Sunday, June 20, 2021
Internet Storm Center Infocon Status

LATEST

SecurityWeek

Hit by a Ransomware Attack? Your Payment May be Deductible

As ransomware attacks surge, the FBI is doubling down on its guidance to affected businesses: Don’t pay the cybercriminals. But the U.S. government also offers a little-noticed incentive for those who do pay: The ransoms may be tax deductible. read...

Why You Suddenly Need To Delete Google Maps On Your iPhone

Hundreds of millions of iPhone users should stop using Google Maps after radical new update...

Why You Should Stop Sending Texts From Your Android Messages App

Millions of you are still putting your security at risk. Here's the serious problem you have...
SecurityWeek

Major Cyberattack on Poland Came from Russian Territory: Kaczynski

A recent "large scale" cyberattack targeting top Polish politicians was launched from Russia, Jaroslaw Kaczynski, the leader of Poland's governing right-wing party, said on Friday. read more

New Windows 10 Security Shock As 1,000 Vulnerabilities Revealed

Microsoft loses out to Apple and Google in the security vulnerability stakes, and Windows 10 is at the heart of it all.

iOS 15 Launch: This New Feature Transforms The Way You Upgrade Your iPhone

Apple’s iOS 15 has been revealed, and it comes with a new feature that will transform the way you upgrade your iPhone.
The CyberWire Podcast

Primitive Bear spearphishes for Ukrainian entities. [Research Saturday]

Guests Gage Mele and Yury Polozov join Dave to talk about Anomali's research "Primitive Bear (Gamaredon) Targets Ukraine with Timely Themes." Anomali Threat Research identified malicious samples that align with the...
The Hacker News

North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute

South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a...
The Hacker News

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this...

Weekly Update 248

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.Thought I'd do a bit of AMA this week given the rest of the content...

Calix Raises The Stakes In Home Network Security

Analyst Mark Vena examines Calix's network security strategy.
Bruce Schneier

Friday Squid Blogging: Video of Giant Squid Hunting Prey

Fantastic video of a giant squid hunting at depths between 1,827 and 3,117 feet. This is a follow-on from this post. As usual, you can also use this squid post to talk about the security stories in the news that I...

Attackers Find New Way to Exploit Google Docs for Phishing

Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.
Security Weekly

Adrian Overlord – PSW #699

This week, we welcome Brian Joe, Director of Security Product Marketing at Fastly, to discuss Avoiding the Silo: Bridging the Divide Between Security + Dev Teams! In the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord!...

Accidental Insider Leaks Prove Major Source of Risk

Research reports highlight growing concerns around insider negligence that leads to data breaches.

This Week in Database Leaks: Cognyte, CVS, Wegmans

Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.
The CyberWire Podcast

Notes from the underworld: phishing with hardware, DarkSide impersonation, and cyber vigilantes. Data incidents, and a conviction for a crypter.

Phishing, with a bogus hardware wallet as bait. Empty threats from a DarkSide impersonator. Cyber vigilantes may be distributing anti-piracy malware. Data security incidents at a cruise line and a US...

Cybercrooks Are Mailing Users Fake Ledger Devices To Steal Their Cryptocurrency

Ledger’s hardware wallets are a very popular way to securely store cryptocurrency.
Security Weekly

Cyber Insurance, Akamai Outages, Win 10 EOL, & Pinchy Spider – SWN #128

This week, Dr. Doug talks: Pinchy Spider, Drones, Biden and Putin, Microsoft, CVS, along with the Show Wrap Ups & his Favorite Threat of the Week! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like...
SC Magazine

Wegmans reports misconfigurations on two cloud databases

Another company was caught in a cloud misconfiguration issue as Wegmans Food Markets on Thursday notified its customers that two of its cloud databases were left open to potential outside access. In a notice released to its customers, Wegmans said...
Security Affairs

Expert found multiple flaws in Cisco Small Business 220 series

A researcher discovered multiple vulnerabilities in smart switches of Cisco’s Small Business 220 series, including some issues rated as high severity. Security researcher Jasper Lievisse Adriaanse has discovered multiple vulnerabilities Cisco’s Small Business 220 series smart switches. The vulnerabilities impact...
SC Magazine

Researchers offer advice on how to block WFH employees from downloading pirated software

Security teams looking to prevent work-from-home and remote users from downloading potentially trojanized pirated software will find Thursday’s research by Sophos of interest. In a blog post, Sophos researchers reported on a curious malware program that comes disguised as pirated...

Texan Admits Data Center Bomb Plot

Texan Admits Data Center Bomb PlotA man from Texas could be facing up to 20 years in prison after pleading guilty to plotting to blow up a data center in Virginia. Seth Aaron Pendley, of Wichita Falls, was arrested in April after...
SC Magazine

Alina Lodge notifies patients of data breach tied to 2020 Blackbaud incident

The Blackbaud data breach was the largest health care-related incident of 2020, impacting an estimated two dozen providers and well over 10 million patients. Now, 2,565 patients of addiction treatment center Alina Lodge are being notified that their data...

Can *YOU* blow a PC speaker using only a Linux kernel driver?

Can you help? There's a hidden meaning here, and it's time to find it!
819FollowersFollow

LEADERS

Weekly Update 248

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.Thought I'd do a bit of AMA this week given the rest of the content...
Bruce Schneier

Friday Squid Blogging: Video of Giant Squid Hunting Prey

Fantastic video of a giant squid hunting at depths between 1,827 and 3,117 feet. This is a follow-on from this post. As usual, you can also use this squid post to talk about the security stories in the news that I...
Graham Cluley

Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea

Authorities in South Korea have filed charges against employees at a computer repair store. What are the nine charged employees of the company alleged to have done? Created and installed ransomware onto the computers of their customers, netting more...
Brian Krebs

First American Financial Pays Farcical $500K Fine

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating...
Bruce Schneier

Peloton Vulnerability Found and Fixed

Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires physical access to the Peloton, so it’s not really a practical attack. President Biden’s Peloton was not...