forget Google—Huawei Surprises Millions Of Users With Radical New Update

It may not have Google, but Huawei has just surprised the world with the ultimate phone for its times.

Botnet blasts WordPress sites with configuration download attacks

A million sites attacked by 20,000 different computers.

Maine Community College Becomes First in State to Offer Cybersecurity Program

Maine Community College Becomes First in State to Offer Cybersecurity Program Maine residents hoping to pursue a career in cybersecurity will finally be able to study the subject at community college. Starting in fall 2020, Northern Maine Community College (NMCC) will...

The Privacy & Security Outlook for Businesses Post-COVID-19

Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.

RiskIQ Raises $15 Million to Help Focus on Critical Industries

San Francisco, CA-based attack surface management firm RiskIQ has raised $15 million in a Series D funding round led by National Grid Partners (NGP). NGP is the venture and innovation arm of the British multinational utility company National Grid...

Russia Angrily Denies German Allegations on 2015 Cyberattack

The Russian Foreign Ministry on Thursday angrily rejected Germany’s allegations over Russian intelligence involvement in a cyberattack against the German parliament. read more

Signal Adds Face Blurring Tool to Protect User Privacy

Privacy-focused communications application Signal this week announced a new feature meant to enhance user privacy amid social turmoil in the United States: a blur tool. read more

Second Stimulus Payment: 35 Could Matter More Than $1,200 Or $2,000

There are smaller numbers to worry about than 1,200 or 2,000 when it comes to a second stimulus check. Numbers like 35.

HyperBeard Fined $150K for Allegedly Collecting Children’s Data Illegally

The U.S. Federal Trade Commission (FTC) fined app developer HyperBeard $150,000 for allegedly collecting children’s data in an unlawful way. On June 4, the FTC announced that HyperBeard had agreed to pay a fine of $150,000 and to delete...

Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights

A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city’s traffic lights. read more
SC Magazine

Achieving an audacious goal by treating cybersecurity like a science

When humans discovered and learned to ‘obey’ the laws of physics and chemistry, we began to thrive in our world.  It enabled us to make fire, build machines much stronger than ourselves, to cure diseases, to fly. What will it...


Bruce Schneier

New Research: "Privacy Threats in Intimate Relationships"

I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships,...

Weekly Update 194

Cybersecurity Blogger Awards; HIBP Wiped a Ticketing System with a SQLi Email; The MPD “Hack” (that wasn’t); The “Lead Hunter” Breach; Sponsored by NordVPN
Graham Cluley

Goodbye Naked Security?

The Naked Security blog is part of my history. Now, as Sophos makes cut-backs, it might be history for all of us.
Graham Cluley

The scammer who tried to launder over $500,000 through Business Email Compromise

A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies, including Electrolux, out of hundreds of thousands of dollars. Read more in my article on the Tripwire...
Bruce Schneier

Zoom’s Commitment to User Security Depends on Whether you Pay It or Not

Zoom was doing so well.... And now we have this: Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third...