Trending Now
LATEST
British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise
That's Systems Operating Centre to you. Chuffed with that, says Royal Signals brigadier The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a...
IP in IP Vulns, Anonymous Returns, & Deep Fakes – Wrap Up – SWN #40
Show news, Anonymous Returns, Deep Fakes and Deep Fake Hunters, IP in IP hacks, and IPv6. Show Notes: https://wiki.securityweekly.com/SWNEpisode40 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Unpatched Microsoft Systems Vulnerable to CVE-2020-0796
Original release date: June 5, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March...
Business Services Provider Conduent Hit by Ransomware
Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators.
Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
Cisco security advisories address 47 flaws, three critical
Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software.
Among the most series flaws is a...
Kind of goes without saying, but fix your admin passwords or risk getting borged by this brute-forcing botnet
Publishing platforms, hosts being targeted by Stealthworker malware Servers are being targeted with a malware attack that uses its infected hosts to brute-force other machines.…
QNAP NAS devices targeted in another wave of ransomware attacks
eCh0raix ransomware gang returns with a new wave of attacks against QNAP NAS devices.
Name That Toon: Sign of the Tides
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
North Dakota Contact Tracing App Ends Data Share with Foursquare
North Dakota Contact Tracing App Ends Data Share with Foursquare The operators of a North Dakota contact tracing app have had a rethink when it comes to sharing users' data with third-party services.
Care19 was created by ProudCrowd LLC to track the...
Local, State Governments Face Cybersecurity Crisis
Ransomware hit small government organizations hard in 2019. Now they have to deal with budget cuts, pandemic precautions, social unrest, and the coming election cycle.
IBM Releases Open Source Toolkits for Processing Data While Encrypted
IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted.
read more
UK govt publishes contracts granting Amazon, Microsoft, Google and AI firms access to COVID-19 health data
Questions linger over involvement of biz linked to Dominic Cummings and Vote Leave campaign UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days...
S2 Ep42: Apple auth attack, Octopus Scanner, Escobar escapades – Naked Security podcast
The latest Naked Security podcast is out now!
Florida Student Discovers Flaws in Leading Doorbell Security Cameras
Florida Student Discovers Flaws in Leading Doorbell Security Cameras "Systematic design flaws" have been discovered in leading internet-connected doorbell and security cameras by a Florida Institute of Technology student.
Blake Janes unearthed vulnerabilities in devices manufactured by Ring, Nest, SimpliSafe,...
Forget Google—Huawei Surprises Millions Of Users With Radical New Update
It may not have Google, but Huawei has just surprised the world with the ultimate phone for its times.
Botnet blasts WordPress sites with configuration download attacks
A million sites attacked by 20,000 different computers.
Maine Community College Becomes First in State to Offer Cybersecurity Program
Maine Community College Becomes First in State to Offer Cybersecurity Program Maine residents hoping to pursue a career in cybersecurity will finally be able to study the subject at community college.
Starting in fall 2020, Northern Maine Community College (NMCC) will...
The Privacy & Security Outlook for Businesses Post-COVID-19
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.
RiskIQ Raises $15 Million to Help Focus on Critical Industries
San Francisco, CA-based attack surface management firm RiskIQ has raised $15 million in a Series D funding round led by National Grid Partners (NGP). NGP is the venture and innovation arm of the British multinational utility company National Grid...
Russia Angrily Denies German Allegations on 2015 Cyberattack
The Russian Foreign Ministry on Thursday angrily rejected Germany’s allegations over Russian intelligence involvement in a cyberattack against the German parliament.
read more
Signal Adds Face Blurring Tool to Protect User Privacy
Privacy-focused communications application Signal this week announced a new feature meant to enhance user privacy amid social turmoil in the United States: a blur tool.
read more
Second Stimulus Payment: 35 Could Matter More Than $1,200 Or $2,000
There are smaller numbers to worry about than 1,200 or 2,000 when it comes to a second stimulus check. Numbers like 35.
HyperBeard Fined $150K for Allegedly Collecting Children’s Data Illegally
The U.S. Federal Trade Commission (FTC) fined app developer HyperBeard $150,000 for allegedly collecting children’s data in an unlawful way. On June 4, the FTC announced that HyperBeard had agreed to pay a fine of $150,000 and to delete...
Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights
A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city’s traffic lights.
read more
Achieving an audacious goal by treating cybersecurity like a science
When humans discovered and learned to ‘obey’ the laws of physics and chemistry, we began to thrive in our world. It enabled us to make fire, build machines much stronger than ourselves, to cure diseases, to fly.
What will it...
LEADERS
New Research: "Privacy Threats in Intimate Relationships"
I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships."
Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships,...
Weekly Update 194
Cybersecurity Blogger Awards; HIBP Wiped a Ticketing System with a SQLi Email; The MPD “Hack” (that wasn’t); The “Lead Hunter” Breach; Sponsored by NordVPN
https://www.troyhunt.com/weekly-update-194/
Goodbye Naked Security?
The Naked Security blog is part of my history.
Now, as Sophos makes cut-backs, it might be history for all of us.
The scammer who tried to launder over $500,000 through Business Email Compromise
A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies, including Electrolux, out of hundreds of thousands of dollars.
Read more in my article on the Tripwire...
Zoom’s Commitment to User Security Depends on Whether you Pay It or Not
Zoom was doing so well.... And now we have this:
Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third...
