InfoSec Feed

This feed is in UTC time. If you do not see the feed please enable JavaScript.

  • How to Get the Most Out of Your Security Metrics
    on January 27, 2020 at 3:00 pm

    There's an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives.

  • Mozilla is cleaning out its closet by removing 200 dodgy Firefox add-ons
    on January 27, 2020 at 2:55 pm

    Mozilla’s security team has been busy the past two weeks, removing add-ons caught stealing user data and executing malicious code. In a crusade to “make browsing smarter, safer, and faster,” the Firefox administrators decommissioned around 200 extensions and add-ons that posed security risks for users. Plugins with hidden features that may compromise user privacy or

  • Cardplanet mastermind pleads guilty to credit card fraud
    on January 27, 2020 at 2:31 pm

    Cardplanet offered refunds on invalid card data, along with a card checking service that ensured a stolen card was still valid.

  • Mandatory IoT Security in the Offing with U.K. Proposal
    on January 27, 2020 at 2:16 pm

    The new U.K. law mandates that manufacturers apply several security controls to their connected devices.

  • Head of ‘Cardplanet’ Stolen Credit Card Marketplace Pleads Guilty in the US
    on January 27, 2020 at 2:01 pm

    Aleksei Burkov, 29, pleaded guilty in the United States to money laundering, device fraud and other crimes after he was caught running an illegal website, called Cardplanet, that sold stolen credit card data. Burkov had been on the run since 2013 when authorities identified him as the culprit behind Cardplanet. He took refuge in Egypt,

  • 5 ways to cope with the cybersecurity skills shortage (that don't involve hiring)
    on January 27, 2020 at 1:53 pm

    As part of the ESG annual IT spending intensions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills.  Cybersecurity topped the list of problematic skills shortage areas, just as it has for the past nine years.To read this article in full, please click here(Insider Story)

  • Tinder to get panic button, catfish-fighting facial recognition
    on January 27, 2020 at 1:28 pm

    It's both a genius move to protect from assault and fraud and a personal data grab.

  • Americans want stronger privacy over easier access to health data
    on January 27, 2020 at 1:16 pm

    In a welcome mentality shift, Americans are starting to put their privacy first and convenience second when it comes to their health data, according to a study by America’s Health Insurance Plans (AHIP). Most surveys asking people about their experience accessing services and apps online conclude that people value convenience more than privacy or security.

  • North Carolina water supplier targeted in ‘international cyberattack’
    on January 27, 2020 at 1:08 pm

    A water supplier in Greenville, North Carolina has suffered a targeted cyber-attack that affected online payments for half a million a people. The outage is expected to last at least two more days as experts investigate the hack. Greenville Water, which serves nearly 500,000 residents of the Upstate region of South Carolina, announced last week

  • Microsoft’s Internet Explorer zero-day workaround is breaking printers
    on January 27, 2020 at 12:56 pm

    Microsoft’s workaround for an unpatched vulnerability that is being exploited in targeted attacks by hackers appears to be breaking printers.

  • Instagram CEO’s homes were targetted by SWATters
    on January 27, 2020 at 12:36 pm

    Instagram CEO Adam Mosseri's houses were surrounded by SWAT teams after hoax phone calls claimed hostages were being held there.

  • Smartphone Election in Washington State
    on January 27, 2020 at 12:03 pm

    This year: King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Once voters have completed their ballots, they must verify their submissions and then submit a signature on...

  • Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks
    on January 27, 2020 at 11:48 am

    The Indonesian National Police in a joint press conference with Interpol and cybersecurity firm Group-IB earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed 'Operation Night Fury,' the investigation was led by Interpol's ASEAN Cyber

  • New York wants to ban taxpayer-funded ransomware payments
    on January 27, 2020 at 11:12 am

    One of the proposed bills would set up a $5m fund to help small towns upgrade their systems and bolster their security.

  • Closing the security gap in OT/IT convergence
    on January 27, 2020 at 11:00 am

    Schneider Electric knows the business value of connecting its 200-plus distribution and production centers and converging them with IT systems. As more and more industrial environments are connected through sensors and actuators to produce data for proactive insights and services, “IIoT [industrial internet of things] is becoming the new normal,” says Christophe Blassiau, global CISO at Schneider.To read this article in full, please click here(Insider Story)

  • FBI warns of spoofed websites and hiring scams that target your wallet
    on January 27, 2020 at 10:56 am

    A recent public service announcement from the FBI warns job seekers of risks they may face when seeking jobs online. When you are in search of honest work, you should not be paying for hiring fees, certifications or training materials. The fake job market has been continuously evolving, and cybercriminals today know just how important

  • Monday review – the hot 21 stories of the week
    on January 27, 2020 at 10:22 am

    From a big Microsoft data breach to the seizing of a stolen-creds site by the FBI - and everything in between. It's weekly roundup time.

  • Cyberattack in City of Potsdam resulted in servers going offline
    on January 27, 2020 at 10:22 am

    The City of Potsdam severed the administration servers’ Internet connection following a cyberattack that took place earlier this week. Emergency services including the city’s fire department fully operational and payments are not affected. Source: Bleeping Computer The post Cyberattack in City of Potsdam resulted in servers going offline appeared first on IT Security Guru.

  • You can get your data hacked by using your old iOS and Android phones
    on January 27, 2020 at 10:21 am

    As reported by many cybersecurity experts, using an old smartphone (either Android or iOS) can put your data on hacking risk. Security researchers urge users to upgrade from their old phones, (particularly that don’t receive software updates anymore) to new safer devices and operating system, to stop any potential hacking attempt. Source: Digital Information World The post You can get your data hacked by using your old iOS and Android phones appeared first on IT Security Guru.

  • Homes in Malvern targeted by phishing phone scam
    on January 27, 2020 at 10:20 am

    PHONE scammers are targeting residents in a county town. The caller claims to represent Amazon Prime, a paid subscription service offered by the online retailer Amazon, giving people access to services such as free two day delivery, when calling homes in Malvern. Source: Worcester News The post Homes in Malvern targeted by phishing phone scam appeared first on IT Security Guru.

  • Netflix scam harvests credit card information
    on January 27, 2020 at 10:18 am

    Netflix subscribers are being warned to show caution after a sophisticated phishing scam was discovered flooding inboxes across the country. The scam ironically mimics 3-step verification – a common digital safety feature used to protect sensitive data online – to trick victims into thinking the email is from Netflix. Source: 9 News The post Netflix scam harvests credit card information appeared first on IT Security Guru.

  • A Global Look at the Data Privacy Landscape
    on January 27, 2020 at 8:00 am

    Data privacy is at the center of core issues that governments are trying to solve this year. Privacy advocates have been requesting more stringent privacy laws and governments have responded. The European Union’s General Data Protection Regulation (GDPR) has served as an effective blueprint for new privacy laws. This year, we are seeing new privacy The post A Global Look at the Data Privacy Landscape appeared first on IT Security Guru.

  • ISC StormCast for Monday, January 27th 2020
    on January 27, 2020 at 3:00 am

    Citrix Releases ADC Updates For All Versionshttps://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/ Temporary Windows 0-Day Fix Breaks Printershttps://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/ Critical Vulnerabilitiesin GE Medical Deviceshttps://www.us-cert.gov/ics/advisories/icsma-20-023-01

  • Trend Micro anti-virus zero-day exploited in attack on Mitsubishi Electric
    on January 26, 2020 at 1:55 pm

    There is some egg on the face of Trend Micro after it is revealed their anti-virus software was exploited to steal data from Mitsubishi Electric, but they aren’t the real villains of the story.

  • Webex flaw allowed anyone to join private online meetings – no password required
    on January 26, 2020 at 1:13 pm

    Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password.

  • Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC
    on January 26, 2020 at 6:00 am

    In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism known as a SPAC to cyber security which, they say, is new to the space.  Thanks to our sponsor, The Johns Hopkins University Information Security Institute. 

  • Weekly Update 175
    on January 25, 2020 at 7:40 am

    Presently sponsored by: SecurityFWD. A brand new YouTube show from Varonis. Watch Episode 1: How Far can Wi-Fi Travel?Alright, let me get this off my chest first - I've totally lost it with these bloody Instamics. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception). I

  • Know Thine Enemy - Identifying North American Cyber Threats - Research Saturday
    on January 25, 2020 at 6:00 am

    The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective. The report can be found here: North American Electric Cyber Threat Perspective The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

  • Know Thy Enemy - Identifying North American Cyber Threats - Research Saturday
    on January 25, 2020 at 6:00 am

    The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective. The report can be found here: North American Electric Cyber Threat Perspective The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

  • Friday Squid Blogging: More on the Giant Squid's DNA
    on January 24, 2020 at 10:18 pm

    Following on from last week's post, here's more information on sequencing the DNA of the giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....

  • New Social Engineering Event to Train Business Pros on Human Hacking
    on January 24, 2020 at 9:40 pm

    The DEF CON Social Engineering Capture the Flag contest inspired a new event aimed at teaching both security and non-security professionals on the fine art of hacking human behavior.

  • ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates
    on January 24, 2020 at 9:34 pm

    Ransomware actors are turning their sights on larger enterprises, making both average cost and downtime inflicted from attacks skyrocket.

  • 'CardPlanet' Operator Pleads Guilty in Federal Court
    on January 24, 2020 at 9:30 pm

    Russian national faced multiple charges in connection with operating the marketplace for stolen credit-card credentials, and a forum for VIP criminals to offer their services.

  • PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.
    on January 24, 2020 at 8:49 pm

    PupyRAT was found in a European energy organization: it may be associated with Iranian threat actors. Another threat actor, the Konni Group, was active against a US government agency last year. Saudi Arabia maintains it had nothing to do with hacking Jeff Bezos’s phone. The EU and Ukraine separately consider anti-disinformation regulations. Canada may be ready to “impose costs” in cyberspace. And Huawei’s a threat, but what’re you gonna do? Justin Harvey from Accenture with an outlook on 2020. Guests are Hank Thomas and Mike Doniger from SCVX, describing their plan to bring a funding mechanism know as a SPAC to cyber security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_24.html Support our show

  • Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings
    on January 24, 2020 at 7:27 pm

    The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.

  • 7 Steps to IoT Security in 2020
    on January 24, 2020 at 6:30 pm

    There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.

  • New Bill Proposes NSA Surveillance Reforms
    on January 24, 2020 at 5:37 pm

    The newly-introduced bill targets the Patriot Act's Section 215, previously used by the U.S. government to collect telephone data from millions of Americans.

  • Nice Try: 501 (Ransomware) Not Implemented
    on January 24, 2020 at 5:22 pm
  • Does Your Domain Have a Registry Lock?
    on January 24, 2020 at 4:37 pm

    If you're running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company's domain name and doing whatever they wish with it. Even so, most major Web site owners aren't taking full advantage of the security tools available to protect their domains from being hijacked. Here's the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.

  • Google finds privacy holes in Safari’s ITP anti-tracking system
    on January 24, 2020 at 4:36 pm

    Apple’s much-vaunted Intelligent Tracking Prevention (ITP) could leave users exposed to a raft of privacy issues, including - ironically - being tracked.

  • We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw
    on January 24, 2020 at 4:24 pm

    The REvil (also known as Sodinokibi) ransomware is being planted on corporate networks by hackers exploiting the Shitrix flaw in Citrix servers.

  • Want your photo removed from our facial recognition database? Just send us your photo and government-issued ID…
    on January 24, 2020 at 3:54 pm

    Controversial firm Clearview AI which stole your photographs from social media sites to feed their facial recognition database expects you to send them your photos and a scan of your ID if you want to have your data removed. Uhh, yeah. Right.

  • You want your photo removed from our facial recognition database? Just send us your photo and government-issued ID…
    on January 24, 2020 at 3:54 pm

    Controversial firm Clearview AI which stole your photographs from social media sites to feed their facial recognition database expects you to send them your photos and a scan of your ID if you want to have your data removed. Uhh, yeah. Right.

  • 5 Resume Basics for a Budding Cybersecurity Career
    on January 24, 2020 at 3:00 pm

    You'll need to add resume tactician to your skill set in order to climb up the next rung on the security job ladder. Here's how.

  • Technical Report of the Bezos Phone Hack
    on January 24, 2020 at 2:34 pm

    Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman. ...investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they...

  • Online Employment Scams on the Rise, Says FBI
    on January 24, 2020 at 2:30 pm

    Looking to change jobs? Watch out for fraudsters who use legitimate job services, slick websites, and an interview process to convince applicants to part with sensitive personal details.

  • Fake Smart Factory Honeypot Highlights New Attack Threats
    on January 24, 2020 at 2:29 pm

    The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems.

  • BrandPost: Integrating Smart Systems: From Connected Cars to Security
    on January 24, 2020 at 2:26 pm

    There is probably no better example of the potential for digital innovation, and the challenges we will need to overcome to get there, than the smart car.Over the past several years, cars have become increasingly sophisticated. Safety systems include back-up cameras and alarms, side traffic indicators, lane deviation warnings and correction, and automatic all-wheel drive based on real-time assessments of road conditions. The list goes on, including automatic tire pressure gauges, GPS navigation, radar-enhanced cruise control, and even assisted parking and driving. The potential of fully interconnecting smart systems is virtually limitless. The same is true for organizations looking to harness their cloud, virtualization, SD-WAN, IoT, and mobile solutions and systems into a single integrated network.To read this article in full, please click here

  • Sonos backtracks (a little) over its software updates fustercluck
    on January 24, 2020 at 1:15 pm

    The maker of wireless home sound systems got itself into hot water after it announced that if you had a mixture of new and old Sonos hardware in your home then *none* of it would be receiving software updates after May.

  • Whoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back now
    on January 24, 2020 at 12:22 pm

    Someone at LastPass must be feeling 5!ck as a p4rr0t right now, after human error meant that its browser extension was accidentally deleted from the Chrome web store. Although an embarrassing goof, it’s something of a storm in a teacup security-wise.

Feed sources:

  • https://www.schneier.com/blog/atom.xml
  • https://nakedsecurity.sophos.com/feed/
  • https://krebsonsecurity.com/feed/
  • http://feeds.feedburner.com/GoogleOnlineSecurityBlog
  • https://www.darknet.org.uk/feed/
  • https://www.darkreading.com/rss_simple.asp
  • https://www.imperva.com/blog/feed/
  • https://www.csoonline.com/index.rss
  • http://feeds.feedburner.com/TheHackersNews
  • https://taosecurity.blogspot.com/feeds/posts/default
  • https://technet.microsoft.com/en-us/security/rss/advisory
  • https://podcasts.files.bbci.co.uk/b01n7094.rss
  • https://labsblog.f-secure.com/feed/
  • https://dfirblog.wordpress.com/feed/
  • https://www.us-cert.gov/ncas/alerts.xml
  • https://threatpost.com/feed/
  • https://www.fireeye.com/blog/threat-research/_jcr_content.feed
  • https://feeds.feedburner.com/CiscoBlogThePlatform
  • http://feeds.feedburner.com/GrahamCluleysBlog
  • http://feeds.feedburner.com/TroyHunt
  • http://blogs.securiteam.com/index.php/feed
  • https://www.secureworks.com/rss?feed=blog
  • https://hotforsecurity.bitdefender.com/feed
  • http://www.itsecurityguru.org/feed/
  • https://blogs.technet.microsoft.com/msrc/feed/
  • https://blogs.technet.microsoft.com/mmpc/feed/

Have more RSS feeds to add to the list? Contact me. Thanks!