Tuesday, February 18, 2020
Internet Storm Center Infocon Status


Sensitive plastic surgery images exposed online

Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database.

Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites

Remote Wipe Plugin Bug Hits 200,000+ WordPress SitesSecurity researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress sites to the risk of being remotely wiped by an attacker. The problem lies with versions 1.3.4 and...

Mobile security: Worse than you thought

Many security professionals have long held that the words "mobile security" are an oxymoron. True or not, with today's mobile usage soaring in enterprises, that viewpoint may become irrelevant. It's a reasonable estimate that 2020 knowledge workers use mobile...

12 hottest new cybersecurity startups at RSA 2020

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be...

Iranian Hackers Backdoored VPNs Via One-Day Bugs

Iranian Hackers Backdoored VPNs Via One-Day BugsSecurity researchers have joined the dots on a long-running Iranian cyber-espionage campaign that targeted unpatched bugs in VPN and RDP to infiltrate target organizations globally. Building on previous research from Dragos, which named the...
Security Weekly

Over the Edge – ASW #96

This week, we welcome Doug DePerry, Director of Defense at Datadog, to discuss Lessons Learned From The DevSecOps Trenches! In the Application Security News, SweynTooth: Unleashing Mayhem over Bluetooth Low Energy, RetireJS, What Is DevSecOps and How to Enable...

Apple iPhone SE2 Security Features: Here’s What To Expect

According to a new report, the iPhone SE2–AKA the iPhone 9–will launch at an event on March 31. Here are the important security features to expect.
Darknet Diaries

59: The Courthouse

In this episode we hear from Gary and Justin. Two seasoned penetration testors who tell us a story about the time when they tried to break into a courthouse but it went all wrong.SponsorsThis episode was sponsored by Detectify....

This Israeli Cyber Billionaire Battles Hackers In China, Russia And Iran: ‘It Will Only Get Worse’

Gil Shwed invented the computer firewall and then amassed a $3 billion fortune tackling cyber threats across the world. Here are his views on the dangers we now face.

ISC StormCast for Tuesday, February 18th 2020

More about Curl on Windowshttps://isc.sans.edu/forums/diary/curl+and+SSPI/25812/ WHO Warns of Coronavirus Phishinghttps://www.who.int/about/communications/cyber-security
Reduce Cyber Risk

RCR 071: Understanding Multi-factor Authentication to Pass the CISSP – CISSP Training and Study

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training...

Microsoft to deploy ElectionGuard voting software for the first time tomorrow

Residents in Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines running Microsoft's ElectionGuard voting software.

Arm Ups Its IoT Intelligence Game With New Chips

Patrick Moorhead gives his take on Arm unveiling last week's key parts of their portfolio moving forward—a selection of offerings and IP geared specifically towards machine learning and AI.
The Hacker News

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is...
Security Weekly

Docker Repos, SweynTooth, & Emotet – Wrap Up – SWN #12

This week, Doug White brings you through the latest across all of our shows on the network, CIA pwns well, everyone in history, Bluetooth hacking, Thousands of Docker Repositories are open to the internet, lots of ransomware, and is...

What is Doxware?

Ransomware is a major security threat which affects individuals, businesses, and governments. Over the past few years, researchers have noticed an increase in a new type of ransomware: doxware. The post What is Doxware? appeared first on SecureMac.
IBM Security

Why Threat Actors Are Increasingly Conducting Cyberattacks on Local Government

Cyberattacks on local government in the U.S. have increased dramatically over the last several years. In 2019 alone, ransomware affected more than 100 state and local governments, according to Recorded Future — and that’s just one threat vector. Municipalities...

Google Axes 500 Chrome Extensions Exfiltrating User Data

Google has removed more than 500 extensions from the Chrome Web Store after they were found performing covert data exfiltration activities.  read more

Trump Threatens Intelligence Block Over Huawei: US Diplomat

The United States' ambassador to Germany said Sunday that President Donald Trump had threatened to cut off intelligence-sharing with countries that dealt with Chinese tech firm Huawei. read more

Six-Year-Old Brits Suspects in Sexting Offenses

Six-Year-Old Brits Suspects in Sexting Offenses British police have been investigating children as young as six over their involvement in sexting offenses.  Figures released by London's Metropolitan Police Service reveal that between January 2017 and August 2019, a total of 353...
The Register

Tutanota cries ‘censorship!’ after secure email biz blocked – for real this time – in Russia

Move over, there's plenty of room on Putin's naughty step Fresh from last week's controversy with a US telco, German secure email biz Tutanota has declared today that the Russian authorities have pulled the plug on its services.…

Personal Data of 144K Canadians Breached by Federal Government

Personal Data of 144K Canadians Breached by Federal Government New figures tabled in Canada's House of Commons have revealed that at least 144,000 Canadians have had their personal information mishandled by federal departments and agencies over the past two...

How to report a phishing or spam email to Microsoft

Microsoft can analyze dangerous emails to determine why those messages made it past your spam filters.
The Hacker News

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell...

New York Post Reporter Investigated Over Leaks

New York Post Reporter Investigated Over LeaksNew York cops, on the hunt for a source of leaked police photographs, have subpoenaed the Twitter account of a journalist at the New York Post. The New York Police Department (NYPD) sought access...


Graham Cluley

LastPass releases its 3rd Annual Global Password Security report

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The report helps...
Brian Krebs

Pay Up, Or We’ll Make Google Ban Your Ads

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads...
Graham Cluley

Teenage girls tempt Israeli soliders to install spyware for Hamas

It’s not the first time Israeli soldiers have been targeted with Hamas honeytraps to infect their smartphones with spyware.
Graham Cluley

Teenage girls tempt Israeli soldiers to install spyware for Hamas

It’s not the first time Israeli soldiers have been targeted with Hamas honeytraps to infect their smartphones with spyware.
Graham Cluley

Twitter accounts of The Olympics and FC Barcelona hijacked by OurMine hacking group

The International Olympic Committee and FC Barcelona are the latest victims of a spree of Twitter account hijacks orchestrated by the notorious OurMine gang. Read more in my article on the Hot for Security blog.