Tuesday, January 28, 2020

US Rolls Out New Bill to Reform NSA Surveillance

US Rolls Out New Bill to Reform NSA Surveillance US senators have proposed a bill that would drastically reform the surveillance practices of the National Security Agency (NSA) and increase oversight of government surveillance. Titled The Safeguarding Americans’ Private Records Act, the bill...

Major Canadian Military Contractor Compromised in Ransomware Attack

Major Canadian Military Contractor Compromised in Ransomware AttackA Canadian construction company that won military and government contracts worth millions of dollars has suffered a ransomware attack.  General contractor Bird Construction, which is based in Toronto, was allegedly targeted by cyber-threat group...

US Space Industry to Launch Cybersecurity Portal

US Space Industry to Launch Cybersecurity Portal Spring 2020 will see the launch of a new US cybersecurity resource designed to protect the space industry.  Space News reported last Thursday that the Space Information Sharing and Analysis Center, or Space ISAC, is...

Royal Yachting Association Resets Passwords After Breach

Royal Yachting Association Resets Passwords After BreachThe Royal Yachting Association (RYA) is forcing a password reset for all online users after warning some that their data may have been compromised by a third party. The UK’s national body for all things...

Chrome and Firefox Clamp Down on Suspicious Behavior

Chrome and Firefox Clamp Down on Suspicious Behavior Both Chrome and Firefox administrators have had to take action recently to halt the spread of malware via extensions and add-ons. Google developer advocate Simeon Vincent explained over the weekend that the...

Citrix Flaw Exploited by Ransomware Attackers

Citrix Flaw Exploited by Ransomware AttackersReports have emerged of multiple attempts to exploit a Citrix vulnerability, delivering ransomware to enterprise victims including a German car manufacturer. Citrix began patching the CVE-2019-19781 bug in its Application Delivery Controller (ADC) and Citrix...

Russian Pleads Guilty to Running Online Criminal Marketplace

Russian Pleads Guilty to Running Online Criminal MarketplaceA Russian man has pleaded guilty to running an illegal online marketplace that sold stolen payment card credentials to criminals, who used them to make over $20m in fraudulent purchases. Before a United States court, Aleksei...

US Issues Cybersecurity Warnings Over Flawed Medical Devices

US Issues Cybersecurity Warnings Over Flawed Medical Devices Warnings have been issued in the United States after cybersecurity flaws were detected in medical monitoring devices manufactured by GE Healthcare Systems (GEHC).  Safety notices were published yesterday by both the...

London Police Adopt Facial Recognition Technology as Europe Considers Five-Year Ban

London Police Adopt Facial Recognition Technology as Europe Considers Five-Year BanLondon's Metropolitan Police Service has announced that it will start using live facial recognition (LFR) technology to scan public areas for suspected criminals.  After trialing the technology for two years,...

#BSidesLeeds: Credential Stuffing Often Seen as “Volume” Cybercrime

#BSidesLeeds: Credential Stuffing Often Seen as “Volume” CybercrimeSpeaking at BSides Leeds, security researcher Darren Martyn explored the issue of credential stuffing, calling it an “exploding problem on the internet” and the “cyber-equivalent of volume crime.” Saying that credential stuffing is...

#BSidesLeeds: Cyber is Running the World, More Innovation to Come

#BSidesLeeds: Cyber is Running the World, More Innovation to ComeIn the opening keynote at BSides Leeds head of cybersecurity research Daniel Cuthbert said that we are “in the best industry in the world” and, having spent 27 years doing cybersecurity,...

European Energy Firm Targeted by RAT Linked to Iran

European Energy Firm Targeted by RAT Linked to IranSecurity researchers have discovered a new cyber-espionage operation with links to Iranian state hacking groups targeting a major European energy organization. Recorded Future’s Insikt Group detected command-and-control (C&C) communications between a C&C...

Ransomware Payments Doubled and Downtime Grew in Q4

Ransomware Payments Doubled and Downtime Grew in Q4The average ransomware payment more than doubled quarter-on-quarter in the final three months of 2019, while average downtime grew by several days, according to the latest figures from Coveware. The security vendor analyzed...

Sonos Backtracks to Offer Fixes for Legacy Speakers

Sonos Backtracks to Offer Fixes for Legacy SpeakersSonos appears to have bowed to customer pressure and will now offer security updates for legacy kit and ensure it can co-exist with newer systems. The smart speaker firm issued a statement earlier...

US Cybersecurity Agency Issues Emotet Warning

US Cybersecurity Agency Issues Emotet Warning America's Cybersecurity and Infrastructure Security Agency (CISA) issued a warning yesterday after observing an increase in the number of targeted cyber-attacks that utilize Emotet. Emotet functions as a modular botnet that can steal data, send malicious...
ZDNet

DEF CON China conference put on hold due to coronavirus outbreak

DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
The Register

Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates

We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...

One Small Fix Would Curb Stingray Surveillance

The technology needed to limit stingrays is clear—but good luck getting telecoms on board.