Saturday, July 20, 2019

Malware in PyPI Code Shows Supply Chain Risks

A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.

Europol Head Fears 5G Will Give Criminals an Edge

Catherine De Bolle is concerned law enforcement will lose its ability to track criminals with the arrival of 5G networks.

Mirai Groups Target Business IoT Devices

More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.

The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike

Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.

Crack the Defenses of iOS and other Platforms at Black Hat USA

Get the latest insights into how to attack and defend platforms like iOS, MacOS, and Windows 10 at this upcoming August security conference.

Security Lessons From a New Programming Language

A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.

BitPaymer Ransomware Operators Wage Custom, Targeted Attacks

A new framework is allowing the threat group to compile variants of the malware for each victim, Morphisec says.

Open Source Hacking Tool Grows Up

Koadic toolkit gets upgrades - and a little love from nation-state hackers.

RDP Bug Takes New Approach to Host Compromise

Researchers show how simply connecting to a rogue machine can silently compromise the host.

8 Legit Tools and Utilities That Cybercriminals Commonly Misuse

Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.

How Capture the Flag Competitions Strengthen the Cybersecurity Workforce

These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.

Bulgarian Tax Breach Nets All the Records

An attack by a 'wizard hacker' results in leaked records for virtually every Bulgarian taxpayer.

79% of US Consumers Fear Webcams Are Watching

Widespread privacy concerns have caused 60% of people to cover their laptop webcams - some in creative ways - survey data shows.

Calculating the Value of Security

What will it take to align staff and budget to protect the organization?

MITRE ATT&CK Framework Not Just for the Big Guys

At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.

Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices

Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.

800K Systems Still Vulnerable to BlueKeep

Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says.

Sprint Reveals Account Breach via Samsung Website

The last-June breach exposed data includes names, phone numbers, and account numbers.

A Password Management Report Card

New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.

Data Loss, Leakage Top Cloud Security Concerns

Compliance, accidental exposure of credentials, and data control are also primary concerns for senior IT and security managers.

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.