Security News

DHS CISA warns of Iranian hackers' habit of deploying data-wiping malware

ZDNet Zero Day - Sun, 06/23/2019 - 03:15
CISA also warns against other Iranian hackers' favorite techniques: password spraying, credential stuffing, spear-phishing.
Categories: Security News

Data of 645k Oregonians exposed after nine DHS employees fell for a phishing attack

ZDNet Zero Day - Fri, 06/21/2019 - 17:37
Phishing attack lets hackers into Oregon DHS employee accounts.
Categories: Security News

Friday Squid Blogging: Squid Tea Bags

Schneier on Security - Fri, 06/21/2019 - 16:25
It's pu'er tea -- from Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

NASA hacked because of unauthorized Raspberry Pi connected to its network

ZDNet Zero Day - Fri, 06/21/2019 - 15:46
NASA described the hackers as an "advanced persistent threat," a term generally used for nation-state hacking groups.
Categories: Security News

Free proxy service found running on top of 2,600+ hacked WordPress sites

ZDNet Zero Day - Fri, 06/21/2019 - 13:20
WordPress sites hacked and infected with Ngioweb Linux malware; hijacked into commercial proxy service.
Categories: Security News

Backdoor Built into Android Firmware

Schneier on Security - Fri, 06/21/2019 - 11:42
In 2017, some Android phones came with a backdoor pre-installed: Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. Triada first came to light in 2016 in articles published by Kaspersky here and here, the first of which said the malware was "one of... Bruce Schneier
Categories: Security News

OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed

ZDNet Zero Day - Fri, 06/21/2019 - 10:15
OpenSSH to encrypt SSH private keys while at rest in a computer's RAM.
Categories: Security News

Amazon patent reveals drone surveillance as a service

ZDNet Zero Day - Fri, 06/21/2019 - 07:48
Could ‘SaaS’ take on a new meaning?
Categories: Security News

Fake News and Pandemics

Schneier on Security - Fri, 06/21/2019 - 05:10
When the next pandemic strikes, we'll be fighting it on two fronts. The first is the one you immediately think about: understanding the disease, researching a cure and inoculating the population. The second is new, and one you might not have thought much about: fighting the deluge of rumors, misinformation and flat-out lies that will appear on the internet. The... Bruce Schneier
Categories: Security News

This botnet exploits Android Debug Bridge to mine cryptocurrency on your device

ZDNet Zero Day - Fri, 06/21/2019 - 04:56
The mobile botnet is focused on compromising Android devices.
Categories: Security News

New Bird Miner malware targets Mac pirates

ZDNet Zero Day - Fri, 06/21/2019 - 04:01
The malware emulates Linux in its quest for cryptocurrency.
Categories: Security News

Ransomware gang hacks MSPs to deploy ransomware on customer systems

ZDNet Zero Day - Thu, 06/20/2019 - 18:49
Hackers breach MSPs and use Webroot SecureAnywhere console to infect customer PCs with the Sodinokibi ransomware.
Categories: Security News

Desjardins, Canada's largest credit union, announces security breach

ZDNet Zero Day - Thu, 06/20/2019 - 16:20
Data for 2.9 million bank members was taken from the bank's system by a now-fired employee.
Categories: Security News

Google pushes Nest cam update to prevent former owners spying on new buyers

ZDNet Zero Day - Thu, 06/20/2019 - 15:10
Former Nest cam owners could have accessed old devices despite cameras being reset to factory settings.
Categories: Security News

Mozilla fixes second Firefox zero-day exploited in the wild

ZDNet Zero Day - Thu, 06/20/2019 - 14:00
Two days after patching the first zero-day, Mozilla fixes a second one, used in the same attacks as the first.
Categories: Security News

How Apple's "Find My" Feature Works

Schneier on Security - Thu, 06/20/2019 - 12:27
Matthew Green intelligently speculates about how Apple's new "Find My" feature works. If you haven't already been inspired by the description above, let me phrase the question you ought to be asking: how is this system going to avoid being a massive privacy nightmare? Let me count the concerns: If your device is constantly emitting a BLE signal that uniquely... Bruce Schneier
Categories: Security News

Meds prescriptions for 78,000 patients left in a database with no password

ZDNet Zero Day - Thu, 06/20/2019 - 08:00
Database containing 390,000 Vascepa prescriptions for 78,000 patients left open on the internet.
Categories: Security News

Hacking Hardware Security Modules

Schneier on Security - Thu, 06/20/2019 - 06:56
Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of... Bruce Schneier
Categories: Security News

UK to withdraw from online porn block, censorship crusade

ZDNet Zero Day - Thu, 06/20/2019 - 06:33
Opinion: The irony is strong in enforcing ID verification laws when the government fails to implement its own legal checks.
Categories: Security News

Firefox zero-day was used in attack against Coinbase employees, not its users

ZDNet Zero Day - Thu, 06/20/2019 - 06:21
There were actually two zero-days -- not one -- combined into an exploit used in a spear-phishing attempt. Other cryptocurrency organizations were also targeted.
Categories: Security News