Security News

Half a Million IoT Device Passwords Published

Schneier on Security - Wed, 01/22/2020 - 06:09
It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a... Bruce Schneier
Categories: Security News

In enterprise attack wave, NetWire Trojan now buries itself in disk image files

ZDNet Zero Day - Wed, 01/22/2020 - 04:42
Enterprise companies are being targeted by a business email scam harnessing the Trojan.
Categories: Security News

German government to pay €800,000 in Windows 7 ESU fees this year

ZDNet Zero Day - Wed, 01/22/2020 - 02:28
The sum represents ESU fees for over 33,000 government workstations that are still running Windows 7, allowing German government systems to receive security updates for one more year.
Categories: Security News

Brazil Charges Glenn Greenwald with Cybercrimes

Schneier on Security - Tue, 01/21/2020 - 15:23
Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking: Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a "clear role in facilitating the commission of a crime." For... Bruce Schneier
Categories: Security News

Microsoft discovers new sLoad 2.0 (Starslord) malware

ZDNet Zero Day - Tue, 01/21/2020 - 14:27
sLoad malware gangs makes a comeback after having operations exposed last month.
Categories: Security News

US Cyber Command was not prepared to handle the amount of data it hacked from ISIS

ZDNet Zero Day - Tue, 01/21/2020 - 10:53
Operation Glowing Symphony was a success, but Cyber Command operators were not prepared for the amount of data they found in hacked ISIS accounts and servers.
Categories: Security News

FTCODE ransomware is now armed with browser, email password stealing features

ZDNet Zero Day - Tue, 01/21/2020 - 08:19
Encrypting your PC isn’t enough -- hackers want your email passwords, too.
Categories: Security News

Did you really 'like' that? How Chameleon attacks spring in Facebook, Twitter, LinkedIn

ZDNet Zero Day - Tue, 01/21/2020 - 08:00
Social networks impacted seem to disagree on the scope of the attack.
Categories: Security News

14% of Android app privacy policies contain contradictions about data collection

ZDNet Zero Day - Tue, 01/21/2020 - 06:56
An analysis of 11,430 Play Store apps found that 14.2% used a privacy policy with contradicting statements about user data collection practices.
Categories: Security News

SIM Hijacking

Schneier on Security - Tue, 01/21/2020 - 06:30
SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside... Bruce Schneier
Categories: Security News

UK's HMRC tax authority seeks tools to track down cryptocurrency criminals

ZDNet Zero Day - Tue, 01/21/2020 - 06:15
The project bid could also indicate the desire to monitor the cryptocurrency assets of taxpayers.
Categories: Security News

Antivirus vendors push fixes for EFS ransomware attack method

ZDNet Zero Day - Tue, 01/21/2020 - 05:00
Signature-based software may not be enough to protect Microsoft’s Windows EFS against evolving ransomware families.
Categories: Security News

Ubisoft sues operators of four DDoS-for-hire services

ZDNet Zero Day - Mon, 01/20/2020 - 14:03
Ubisoft delivers on threats it made in September 2019 and goes after website selling DDoS services that were used to launch attacks against Rainbow Six Siege servers.
Categories: Security News

Clearview AI and Facial Recognition

Schneier on Security - Mon, 01/20/2020 - 08:53
The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to... Bruce Schneier
Categories: Security News

Mitsubishi Electric discloses security breach, China is main suspect

ZDNet Zero Day - Mon, 01/20/2020 - 04:27
Mitsubishi Electric says hackers did not obtain sensitive information about defense contracts.
Categories: Security News

Betting companies given access to UK gov't information on millions of children

ZDNet Zero Day - Mon, 01/20/2020 - 03:29
Reports suggest a government database was misused for age verification purposes.
Categories: Security News

Citrix rolls out patches for critical ADC vulnerability exploited in the wild

ZDNet Zero Day - Mon, 01/20/2020 - 01:58
Citrix is racing to develop patches for software builds vulnerable to the severe bug.
Categories: Security News

LastPass is in the midst of a major outage

ZDNet Zero Day - Mon, 01/20/2020 - 01:50
LastPass issue appears to impact users with accounts dating back to 2014 and earlier.
Categories: Security News

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

ZDNet Zero Day - Sun, 01/19/2020 - 05:32
The list was shared by the operator of a DDoS booter service.
Categories: Security News

Microsoft warns about Internet Explorer zero-day, but no patch yet

ZDNet Zero Day - Fri, 01/17/2020 - 16:59
IE zero-day connected to last week's Firefox zero-day.
Categories: Security News