InfoSec Feed

This feed is in UTC time. If you do not see the feed please enable JavaScript.

  • Digital Clones Could Cause Problems for Identity Systems
    on August 8, 2020 at 1:00 pm

    Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.

  • Like anything these days, you have to disinfect it first.
    on August 8, 2020 at 5:00 am

    “Cyberbunker” refers to a criminal group that operated a “bulletproof” hosting facility out of an actual military bunker. “Bullet Proof” hosting usually refers to hosting locations in countries with little or corrupt law enforcement, making shutting down criminal activity difficult. Cyberbunker, which is also known as “ZYZtm” and “Calibour”, was a bit different in that it actually operated out of a bulletproof bunker. In September of last year, German police raided this actual Cyberbunker and arrested several suspects. While most of the group's assets were seized during the initial raid, the IP address space remained and was later sold to Legaco Networks. Before being shut down, Legaco Networks temporarily redirected the traffic to the SANS Internet Storm Center honeypots for examination. Joining us on this week's Research Saturday from SANS Technology Institute is graduate student Karim Lalji and Dean of Research Johannes Ullrich to discuss their experiences.  The research and blog post can be found here:  Real-Time Honeypot Forensic Investigation on a German Organized Crime Network Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

  • Weekly Update 203
    on August 7, 2020 at 11:02 pm

    Presently sponsored by: Tines: Breaches are inevitable and early detection is crucial. Assure yourself what's next with security automation part 1.What. A. Week. I've been absolutely non-stop publishing data breaches to HIBP whilst simultaneously putting in place the framework to start advising NordVPN on their cybers and open sourcing the HIBP code base at the same time (and a bunch of other more boring stuff that didn't make the cut)

  • Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
    on August 7, 2020 at 10:11 pm

    Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.

  • Friday Squid Blogging: New SQUID
    on August 7, 2020 at 9:08 pm

    There's a new SQUID: A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum world and the familiarity of the macroscopic world we experience every day. The atomtronic Superconducting QUantum Interference Device (SQUID) is also potentially useful for ultrasensitive rotation measurements and as a component in quantum...

  • Reddit Attack Defaces Dozens of Channels
    on August 7, 2020 at 8:50 pm

    The attack has defaced the channels with images and content supporting Donald Trump.

  • Hacking the PLC via Its Engineering Software
    on August 7, 2020 at 8:45 pm

    Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.

  • Attackers Horn in on MFA Bypass Options for Account Takeovers
    on August 7, 2020 at 8:24 pm

    Legacy applications don't support modern authentication -- and cybercriminals know this.

  • US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecart’s homoglyph attacks.
    on August 7, 2020 at 7:58 pm

    President Trump issues Executive Orders restricting TikTok and WeChat in the US. A Chinese APT has been active in industrial espionage against Taiwan’s semiconductor industry. Intel sustains a leak of sensitive company intellectual property. Rewards for Justice communicated to Russian and Iranian individuals by text message. Coordinated inauthenticity from Romanian actors, probably criminals. Magecart moves to homoglyph attacks. Craig Williams from Cisco Talos on ransomware campaigns making use of Maze and Snake malware. Our guest is Monica Ruiz from the Hewlett Foundation Cyber Initiative on the potential for a volunteer cyber workforce. And, sorry Fort Meade--there are limits to telework. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/153

  • 400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
    on August 7, 2020 at 7:25 pm

    Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.

  • Have I Been Pwned Set to Go Open-Source
    on August 7, 2020 at 7:16 pm

    Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.

  • Protocol gateway flaws reveal a weak point in ICS environments
    on August 7, 2020 at 5:50 pm

    Security researchers warn about widespread vulnerabilities in protocol gateways, small devices that connect industrial machinery and sensors to TCP/IP networks that are used to automate and control them. New research published this week by Trend Micro and presented at the Black Hat USA virtual security conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.The identified vulnerabilities can enable various attack scenarios, from issuing stealth commands that could sabotage the operational process to gaining unauthorized access, decrypting configuration databases, exposing sensitive information and crashing critical equipment.To read this article in full, please click here

  • Researcher Finds New Office Macro Attacks for MacOS
    on August 7, 2020 at 5:20 pm

    Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.

  • BEC Campaigns Target Financial Execs via Office 365
    on August 7, 2020 at 5:00 pm

    A series of business email compromise campaigns has been targeting executives of more than 1,000 companies, most recently in the US and Canada.

  • IoT Security During COVID-19: What We've Learned & Where We're Going
    on August 7, 2020 at 2:00 pm

    Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.

  • Hospitals impacted after hackers target ventilator manufacture during Covid-19
    on August 7, 2020 at 1:45 pm

    A notorious ransomware gang has been hitting a key manufacturer of coronavirus ventilators in the US. The DoppelPaymer gang have threatened Boyce Technologies with releasing valuable data if the ransom is not paid – as it stands, the ransom amount has not been disclosed. It’s unfortunate to hear Boyce Technologies, an FDA-approved ventilator manufacturer, has had critical The post Hospitals impacted after hackers target ventilator manufacture during Covid-19 appeared first on IT Security Guru.

  • Intel data breach results in confidential info leaked
    on August 7, 2020 at 1:37 pm

    Intel, the U.S. based global chip provider is investigating a data breach after highly confidential and restricted information was leaked onto online sharing website, MEGA. The data was uploaded to MEGA by software engineer, Till Kottman after receiving the documents from an anonymous hacker who allegedly hacked Intel earlier this year. After analysis, the information has been The post Intel data breach results in confidential info leaked appeared first on IT Security Guru.

  • Capital One hit with $80 million fine following 2019 data breach
    on August 7, 2020 at 1:32 pm

    It was announced yesterday that Capital One has been ordered by the Office of the Comptroller of the Currency (OCC) to pay an $80 million fine after the company suffered a massive data breach in 2019. It is estimated that the breach impacted more than 100 million Capital One customers, with names and addresses of individuals The post Capital One hit with $80 million fine following 2019 data breach appeared first on IT Security Guru.

  • Hackers Dump 20GB of Intel’s Confidential Data Online
    on August 7, 2020 at 1:32 pm

    Chipmaker investigates a leak of intellectual property from its partner and customer resource center.

  • Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
    on August 7, 2020 at 1:01 pm

    Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simple and consists of using characters that look the same in order to dupe users," Malwarebytes

  • Augmenting AWS Security Controls
    on August 7, 2020 at 12:43 pm

    Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.

  • Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
    on August 7, 2020 at 12:33 pm

    A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that

  • Business Email Compromise – fighting back with machine learning
    on August 7, 2020 at 12:33 pm

    Machine learning models are immune to blandishments, threats, flattery and so - so why not set them against social engineers?

  • Capitol One to Pay $80 Million Fine After 2019 Data Breach
    on August 7, 2020 at 12:23 pm

    Capital One Financial Corp has agreed to pay an $80 million penalty after the bank suffered a massive data breach that affected more than 100 million customer records in July 2019. The breach was the result of an unsecured Amazon S3 bucket that housed credit card applications with names, addresses, zip codes/postal codes, phone numbers,

  • What is security's role in digital transformation?
    on August 7, 2020 at 10:00 am

    Two years ago, digital transformations had kicked into high gear, with new processes and product development moving ahead at breakneck speed. As IT and business fast-tracked initiatives like agile and DevOps to improve speed to market, security considerations were often left in the dust. At the time, Gartner predicted that 60% of digital businesses would suffer major service failures by 2020 due to the inability of security teams to manage digital risk.High-profile security lapses ensued as expected, although it’s hard to pinpoint that digital projects were the leading cause. “Regardless of whether highly publicized breaches were directly linked to digital transformation, they got business leaders thinking again about risk and solutions that minimize risk,” says Pete Lindstrom, vice president of security research at IDC.To read this article in full, please click here

  • The CSO guide to top security conferences, 2020
    on August 7, 2020 at 10:00 am

    There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2020 and 2021.From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.To read this article in full, please click here

  • How COVID-19 Has Changed Business Cybersecurity Priorities Forever
    on August 7, 2020 at 8:30 am

    For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the

  • I'm Open Sourcing the Have I Been Pwned Code Base
    on August 7, 2020 at 7:55 am

    Presently sponsored by: Tines: Breaches are inevitable and early detection is crucial. Assure yourself what's next with security automation part 1.Let me just cut straight to it: I'm going to open source the Have I Been Pwned code base. The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the

  • Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks
    on August 7, 2020 at 5:34 am

    It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and

  • Intel, ARM, IBM, AMD Processors Vulnerable New Side-Channel Attacks
    on August 7, 2020 at 4:24 am

    It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and

  • ISC StormCast for Friday, August 7th 2020
    on August 7, 2020 at 2:00 am

    FTCode Ransomware Resurfaceshttps://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/ Microsoft Anti-Malware Flaging Host File Manipulationhttps://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/ Reviving older printer vulnerablityhttps://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685

  • Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem
    on August 7, 2020 at 12:48 am

    An inside look at how nation-states use social media to influence, confuse and divide -- and why cybersecurity researchers should be involved.

  • Getting to the Root: How Researchers Identify Zero-Days in the Wild
    on August 7, 2020 at 12:33 am

    Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.

  • Researchers Create New Framework to Evaluate User Security Awareness
    on August 7, 2020 at 12:05 am

    Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.

  • A Mix of Optimism and Pessimism for Security of the 2020 Election
    on August 6, 2020 at 11:30 pm

    DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand so far and what still needs to happen before Nov. 3 to protect the integrity of the US presidential election.

  • Dark Reading Video News Desk Returns to Black Hat
    on August 6, 2020 at 9:50 pm

    UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!

  • Where Dark Reading Goes Next
    on August 6, 2020 at 9:40 pm

    Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.

  • I'm Partnering with NordVPN as a Strategic Advisor
    on August 6, 2020 at 9:30 pm

    Presently sponsored by: Tines: Breaches are inevitable and early detection is crucial. Assure yourself what's next with security automation part 1.I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there:But one of them is literally called “Secure VPN”, how

  • Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs
    on August 6, 2020 at 9:29 pm

    Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.

  • On 'Invisible Salamanders' and Insecure Messages
    on August 6, 2020 at 9:25 pm

    Cornell researcher Paul Grubbs discusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.

  • Exploiting Google Cloud Platform With Ease
    on August 6, 2020 at 9:10 pm

    Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.

  • Information Operations Spotlighted at Black Hat as Election Worries Rise
    on August 6, 2020 at 8:50 pm

    From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.

  • Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
    on August 6, 2020 at 8:50 pm

    Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks they've detected, and suggest mitigations as businesses rely more heavily on the cloud.

  • Canon Admits Ransomware Attack in Employee Note, Report
    on August 6, 2020 at 8:44 pm

    The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems, reportedly thanks to the Maze gang.

  • OpenText Blends Security, Data Protection for Greater Cyber Resilience
    on August 6, 2020 at 8:30 pm

    SPONSORED CONTENT: Infosec professionals are taking advantage of technology hybrids to keep users, data, and their networks more safe, according to Hal Lonas of OpenText's Webroot division. And they're also finding new ways to use artificial intelligence and machine learning to improve security management and reduce risk.

  • Why Satellite Communication Eavesdropping Will Remain A Problem
    on August 6, 2020 at 8:10 pm

    Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.

  • Using IoT Botnets to Manipulate the Energy Market
    on August 6, 2020 at 7:50 pm

    Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.

  • Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack
    on August 6, 2020 at 7:49 pm

    Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.

  • US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.
    on August 6, 2020 at 7:43 pm

    The US announces five new lines of effort for the Clean Network program, and none of them are exactly mash notes for Beijing. The US is also offering rewards of up to ten million dollars for information about foreign computer crimes aimed at interfering with US elections. Australia’s new cybersecurity strategy is out. Maze may have hit Canon. Rob Lee from Dragos addresses speculation of an ICS supply chain back door. Our guest is Theresa Lanowitz from AT&T Cybersecurity on 5G security threats to businesses. And a bail hearing is disrupted by Zoom-bombing. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/152

  • Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
    on August 6, 2020 at 7:30 pm

    Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.

Feed sources:

  • https://www.schneier.com/blog/atom.xml
  • https://nakedsecurity.sophos.com/feed/
  • https://krebsonsecurity.com/feed/
  • http://feeds.feedburner.com/GoogleOnlineSecurityBlog
  • https://www.darknet.org.uk/feed/
  • https://www.darkreading.com/rss_simple.asp
  • https://www.imperva.com/blog/feed/
  • https://www.csoonline.com/index.rss
  • http://feeds.feedburner.com/TheHackersNews
  • https://taosecurity.blogspot.com/feeds/posts/default
  • https://technet.microsoft.com/en-us/security/rss/advisory
  • https://podcasts.files.bbci.co.uk/b01n7094.rss
  • https://labsblog.f-secure.com/feed/
  • https://dfirblog.wordpress.com/feed/
  • https://www.us-cert.gov/ncas/alerts.xml
  • https://threatpost.com/feed/
  • https://www.fireeye.com/blog/threat-research/_jcr_content.feed
  • https://feeds.feedburner.com/CiscoBlogThePlatform
  • http://feeds.feedburner.com/GrahamCluleysBlog
  • http://feeds.feedburner.com/TroyHunt
  • http://blogs.securiteam.com/index.php/feed
  • https://www.secureworks.com/rss?feed=blog
  • https://hotforsecurity.bitdefender.com/feed
  • http://www.itsecurityguru.org/feed/
  • https://blogs.technet.microsoft.com/msrc/feed/
  • https://blogs.technet.microsoft.com/mmpc/feed/

Have more RSS feeds to add to the list? Contact me. Thanks!