InfoSec Feed

Do you like the changes made to this feed? Let me know by using the contact me page. Thanks!

This feed is in UTC time. If you do not see the feed please enable JavaScript.

  • Two Bayrob Cybercrime Members Sentenced to 20 and 18 Years in Prison
    on December 9, 2019 at 5:00 pm

    The Romanian nationals stole some $4 million in a vast malware, botnet, and cryptocurrency operation.

  • Elder Scrolls Online Targeted by Cybercrooks Hunting In-Game Loot
    on December 9, 2019 at 4:57 pm

    A phishing attack is masquerading as messages from the game's developers.

  • 10 Notable Cybersecurity Acquisitions of 2019, Part 2
    on December 9, 2019 at 4:30 pm

    As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.

  • Will the new iPhone 11 track you even if you tell it not to?
    on December 9, 2019 at 4:27 pm

    Does turning location access off for all your apps mean that location access is off altogether?

  • Nation-State Attackers May Have Co-opted Vega Ransomware
    on December 9, 2019 at 4:05 pm

    The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.

  • Criminals Hide Fraud Behind the Green Lock Icon
    on December 9, 2019 at 4:00 pm

    Criminals are using free certificate services to apply real security certs to fraudulent sites - and to take advantage of victims looking for surfing safety.

  • Hackers steal credit card details from Sweaty Betty customers
    on December 9, 2019 at 3:42 pm

    Women’s activewear retailer Sweaty Betty has emailed some of its customers warning that their payment card details may have been compromised by malicious code running on its website. Read more in my article on the Hot for Security blog.

  • GE, Dunkin’, Forever 21 Caught Up in Broad Internal Document Leak
    on December 9, 2019 at 3:28 pm

    A PR and marketing provider exposed sensitive data for a raft of big-name companies.

  • 4 Tips to Run Fast in the Face of Digital Transformation
    on December 9, 2019 at 3:00 pm

    This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.

  • Reddit Says Influence Campaign is Behind Leaked U.S.-U.K. Trade Documents
    on December 9, 2019 at 2:40 pm

    The platform has linked documents posted on its site to a vote-manipulation campaign already observed on Facebook earlier this year.

  • Microsoft Finds 44 Million Compromised Credentials Used for Its Services
    on December 9, 2019 at 2:01 pm

    Microsoft’s identity threat research team found more than 44 million compromised Microsoft user accounts in use in three months of scanning, between January and March 2019. The team checked billions of credentials people use for their services in an effort to identify the accounts that were still using compromised user names and passwords. The researchers

  • Detecting unsafe path access patterns with PathAuditor
    on December 9, 2019 at 1:46 pm
  • IDG Contributor Network: 2019 in review: data breaches, GDPR’s teeth, malicious apps, malvertising and more
    on December 9, 2019 at 1:41 pm

    Midyear reports showed a 54 percent increase in breaches over last year with more than 4 billion records compromised. The year is ending with news about breaches impacting customers of Macy’s and T-Mobile. Disney’s new streaming service, Disney+, wasn’t even online for a full day before hackers got in and compromised user accounts.To read this article in full, please click here

  • Sodinokibi ransomware gang infects yet another IT provider serving dentists; 100+ offices hit
    on December 9, 2019 at 1:18 pm

    Sodinokibi operators have hacked yet another IT vendor serving hundreds of dentistry practices, infecting clients’ computers by exploiting a vulnerable remote access tool. The gang wielding the infamous ransomware strain is not new to attacking a service provider with hundreds of dental practices as clients. Complete Technology Solutions (CTS) mainly offers managed IT services and

  • Networking attack gives hijackers VPN access
    on December 9, 2019 at 12:31 pm

    Researchers have discovered a flaw in macOS, Linux, and several other operating systems that could let attackers hijack VPN connections.

  • HackerOne pays $20,000 bounty after breach of own systems
    on December 9, 2019 at 12:08 pm

    In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher who reported a security flaw inadvertently caused by one of its staff during… a bug submission.

  • New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
    on December 9, 2019 at 12:00 pm

    No longer can you secure the perimeter and trust that nothing will get in or out.

  • Failure Modes in Machine Learning
    on December 9, 2019 at 11:56 am

    Interesting taxonomy of machine-learning failures (pdf) that encompasses both mistakes and attacks, or -- in their words -- intentional and unintentional failure modes. It's a good basis for threat modeling....

  • Facebook suing ILikeAd for hijacking users’ ad accounts
    on December 9, 2019 at 11:46 am

    Facebook says the company used celeb bait links to infect victims with malware and hijacked their ad accounts to sell diet pills.

  • 9 top fuzzing tools: Finding the weirdest application errors
    on December 9, 2019 at 11:00 am

    Don’t let the whimsical name fool you. Fuzzing is a serious process that can help uncover critical, unknown and sometimes weird problems affecting today’s modern, complex applications. Good fuzzing tools can often find hidden ways that programs can be exploited long before they are deployed to the public.To read this article in full, please click here(Insider Story)

  • How a nuclear plant got hacked
    on December 9, 2019 at 11:00 am

    If you think attacking civilian infrastructure is a war crime, you'd be right, but spies from countries around the world are fighting a silent, dirty war to pre-position themselves on civilian infrastructure — like energy-producing civilian nuclear plants — to be able to commit sabotage during a moment of geopolitical tension.What follows is an explanation of how India's Kudankulam Nuclear Power Plant (KNPP) got hacked — and how it could have been easily avoided.[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ]The KNPP hack The news came to light, as it so often does these days, on Twitter. Pukhraj Singh (@RungRage), a "noted cyber intelligence specialist" who was "instrumental in setting up of the cyber-warfare operations centre of the National Technical Research Organisation (NTRO)," according to The New Indian Express, tweeted: "So, it's public now. Domain controller-level access Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit," noting in a quote tweet that he was aware of the attack as early as September 7, 2019, calling it a "causus belli" (an attack sufficiently grave to provoke a war).To read this article in full, please click here

  • $5m bounty set on the alleged head of Evil Corp banking Trojan group
    on December 9, 2019 at 10:53 am

    Know where Maksim “Aqua” Yakubets is? Can you pry him out of Russia and his Lamborghinis? The biggest ever cybercrook reward awaits!

  • 100 Customers hit by Ransomware Attack MSP
    on December 9, 2019 at 10:08 am

    A ransomware attack has spread from a Colorado MSP (managed IT services provider) through remote access software more than 100 dentistry practices, KrebsOnSecurity reports. The ransomware attack apparently hit Complete Technology Solutions of Englewood, Colorado, though the MSP has not commented about the situation, and MSSP Alert has not independently confirmed the report. The attack apparently involved remote The post 100 Customers hit by Ransomware Attack MSP appeared first on IT Security Guru.

  • Holiday Phishing scams aimed at small business
    on December 9, 2019 at 10:05 am

    Phishing scams that infect a computer and potentially allow hackers to invade bank and other accounts are highly preventable, but it takes eternal vigilance. NEW YORK – The e-mail looked legitimate, so Danielle Radin clicked on the link it contained, expecting to have her products included in a holiday gift guide. “I instantly regretted it,” says The post Holiday Phishing scams aimed at small business appeared first on IT Security Guru.

  • Moscow police sell the access to City CCTV
    on December 9, 2019 at 10:04 am

    Anyone with a little money can buy access to Moscow’s surveillance system of tens of thousands of cameras along and check footage stored over the previous five days. Sellers on forums and messenger groups that trade illegal data also provide facial recognition lookup services. Source: Bleeping Computer The post Moscow police sell the access to City CCTV appeared first on IT Security Guru.

  • Monday review – the hot 22 stories of the week
    on December 9, 2019 at 10:03 am

    Get up to date with the hot security stories from the past week - from fake Android apps to malware targeting Mac users.

  • PlayStation Phishing Scam run by Fake Elder Scrolls Online Devs
    on December 9, 2019 at 10:00 am

    Scammers are masquerading as The Elder Scrolls Online developers and sending Playstation private messages that state your account will be banned if you do not provide your login credentials. If you are a user of online games, especially shooters and MMORPGs, you are likely familiar with users commonly being banned from games for cheating or The post PlayStation Phishing Scam run by Fake Elder Scrolls Online Devs appeared first on IT Security Guru.

  • Fileless Malware strike again with Lazarus Hacking Group
    on December 9, 2019 at 9:58 am

    Researchers discovered a new kind of “Fileless Malware” distributed by the infamous Lazarus APT Hackers Group.  According to a security researcher from K7 Labs, the hacking group was spreading malware targeting MacOS users, to create fake cryptocurrency trading applications. Source: CISO Mag The post Fileless Malware strike again with Lazarus Hacking Group appeared first on IT Security Guru.

  • Weekly Update 168
    on December 9, 2019 at 5:44 am

    Presently sponsored by: Whois XML API: Enhance your e-commerce and web applications with our IP Geolocation APIs and feeds. Give it a try for free.I'm presently on the YOW! conference tour which means doing the same keynote three times over in Sydney, Brisbane and Melbourne. It's my first time back at YOW! since 2015 and it's always a nice way to wrap up the year, especially the Brisbane leg I'm on at the moment

  • ISC StormCast for Monday, December 9th 2019
    on December 9, 2019 at 3:00 am

    E-Mail Includes Entire HTML/Javascript Phishing Kit https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/Great Canon / Red Canon Activated to Silence Pro Hongkong Forum https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again

  • Ransomware at Colorado IT Provider Affects 100+ Dental Offices
    on December 7, 2019 at 9:17 pm

    A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as "Sodinokibi" or "rEvil" to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services -- including network security, data backup and voice-over-IP phone service.

  • Amazon battles leaky S3 buckets with a new security tool
    on December 7, 2019 at 5:48 pm

    A new AWS feature is supposed to help avoid accidental misconfigurations that could result in sensitive data being exposed, a company’s brand being damaged, and even – potentially – put its customers at risk. Read more in my article on the Bitdefender Business Insights blog.

  • Targeting routers to hit gaming servers. — Research Saturday
    on December 7, 2019 at 6:00 am

    Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known vulnerabilities to make the routers parts of botnets, ultimately used to attack gaming servers. Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. She joins us to share their findings. The research can be found here: https://unit42.paloaltonetworks.com/home-small-office-wireless-routers-exploited-to-attack-gaming-servers/ The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.  

  • Friday Squid Blogging: Squidfall Safety
    on December 6, 2019 at 10:20 pm

    Watchmen supporting material. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....

  • Email Voted a Weak Link for Election Security, with DMARC Lagging
    on December 6, 2019 at 9:35 pm

    Most counties are not protected from impersonation-based spearphishing attacks.

  • Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.
    on December 6, 2019 at 9:18 pm

    Facebook sues a company for ad fraud. Unix-based VPN traffic is vulnerable to tampering. Russian disinformation in Lithuania. Apple explains why new iPhones say they’re using Location Services, even when Location Services are switched off. Researchers set a new record for cracking an encryption key. And ransomware hits a New Jersey theater.  David Dufour from Webroot with a look back at 2019's nastiest cyber threats. Guest is Robert Waitman from Cisco with results from their recent Consumer Privacy Survey. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_06.html  Support our show

  • How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC
    on December 6, 2019 at 9:00 pm

    Money meant to fund an Israeli startup wound up directly deposited to the scammers.

  • Feds Crack Down on Money Mules, Warn of BEC Scams
    on December 6, 2019 at 7:34 pm

    Authorities say they have halted over 600 domestic money mules – exceeding the 400 money mules stopped last year.

  • News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules
    on December 6, 2019 at 7:24 pm

    In this past week, the authorities have cracked down on various BEC scams and cybercrime gangs.

  • Data Center Provider CyrusOne Confirms Ransomware Attack
    on December 6, 2019 at 5:30 pm

    The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.

  • Senators Call for End to Controversial NSA Program
    on December 6, 2019 at 5:15 pm

    The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.

  • Microsoft Research Team finds Password Reuse Rampant
    on December 6, 2019 at 5:12 pm

    What if I told you that 1.5% of publicly leaked passwords were still being used to sign in to Microsoft accounts? It doesn’t sound like much, but it actually equates to 44 million users still using leaked passwords for their Microsoft accounts. This is what the Microsoft research team found when it performed a scan The post Microsoft Research Team finds Password Reuse Rampant appeared first on IT Security Guru.

  • Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
    on December 6, 2019 at 5:00 pm

    Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?

  • Linux Bug Opens Most VPNs to Hijacking
    on December 6, 2019 at 4:54 pm

    In a coffee-shop scenario, attackers can hijack "secure" VPN sessions of those working remotely, injecting data into their TCP streams.

  • Quentyn Taylor – Rant of the Week
    on December 6, 2019 at 4:31 pm

    Quentyn Taylor, Director of Information Security at Canon Europe Ltd. has shared his Rant of the Week with the Guru! The post Quentyn Taylor – Rant of the Week appeared first on IT Security Guru.

  • Facebook Alleges Company Infiltrated User Accounts for Ad Fraud
    on December 6, 2019 at 3:01 pm

    Facebook has paid over $4 million to victims to reimburse them for the unauthorized ads purchased using their ad accounts.

  • Facebook Alleges Company Infiltrated Thousands for Ad Fraud
    on December 6, 2019 at 3:01 pm

    Facebook has paid over $4 million to victims to reimburse them for the unauthorized ads purchased using their ad accounts.

  • Success Enablers or Silent Killers?
    on December 6, 2019 at 3:00 pm

    These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.

  • HackerOne Bug Bounty Website Hacked
    on December 6, 2019 at 2:49 pm

    A hacker managed to compromise HackerOne, a company that itself pays white hat hackers to find security breaches for other companies. The hacker, identified only by the pseudonym haxta4ok00, figured out a way to compromise the HackerOne website and gain access to resources that allowed him to get information on other programs running on the

  • FBI announces $5 million bounty for information on Russian hackers behind Dridex attacks
    on December 6, 2019 at 2:49 pm

    The U.S. Department of Justice has announced that the State Department, in partnership with the FBI, have set a reward of up to $5 million for information that can lead to the arrest and conviction of two Russian hackers. Maksim V. Yakubets, 32, and Igor Turashev, 38, are allegedly responsible for several high-profile international computer

Feed sources:

  • https://www.schneier.com/blog/atom.xml
  • https://nakedsecurity.sophos.com/feed/
  • https://krebsonsecurity.com/feed/
  • http://feeds.feedburner.com/GoogleOnlineSecurityBlog
  • https://www.darknet.org.uk/feed/
  • https://www.darkreading.com/rss_simple.asp
  • https://www.imperva.com/blog/feed/
  • https://www.csoonline.com/index.rss
  • http://feeds.feedburner.com/TheHackersNews
  • https://taosecurity.blogspot.com/feeds/posts/default
  • https://technet.microsoft.com/en-us/security/rss/advisory
  • https://podcasts.files.bbci.co.uk/b01n7094.rss
  • https://labsblog.f-secure.com/feed/
  • https://dfirblog.wordpress.com/feed/
  • https://www.us-cert.gov/ncas/alerts.xml
  • https://threatpost.com/feed/
  • https://www.fireeye.com/blog/threat-research/_jcr_content.feed
  • https://feeds.feedburner.com/CiscoBlogThePlatform
  • http://feeds.feedburner.com/GrahamCluleysBlog
  • http://feeds.feedburner.com/TroyHunt
  • http://blogs.securiteam.com/index.php/feed
  • https://www.secureworks.com/rss?feed=blog
  • https://hotforsecurity.bitdefender.com/feed
  • http://www.itsecurityguru.org/feed/
  • https://blogs.technet.microsoft.com/msrc/feed/
  • https://blogs.technet.microsoft.com/mmpc/feed/

Have more RSS feeds to add to the list? Contact me. Thanks!