Tuesday, December 11, 2018
Internet Storm Center Infocon Status

LATEST

What is a keylogger? How attackers can monitor everything you type

Keylogger definitionTo read this article in full, please click here(Insider Story)
Computerworld

And that was actually the CLEAN version!

It's more than a few years back, and this oilfield services company is implementing a new email filter, says a pilot fish working there."It was part of an email security product," fish says. "The filter could identify emails containing...

Review: How StackRox protects containers

With the rise of cloud computing and later DevOps, containerization has never been more popular. But cybersecurity has yet to fully catch up. Even security applications designed to work natively in the cloud have trouble protecting the most popular...

Dark web goldmine busted by Europol

What’s the safest way to buy counterfeit banknotes? Not on the dark web market, as 235 people have just discovered to their cost.
Security Affairs

Google will shut down consumer version of Google+ earlier due to a bug

Google announced it will close the consumer version of Google+ before than originally planned due to the discovery of a new security flaw. Google will close the consumer version of Google+ in April, four months earlier than planned. According to G...

Teen SWATter who had 400 schools evacuated lands 3 years in jail

George Duke-Cohan is the British teen who posed as a worried father whose daughter had called him mid-flight during a hijacking.

Facebook fined $11m for misleading users about how data will be used

They said Facebook emphasizes the service being free, not that it's making big bucks off users' data. They ordered the company to apologize.

NHS Fax Ban Set to Improve Security from 2020

NHS Fax Ban Set to Improve Security from 2020The NHS will be banned from buying any more fax machines from next month as the government looks to upgrade the health service to more modern and secure communications platforms. Health secretary Matt...
The Register

Texas Instruments flicks Armis’ Bluetooth chip vuln off its shoulder

Yeah, we've patched that one, adds Cisco Texas Instruments has rather feebly slapped down infosec researchers' findings on a so-called Bleedingbit Bluetooth Low Energy vulnerability after a more detailed explanation of the chipset's weakness emerged.…

New Google+ Bug Moves Site End Date Forward

New Google+ Bug Moves Site End Date Forward Google is speeding up the closure of its unpopular social networking platform after discovering a new bug affecting over 52 million users. The tech giant announced in October that it would be...
Security Weekly

Coming Together – Business Security Weekly #110

This week, Matt and Paul interview Brian Carey, Senior Security Consultant at Rapid7! Brian talks about emerging trends that he is seeing with his clients, and how they impact their clients’ security programs, including maturity, roadmap, and recommendations! In...
Unsuperivsed Learning Podcast

Unsupervised Learning: No. 155

Google+ breach, Android flaws, China's long game against the US, Australia's encryption blunder, NYPD drones, and more…Support the show.

2018-043-Adam-Baldwin, npmjs Director of Security, event stream post mortem, and making your package system more secure

Adam Baldwin (@adam_baldwin) Director of Security, npm   https://foundation.nodejs.org/ https://spring.io/understanding/javascript-package-managers   Role in the NodeJS project     Advisory? Active role? Maintain security modules?     Are there any requirements to being a dev?     Are there different roles in...
DtSR Podcast

DtSR Episode 326 – MidMarket Security

This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, statistically) for a long time. Bob has some great lessons learned and...
SANS ISC

ISC StormCast for Tuesday, December 11th 2018

Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105 https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-pocWebAssembly Brings Buffer Overflows

DanaBot Malware Adds Spam to its Menu

A new generation of modular malware increases its value to criminals.

Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure

Google has admitted that Google Plus suffered another security failure last month, allowing the personal information of 52 million users to be accessed by third-party apps and developers without permission.

GlobeImposter ransomware victims find themselves abandoned by their extortionists

It’s a bad day when your computers get hit by ransomware. But it only gets worse when you realise that you not only don’t have backups, but also have no way of contacting the criminals who encrypted your data.
The Register

Latest Google+ flaw leads Chocolate Factory to shut down site early

52.5 million accounts at risk, tens of people are worried Google says it will be speeding up the dismantling of its Google+ social network following the discovery of a new security bug that affected 52.5 million users.…
ZDNet

Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter

Attackers scan for Ethereum wallets and mining rigs that have carelessly exposed port 8545 on the Internet.

‘Highly Active’ Seedworm Group Hits IT Services, Governments

Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
SC Magazine

Second Google+ bug hastens shutdown

After a second, newly discovered, bug affected 52.5 million Google+ users, Google has decided to shutter the social network earlier than originally planned. “We’ve recently determined that some users were impacted by a software update introduced in November that contained...
SC Magazine

City of North Bend hit with ransomware

The city of North Bend, Ore., was hit with a ransomware attack which temporarily locked out city workers from their computers and databases. “One weekend morning a few weeks back all of our servers and things locked up, and we...
SecurityWeek

Highly Active MuddyWater Hackers Hit 30 Organizations in 2 Months

The cyberespionage group referred to as MuddyWater has hit over 130 victims in 30 organizations from late September to mid-November, Symantec security researchers said in a report published Monday.  read more
TechRepublic

How to use Cloudflare encrypted DNS on Android

If you're looking for an easy means of enabling encrypted DNS on Android, the Cloudflare 1.1.1.1 app is the way to go.
543FollowersFollow

LEADERS

Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure

Google has admitted that Google Plus suffered another security failure last month, allowing the personal information of 52 million users to be accessed by third-party apps and developers without permission.

GlobeImposter ransomware victims find themselves abandoned by their extortionists

It’s a bad day when your computers get hit by ransomware. But it only gets worse when you realise that you not only don’t have backups, but also have no way of contacting the criminals who encrypted your data.
Brian Krebs

How Internet Savvy are Your Leaders?

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d...
Bruce Schneier

2018 Annual Report from AI Now

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading.
Brian Krebs

Bomb Threat Hoaxer, DDos Boss Gets 3 Years

The ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions — has been sentenced to three years in...