Monday, January 24, 2022
Internet Storm Center Infocon Status

LATEST

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
SecurityWeek

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more
Security Affairs

A flaw in Rust Programming language could allow to delete files and directories

The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...
TechRepublic

Personal identifying information for 1.5 billion users was stolen in 2021, but from where?

Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.

DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US

Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.

The Case for Backing Up Source Code

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.
The CyberWire Podcast

Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.

Updates on the continuing hybrid war in Ukraine. The UK charges Russia with trying to install a puppet in Kyiv. Nominal hacktivists claim an attack against Belarusian railroads. Compromise of Greek...
TechRepublic

REvil gang member arrests strike fear among cybercriminals on the Dark Web

Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.
SecurityWeek

Court Awards Merck $1.4B Insurance Claim Over NotPetya Cyberattack

New Jersey court delivers summary judgment against insurance company’s refusal to pay based on war exclusion clause read more

Hactivists say they hacked Belarus rail system to stop Russian military buildup

Enlarge / Servicemen of Russia's Eastern Military District units attend a welcoming ceremony as they arrive in Belarus to take part in joint military exercises. Russia's military is combining its own...

Ransomware Operators Are Feeling the Heat

Ransomware has maintained its dominance the past few years; however, increased law enforcement attention may result in changes to how it looks in the future.
Infosecurity Magazine

IRS to Require New ID Verification

IRS to Require New ID VerificationAmerican taxpayers will soon be required to sign up with an identity verification company to access their Internal Revenue Service (IRS) accounts online. Currently, those with an online account at IRS.gov online can log in using only their...
Infosecurity Magazine

SBA Announces $3m Cybersecurity Program

SBA Announces $3m Cybersecurity ProgramThe United States Small Business Administration (SBA) has launched a program to help the country’s emerging small businesses to improve their cybersecurity infrastructure.  SBA administrator Isabella Casillas Guzman, who heads the SBA, announced the new Cybersecurity for Small...

April Wright and Alyssa Miller- Open Source sustainabilty

Alyssa Milller (@AlyssaM_InfoSec) April Wright (@Aprilwright) 0. Open Source issues (quick discussion, because I value your opinions, and supply chain is important in the IoT world too.) Log4j and OSS software management and profitability Free as in beer, but...
SecurityWeek

Microsoft Restricts Excel 4.0 Macros by Default

Microsoft has announced improved security for the users of its flagship Office productivity suite, courtesy of Excel 4.0 (XLM) macros now being restricted by default. read more
SecurityWeek

Facebook Trumpets Massive New Supercomputer

Facebook's parent company Meta announced on Monday it was launching one of the world's most powerful supercomputers to boost its capacity to process data, despite persistent disputes over privacy and disinformation. read more
Computerworld

VPNs and browsers — staying secure while online

In business, we’ve used Virtual Private Networks (VPNs) for years. But I’m now seeing recommendations  that consumers VPN software to make your Internet connections more private so sites can’t snoop on your surfing and other communications. As someone who...
Infosecurity Magazine

NSF Awards $29m to Cybersecurity Scholarships

NSF Awards $29m to Cybersecurity Scholarships The United States National Science Foundation (NSF) is awarding universities more than $29m to fund hundreds of new cybersecurity scholarships. The foundation is making the award to support the urgent need for more cybersecurity professionals in the...
SecurityWeek

CWP Flaws That Expose Servers to Remote Attacks Possibly Exploited in the Wild

Researchers discovered that the Control Web Panel (CWP) web hosting panel is affected by two serious vulnerabilities that can allow attackers to remotely hack servers, and it’s possible that they may have already been exploited in the wild. read more
Unsuperivsed Learning Podcast

News & Analysis | NO. 315

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-315/Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
Infosecurity Magazine

Two in Five IT Security Managers Considering Quitting Their Jobs

Two in Five IT Security Managers Considering Quitting Their JobsTwo in five (41%) IT security managers in the UK are considering quitting their jobs in the next six months, largely due to growing stress levels, according to a new study by ThreatConnect. The...
SecurityWeek

Hacked AccessPress Site Served Backdoored WordPress Plugins, Themes

Unknown threat actors implanted backdoor code into multiple WordPress themes and plugins after compromising the website of their developer, Automattic’s Jatpack security research team reports. read more

Are You Prepared to Defend Against a USB Attack?

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause.
921FollowersFollow

LEADERS

Bruce Schneier

Linux-Targeted Malware Increased by 35%

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in...

How I Got Pwned by My Cloud Costs

Presently sponsored by: Meet compliance objectives in a remote-first world without resorting to rigid device management. Try Kolide for 14-days free!I have been, and still remain, a massive proponent of "the cloud". I built Have I Been Pwned (HIBP)...

Weekly Update 279

Presently sponsored by: Kolide provides endpoint security for teams that value privacy, transparency, and employee productivity. Try Kolide for free today!It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I...
Bruce Schneier

Friday Squid Blogging: Piglet Squid

Nice article on the piglet squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Brian Krebs

Crime Shop Sells Hacked Logins to Other Crime Shops

Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email...