Global Cyber Security News

Here my intention is to list the latest most important cyber security news from world wide known websites. We can follow latest known development in cyber security sector. Since there are risks and uncertainties in world due to medicine problems, there can also be some risks in pc-mobile phone security risks because of cyber technology. So we can colloborate to check the latest news in one page in favor of community. You can see the latest news rss feeds systems in one page here, then you can check the source webpages for your works. For more details you can see the source pages. Here there are simply listed!

  • Lockscreen and Authentication Improvements in Android 11
    by Scott Westover on September 22, 2020 at 8:00 pm

    Posted by Haining Chen, Vishwath Mohan, Kevin Chyn and Liz Louis, Android Security Team[Cross-posted from the Android Developers Blog]As phones become faster and smarter, they play increasingly important roles in our lives, functioning as our extended memory, our connection to the world at large, and often the primary interface for communication with friends, family, and wider communities. It is only natural that as part of this evolution, we’ve come to entrust our phones with our most private information, and in many ways treat them as extensions of our digital and physical identities. This trust is paramount to the Android Security team. The team focuses on ensuring that Android devices respect the privacy and sensitivity of user data. A fundamental aspect of this work centers around the lockscreen, which acts as the proverbial front door to our devices. After all, the lockscreen ensures that only the intended user(s) of a device can access their private data. This blog post outlines recent improvements around how users interact with the lockscreen on Android devices and more generally with authentication. In particular, we focus on two categories of authentication that present both immense potential as well as potentially immense risk if not designed well: biometrics and environmental modalities. The tiered authentication model Before getting into the details of lockscreen and authentication improvements, we first want to establish some context to help relate these improvements to each other. A good way to envision these changes is to fit them into the framework of the tiered authentication model, a conceptual classification of all the different authentication modalities on Android, how they relate to each other, and how they are constrained based on this classification. The model itself is fairly simple, classifying authentication modalities into three buckets of decreasing levels of security and commensurately increasing constraints. The primary tier is the least constrained in the sense that users only need to re-enter a primary modality under certain situations (for example, after each boot or every 72 hours) in order to use its capability. The secondary and tertiary tiers are more constrained because they cannot be set up and used without having a primary modality enrolled first and they have more constraints further restricting their capabilities. Primary Tier - Knowledge Factor: The first tier consists of modalities that rely on knowledge factors, or something the user knows, for example, a PIN, pattern, or password. Good high-entropy knowledge factors, such as complex passwords that are hard to guess, offer the highest potential guarantee of identity. Knowledge factors are especially useful on Android becauses devices offer hardware backed brute-force protection with exponential-backoff, meaning Android devices prevent attackers from repeatedly guessing a PIN, pattern, or password by having hardware backed timeouts after every 5 incorrect attempts. Knowledge factors also confer additional benefits to all users that use them, such as File Based Encryption (FBE) and encrypted device backup. Secondary Tier - Biometrics: The second tier consists primarily of biometrics, or something the user is. Face or fingerprint based authentications are examples of secondary authentication modalities. Biometrics offer a more convenient but potentially less secure way of confirming your identity with a device. We will delve into Android biometrics in the next section. The Tertiary Tier - Environmental: The last tier includes modalities that rely on something the user has. This could either be a physical token, such as with Smart Lock’s Trusted Devices where a phone can be unlocked when paired with a safelisted bluetooth device. Or it could be something inherent to the physical environment around the device, such as with Smart Lock’s Trusted Places where a phone can be unlocked when it is taken to a safelisted location. Improvements to tertiary authentication While both Trusted Places and Trusted Devices (and tertiary modalities in general) offer convenient ways to get access to the contents of your device, the fundamental issue they share is that they are ultimately a poor proxy for user identity. For example, an attacker could unlock a misplaced phone that uses Trusted Place simply by driving it past the user's home, or with moderate amount of effort, spoofing a GPS signal using off-the-shelf Software Defined Radios and some mild scripting. Similarly with Trusted Device, access to a safelisted bluetooth device also gives access to all data on the user’s phone. Because of this, a major improvement has been made to the environmental tier in Android 10. The Tertiary tier was switched from an active unlock mechanism into an extending unlock mechanism instead. In this new mode, a tertiary tier modality can no longer unlock a locked device. Instead, if the device is first unlocked using either a primary or secondary modality, it can continue to keep it in the unlocked state for a maximum of four hours. A closer look at Android biometrics Biometric implementations come with a wide variety of security characteristics, so we rely on the following two key factors to determine the security of a particular implementation: Architectural security: The resilience of a biometric pipeline against kernel or platform compromise. A pipeline is considered secure if kernel and platform compromises don’t grant the ability to either read raw biometric data, or inject synthetic data into the pipeline to influence an authentication decision. Spoofability: Is measured using the Spoof Acceptance Rate (SAR). SAR is a metric first introduced in Android P, and is intended to measure how resilient a biometric is against a dedicated attacker. Read more about SAR and its measurement in Measuring Biometric Unlock Security. We use these two factors to classify biometrics into one of three different classes in decreasing order of security: Class 3 (formerly Strong) Class 2 (formerly Weak) Class 1 (formerly Convenience) Each class comes with an associated set of constraints that aim to balance their ease of use with the level of security they offer. These constraints reflect the length of time before a biometric falls back to primary authentication, and the allowed application integration. For example, a Class 3 biometric enjoys the longest timeouts and offers all integration options for apps, while a Class 1 biometric has the shortest timeouts and no options for app integration. You can see a summary of the details in the table below, or the full details in the Android Android Compatibility Definition Document (CDD). 1 App integration means exposing an API to apps (e.g., via integration with BiometricPrompt/BiometricManager, androidx.biometric, or FIDO2 APIs) 2 Keystore integration means integrating Keystore, e.g., to release app auth-bound keys Benefits and caveats Biometrics provide convenience to users while maintaining a high level of security. Because users need to set up a primary authentication modality in order to use biometrics, it helps boost the lockscreen adoption (we see an average of 20% higher lockscreen adoption on devices that offer biometrics versus those that do not). This allows more users to benefit from the security features that the lockscreen provides: gates unauthorized access to sensitive user data and also confers other advantages of a primary authentication modality to these users, such as encrypted backups. Finally, biometrics also help reduce shoulder surfing attacks in which an attacker tries to reproduce a PIN, pattern, or password after observing a user entering the credential. However, it is important that users understand the trade-offs involved with the use of biometrics. Primary among these is that no biometric system is foolproof. This is true not just on Android, but across all operating systems, form-factors, and technologies. For example, a face biometric implementation might be fooled by family members who resemble the user or a 3D mask of the user. A fingerprint biometric implementation could potentially be bypassed by a spoof made from latent fingerprints of the user. Although anti-spoofing or Presentation Attack Detection (PAD) technologies have been actively developed to mitigate such spoofing attacks, they are mitigations, not preventions. One effort that Android has made to mitigate the potential risk of using biometrics is the lockdown mode introduced in Android P. Android users can use this feature to temporarily disable biometrics, together with Smart Lock (for example, Trusted Places and Trusted Devices) as well as notifications on the lock screen, when they feel the need to do so. To use the lockdown mode, users first need to set up a primary authentication modality and then enable it in settings. The exact setting where the lockdown mode can be enabled varies by device models, and on a Google Pixel 4 device it is under Settings > Display > Lock screen > Show lockdown option. Once enabled, users can trigger the lockdown mode by holding the power button and then clicking the Lockdown icon on the power menu. A device in lockdown mode will return to the non-lockdown state after a primary authentication modality (such as a PIN, pattern, or password) is used to unlock the device. BiometricPrompt - New APIs In order for developers to benefit from the security guarantee provided by Android biometrics and to easily integrate biometric authentication into their apps to better protect sensitive user data, we introduced the BiometricPrompt APIs in Android P. There are several benefits of using the BiometricPrompt APIs. Most importantly, these APIs allow app developers to target biometrics in a modality-agnostic way across different Android devices (that is, BiometricPrompt can be used as a single integration point for various biometric modalities supported on devices), while controlling the security guarantees that the authentication needs to provide (such as requiring Class 3 or Class 2 biometrics, with device credential as a fallback). In this way, it helps protect app data with a second layer of defenses (in addition to the lockscreen) and in turn respects the sensitivity of user data. Furthermore, BiometricPrompt provides a persistent UI with customization options for certain information (for example, title and description), offering a consistent user experience across biometric modalities and across Android devices. As shown in the following architecture diagram, apps can integrate with biometrics on Android devices through either the framework API or the support library (that is, androidx.biometric for backward compatibility). One thing to note is that FingerprintManager is deprecated because developers are encouraged to migrate to BiometricPrompt for modality-agnostic authentications. Improvements to BiometricPrompt Android 10 introduced the BiometricManager class that developers can use to query the availability of biometric authentication and included fingerprint and face authentication integration for BiometricPrompt. In Android 11, we introduce new features such as the BiometricManager.Authenticators interface which allows developers to specify the authentication types accepted by their apps, as well as additional support for auth-per-use keys within the BiometricPrompt class. More details can be found in the Android 11 preview and Android Biometrics documentation. Read more about BiometricPrompt API usage in our blog post Using BiometricPrompt with CryptoObject: How and Why and our codelab Login with Biometrics on Android.

  • Improved malware protection for users in the Advanced Protection Program
    by Scott Westover on September 16, 2020 at 5:00 pm

    Posted by Daniel Rubery, Software Engineer, Chrome, Ryan Rasti, Software Engineer, Safe Browsing, and Eric Mill, Product Manager, Chrome Security Google’s Advanced Protection Program helps secure people at higher risk of targeted online attacks, like journalists, political organizations, and activists, with a set of constantly evolving safeguards that reflect today’s threat landscape. Chrome is always exploring new options to help all of our users better protect themselves against common online threats like malware. As a first step, today Chrome is expanding its download scanning options for users of Advanced Protection. Advanced Protection users are already well-protected from phishing. As a result, we’ve seen that attackers target these users through other means, such as leading them to download malware. In August 2019, Chrome began warning Advanced Protection users when a downloaded file may be malicious. Now, in addition to this warning, Chrome is giving Advanced Protection users the ability to send risky files to be scanned by Google Safe Browsing’s full suite of malware detection technology before opening the file. We expect these cloud-hosted scans to significantly improve our ability to detect when these files are malicious. When a user downloads a file, Safe Browsing will perform a quick check using metadata, such as hashes of the file, to evaluate whether it appears potentially suspicious. For any downloads that Safe Browsing deems risky, but not clearly unsafe, the user will be presented with a warning and the ability to send the file to be scanned. If the user chooses to send the file, Chrome will upload it to Google Safe Browsing, which will scan it using its static and dynamic analysis techniques in real time. After a short wait, if Safe Browsing determines the file is unsafe, Chrome will warn the user. As always, users can bypass the warning and open the file without scanning, if they are confident the file is safe. Safe Browsing deletes uploaded files a short time after scanning. Online threats are constantly changing, and it's important that users’ security protections automatically evolve as well. With the US election fast approaching, for example, Advanced Protection could be useful to members of political campaigns whose accounts are now more likely to be targeted. If you’re a user at high-risk of attack, visit to enroll in the Advanced Protection Program.

  • Announcing new reward amounts for abuse risk researchers
    by Aaron Stein on September 1, 2020 at 5:28 pm

    Posted by Marc Henson, Lead and Program Manager, Trust & Safety; Anna Hupa, Senior Strategist, at GoogleIt has been two years since we officially expanded the scope of Google’s Vulnerability Reward Program (VRP) to include the identification of product abuse risks. Thanks to your work, we have identified more than 750 previously unknown product abuse risks, preventing abuse in Google products and protecting our users. Collaboration to address abuse is important, and we are committed to supporting research on this growing challenge. To take it one step further, and as of today, we are announcing increased reward amounts for reports focusing on potential attacks in the product abuse space. The nature of product abuse is constantly changing. Why? The technology (product and protection) is changing, the actors are changing, and the field is growing. Within this dynamic environment, we are particularly interested in research that protects users' privacy, ensures the integrity of our technologies, as well as prevents financial fraud or other harms at scale. Research in the product abuse space helps us deliver trusted and safe experiences to our users. Martin Vigo's research on Google Meet's dial-in feature is one great example of an 31337 report that allowed us to better protect users against bad actors. His research provided insight on how an attacker could attempt to find Meet Phone Numbers/Pin, which enabled us to launch further protections to ensure that Meet would provide a secure technology connecting us while we're apart. New Reward Amounts for Abuse Risks What’s new? Based on the great submissions that we received in the past as well as feedback from our Bug Hunters, we increased the highest reward by 166% from $5,000 to $13,337. Research with medium to high impact and probability will now be eligible for payment up to $5,000. What did not change? Identification of new product abuse risks remains the primary goal of the program. Reports that qualify for a reward are those that will result in changes to the product code, as opposed to removal of individual pieces of abusive content. The final reward amount for a given abuse risk report also remains  at the discretion of the reward panel. When evaluating the impact of an abuse risk, the panels look at both the severity of the issue as well as the number of impacted users. What's next? We plan to expand the scope of Vulnerability Research Grants to support research preventing abuse risks. Stay tuned for more information! Starting today the new rewards take effect. Any reports that were submitted before September 1, 2020 will be rewarded based on the previous rewards table. We look forward to working closely together with the researcher community to prevent abuse of Google products and ensure user safety. Happy bug hunting!

  • Pixel 4a is the first device to go through ioXt at launch
    by Scott Westover on August 10, 2020 at 1:12 pm

    Posted by Eugene Liderman and Xevi Miro Bruix, Android Security and Privacy Team Trust is very important when it comes to the relationship between a user and their smartphone. While phone functionality and design can enhance the user experience, security is fundamental and foundational to our relationship with our phones.There are multiple ways to build trust around the security capabilities that a device provides and we continue to invest in verifiable ways to do just that. Pixel 4a ioXt certification Today we are happy to announce that the Pixel 4/4 XL and the newly launched Pixel 4a are the first Android smartphones to go through ioXt certification against the Android Profile. The Internet of Secure Things Alliance (ioXt) manages a security compliance assessment program for connected devices. ioXt has over 200 members across various industries, including Google, Amazon, Facebook, T-Mobile, Comcast, Zigbee Alliance, Z-Wave Alliance, Legrand, Resideo, Schneider Electric, and many others. With so many companies involved, ioXt covers a wide range of device types, including smart lighting, smart speakers, webcams, and Android smartphones. The core focus of ioXt is “to set security standards that bring security, upgradability and transparency to the market and directly into the hands of consumers.” This is accomplished by assessing devices against a baseline set of requirements and relying on publicly available evidence. The goal of ioXt’s approach is to enable users, enterprises, regulators, and other stakeholders to understand the security in connected products to drive better awareness towards how these products are protecting the security and privacy of users. ioXt’s baseline security requirements are tailored for product classes, and the ioXt Android Profile enables smartphone manufacturers to differentiate security capabilities, including biometric authentication strength, security update frequency, length of security support lifetime commitment, vulnerability disclosure program quality, and preloaded app risk minimization. We believe that using a widely known industry consortium standard for Pixel certification provides increased trust in the security claims we make to our users. NCC Group has published an audit report that can be downloaded here. The report documents the evaluation of Pixel 4/4 XL and Pixel 4a against the ioXt Android Profile. Security by Default is one of the most important criteria used in the ioXt Android profile. Security by Default rates devices by cumulatively scoring the risk for all preloads on a particular device. For this particular measurement, we worked with a team of university experts from the University of Cambridge, University of Strathclyde, and Johannes Kepler University in Linz to create a formula that considers the risk of platform signed apps, pregranted permissions on preloaded apps, and apps communicating using cleartext traffic. Screenshot of the presentation of the Android Device Security Database at the Android Security Symposium 2020 In partnership with those teams, Google created Uraniborg, an open source tool that collects necessary attributes from the device and runs it through this formula to come up with a raw score. NCC Group leveraged Uraniborg to conduct the assessment for the ioXt Security by Default category. As part of our ongoing certification efforts, we look forward to submitting future Pixel smartphones through the ioXt standard, and we encourage the Android device ecosystem to participate in similar transparency efforts for their devices. Acknowledgements: This post leveraged contributions from Sudhi Herle, Billy Lau and Sam Schumacher

  • Towards native security defenses for the web ecosystem
    by Google Security PR on July 22, 2020 at 8:52 pm

    Posted by Artur Janc and Lukas Weichselbaum, Information Security EngineersWith the recent launch of Chrome 83, and the upcoming release of Mozilla Firefox 79, web developers are gaining powerful new security mechanisms to protect their applications from common web vulnerabilities. In this post we share how our Information Security Engineering team is deploying Trusted Types, Content Security Policy, Fetch Metadata Request Headers and the Cross-Origin Opener Policy across Google to help guide and inspire other developers to similarly adopt these features to protect their applications.HistorySince the advent of modern web applications, such as email clients or document editors accessible in your browser, developers have been dealing with common web vulnerabilities which may allow user data to fall prey to attackers. While the web platform provides robust isolation for the underlying operating system, the isolation between web applications themselves is a different story. Issues such as XSS, CSRF and cross-site leaks have become unfortunate facets of web development, affecting almost every website at some point in time.These vulnerabilities are unintended consequences of some of the web's most wonderful characteristics: composability, openness, and ease of development. Simply put, the original vision of the web as a mesh of interconnected documents did not anticipate the creation of a vibrant ecosystem of web applications handling private data for billions of people across the globe. Consequently, the security capabilities of the web platform meant to help developers safeguard their users' data have evolved slowly and provided only partial protections from common flaws.Web developers have traditionally compensated for the platform's shortcomings by building additional security engineering tools and processes to protect their applications from common flaws; such infrastructure has often proven costly to develop and maintain. As the web continues to change to offer developers more impressive capabilities, and web applications become more critical to our lives, we find ourselves in increasing need of more powerful, all-encompassing security mechanisms built directly into the web platform.Over the past two years, browser makers and security engineers from Google and other companies have collaborated on the design and implementation of several major security features to defend against common web flaws. These mechanisms, which we focus on in this post, protect against injections and offer isolation capabilities, addressing two major, long-standing sources of insecurity on the web.Injection VulnerabilitiesIn the design of systems, mixing code and data is one of the canonical security anti-patterns, causing software vulnerabilities as far back as in the 1980s. It is the root cause of vulnerabilities such as SQL injection and command injection, allowing the compromise of databases and application servers.On the web, application code has historically been intertwined with page data. HTML markup such as <script> elements or event handler attributes (onclick or onload) allow JavaScript execution; even the familiar URL can carry code and result in script execution when navigating to a javascript: link. While sometimes convenient, the upshot of this design is that – unless the application takes care to protect itself – data used to compose an HTML page can easily inject unwanted scripts and take control of the application in the user's browser.Addressing this problem in a principled manner requires allowing the application to separate its data from code; this can be done by enabling two new security features: Trusted Types and Content Security Policy based on script nonces. Trusted TypesMain article: by Krzysztof KotowiczJavaScript functions used by developers to build web applications often rely on parsing arbitrary structure out of strings. A string which seems to contain data can be turned directly into code when passed to a common API, such as innerHTML. This is the root cause of most DOM-based XSS vulnerabilities.Trusted Types make JavaScript code safe-by-default by restricting risky operations, such as generating HTML or creating scripts, to require a special object – a Trusted Type. The browser will ensure that any use of dangerous DOM functions is allowed only if the right object is provided to the function. As long as an application produces these objects safely in a central Trusted Types policy, it will be free of DOM-based XSS bugs.You can enable Trusted Types by setting the following response header:We have recently launched Trusted Types for all users of My Google Activity and are working with dozens of product teams across Google as well as JavaScript framework owners to make their code support this important safety mechanism.Trusted Types are supported in Chrome 83 and other Chromium-based browsers, and a polyfill is available for other user agents.Content Security Policy based on script noncesMain article: Reshaping web defenses with strict Content Security PolicyContent Security Policy (CSP) allows developers to require every <script> on the page to contain a secret value unknown to attackers. The script nonce attribute, set to an unpredictable number for every page load, acts as a guarantee that a given script is under the control of the application: even if part of the page is injected by an attacker, the browser will refuse to execute any injected script which doesn't identify itself with the correct nonce. This mitigates the impact of any server-side injection bugs, such as reflected XSS and stored XSS.CSP can be enabled by setting the following HTTP response header:This header requires all scripts in your HTML templating system to include a nonce attribute with a value matching the one in the response header:Our CSP Evaluator tool can help you configure a strong policy. To help deploy a production-quality CSP in your application, check out this presentation and the documentation on the initial launch of CSP at Google, we have deployed strong policies on 75% of outgoing traffic from our applications, including in our flagship products such as GMail and Google Docs & Drive. CSP has mitigated the exploitation of over 30 high-risk XSS flaws across Google in the past two years.Nonce-based CSP is supported in Chrome, Firefox, Microsoft Edge and other Chromium-based browsers. Partial support for this variant of CSP is also available in Safari.Isolation CapabilitiesMany kinds of web flaws are exploited by an attacker's site forcing an unwanted interaction with another web application. Preventing these issues requires browsers to offer new mechanisms to allow applications to restrict such behaviors. Fetch Metadata Request Headers enable building server-side restrictions when processing incoming HTTP requests; the Cross-Origin Opener Policy is a client-side mechanism which protects the application's windows from unwanted DOM interactions.Fetch Metadata Request HeadersMain article: by Lukas WeichselbaumA common cause of web security problems is that applications don't receive information about the source of a given HTTP request, and thus aren't able to distinguish benign self-initiated web traffic from unwanted requests sent by other websites. This leads to vulnerabilities such as cross-site request forgery (CSRF) and web-based information leaks (XS-leaks).Fetch Metadata headers, which the browser attaches to outgoing HTTP requests, solve this problem by providing the application with trustworthy information about the provenance of requests sent to the server: the source of the request, its type (for example, whether it's a navigation or resource request), and other security-relevant metadata.By checking the values of these new HTTP headers (Sec-Fetch-Site, Sec-Fetch-Mode and Sec-Fetch-Dest), applications can build flexible server-side logic to reject untrusted requests, similar to the following:We provided a detailed explanation of this logic and adoption considerations at Importantly, Fetch Metadata can both complement and facilitate the adoption of Cross-Origin Resource Policy which offers client-side protection against unexpected subresource loads; this header is described in detail at Google, we've enabled restrictions using Fetch Metadata headers in several major products such as Google Photos, and are following up with a large-scale rollout across our application ecosystem.Fetch Metadata headers are currently sent by Chrome and Chromium-based browsers and are available in development versions of Firefox.Cross-Origin Opener PolicyMain article: by Eiji KitamuraBy default, the web permits some interactions with browser windows belonging to another application: any site can open a pop-up to your webmail client and send it messages via the postMessage API, navigate it to another URL, or obtain information about its frames. All of these capabilities can lead to information leak vulnerabilities:Cross-Origin Opener Policy (COOP) allows you to lock down your application to prevent such interactions. To enable COOP in your application, set the following HTTP response header:If your application opens other sites as pop-ups, you may need to set the header value to same-origin-allow-popups instead; see this document for details.We are currently testing Cross-Origin Opener Policy in several Google applications, and we're looking forward to enabling it broadly in the coming months.COOP is available starting in Chrome 83 and in Firefox 79.The FutureCreating a strong and vibrant web requires developers to be able to guarantee the safety of their users' data. Adding security mechanisms to the web platform – building them directly into browsers – is an important step forward for the ecosystem: browsers can help developers understand and control aspects of their sites which affect their security posture. As users update to recent versions of their favorite browsers, they will gain protections from many of the security flaws that have affected web applications in the past.While the security features described in this post are not a panacea, they offer fundamental building blocks that help developers build secure web applications. We're excited about the continued deployment of these mechanisms across Google, and we're looking forward to collaborating with browser makers and the web standards community to improve them in the future.For more information about web security mechanisms and the bugs they prevent, see the Securing Web Apps with Modern Platform Features Google I/O talk (video).

  • Week in security with Tony Anscombe
    by Editor on September 25, 2020 at 2:30 pm

    Bug let hijack Firefox browsers on other phones over Wi-Fi – NIST's new tool to help firms understand why staff fall for phishing – Almost 200 arrested in dark web crackdown The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

  • 5 tips for better Google Drive security
    by Amer Owaida on September 25, 2020 at 9:30 am

    As cloud storage solutions are becoming more and more popular, we look at several simple steps you can take to secure your files on Google Drive The post 5 tips for better Google Drive security appeared first on WeLiveSecurity

  • Ray‑Ban parent company reportedly suffers major ransomware attack
    by Amer Owaida on September 24, 2020 at 4:04 pm

    There is no evidence that cybercriminals were also able to steal customer data The post Ray‑Ban parent company reportedly suffers major ransomware attack appeared first on WeLiveSecurity

  • 179 arrested in massive dark web bust
    by Amer Owaida on September 23, 2020 at 4:01 pm

    The sting is said to be the US Government’s largest operation targeting crime in the internet’s seedy underbelly The post 179 arrested in massive dark web bust appeared first on WeLiveSecurity

  • New tool helps companies assess why employees click on phishing emails
    by Amer Owaida on September 22, 2020 at 5:00 pm

    NIST’s tool can help organizations improve the testing of their employees’ phish-spotting prowess The post New tool helps companies assess why employees click on phishing emails appeared first on WeLiveSecurity

  • Who is Tech Investor John Bernard?
    by BrianKrebs on September 25, 2020 at 1:21 pm

    John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.

  • Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw
    by BrianKrebs on September 24, 2020 at 5:00 pm

    Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft's warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest.

  • Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack
    by BrianKrebs on September 23, 2020 at 11:06 pm

    Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents.

  • Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack
    by BrianKrebs on September 17, 2020 at 10:03 pm

    The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and "supply chain" attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

  • Two Russians Charged in $17M Cryptocurrency Phishing Spree
    by BrianKrebs on September 16, 2020 at 8:53 pm

    U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

  • Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging
    by Bruce Schneier on September 25, 2020 at 7:39 pm

    I thought the virus doesn’t survive well on food packaging: Authorities in China’s northeastern Jilin province have found the novel coronavirus on the packaging of imported squid, health authorities in the city of Fuyu said on Sunday, urging anyone who may have bought it to get themselves tested. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

  • CEO of NS8 Charged with Securities Fraud
    by Bruce Schneier on September 25, 2020 at 11:21 am

    The founder and CEO of the Internet security company NS8 has been arrested and “charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud.” I admit that I’ve never even heard of the company before.

  • Iranian Government Hacking Android
    by Bruce Schneier on September 24, 2020 at 11:18 am

    The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group: The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging to the targets, overcoming obstacles created by encrypted applications such as Telegram and, according to Miaan, even gaining access to information on WhatsApp. Both are popular messaging tools in Iran. The hackers also have created malware disguised as Android applications, the reports said...

  • Documented Death from a Ransomware Attack
    by Bruce Schneier on September 23, 2020 at 11:03 am

    A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. I think this is the first documented case of a cyberattack causing a fatality. UK hospitals had to redirect patients during the 2017 WannaCry ransomware attack, but there were no documented fatalities from that event. The police are treating this as a homicide.

  • Interview with the Author of the 2000 Love Bug Virus
    by Bruce Schneier on September 22, 2020 at 6:35 pm

    No real surprises, but we finally have the story. The story he went on to tell is strikingly straightforward. De Guzman was poor, and internet access was expensive. He felt that getting online was almost akin to a human right (a view that was ahead of its time). Getting access required a password, so his solution was to steal the passwords from those who’d paid for them. Not that de Guzman regarded this as stealing: He argued that the password holder would get no less access as a result of having their password unknowingly “shared.” (Of course, his logic conveniently ignored the fact that the internet access provider would have to serve two people for the price of one.)...

  • Emotet Trojan is back as the world unlocks
    by Prashant Tilekar on September 26, 2020 at 5:46 am

    A threat actor named Emotet Trojan has been in the wild for more than 5 years, and now it is back after a 5 months break. It has spread globally, infecting new as well as old targets. It is re-launched with multiple Malspam Campaigns to distribute in all sectors. We…

  • How social media is used to commit financial fraud
    by Quickheal on September 21, 2020 at 9:45 am

    Social media is a fraudster’s heaven. There are billions of targets – Facebook itself had over 2.6 billion monthly active users in the first quarter of 2020. Because of the very nature of these platforms, users can be quite careless about the amount of personal information they post. For cybercriminals,…

  • The Biggest Cyberattacks of 2020…so far
    by Quickheal on September 16, 2020 at 8:09 am

    It’s been a crazy 2020 so far. The COVID-19 pandemic has ravaged the entire world, changing the nature of how human beings live and interact with each other. There have been other natural disasters that have caused tremendous loss of life and devastation. But that didn’t mean cybercriminals remained quiet….

  • If your smartphone is your life, here’s how you can keep it safe
    by Quickheal on September 8, 2020 at 3:17 pm

    We give a lot of thought when we think about upgrading our phones, but we often don’t give the same amount of consideration when it comes to our smartphone’s security. That’s a great pity because the prevalence of smartphones has made it a favorite target for all sorts of cybercriminals….

  • Your guide to new-age cybersecurity terms
    by Quickheal on August 31, 2020 at 12:32 pm

    Like every other sector, cybersecurity has its own lingo. Often, it can be difficult for us users to understand the nuances. If jargon and long lists of indecipherable acronyms are frustrating you, we’re here to keep you updated with the latest lingo in the cybersecurity world. Keep in mind though,…

  • Your data is not destined for China, assures TikTok’s UK boss
    by Chris Stokel-Walker on August 23, 2020 at 5:56 am

    The controversial app’s users are ignoring geopolitical battle over its digital security, says Richard Waterworth TikTok’s UK chief has strenuously denied the video-sharing app, which Donald Trump has threatened to ban, shares data with China. Richard Waterworth told the Observer that the UK and European arm of TikTok was growing quickly, despite the “turbulent” geopolitical battle in which the Chinese-born app has found itself. Continue reading...

  • MPs criticise privacy watchdog over NHS test-and-trace data
    by Alex Hern Technology editor on August 21, 2020 at 5:00 am

    UK information commissioner ‘must ensure government uses public’s data safely and legally’ Coronavirus – latest updates See all our coronavirus coverage A cross-party group of more than 20 MPs has accused the UK’s privacy watchdog of failing to hold the government to account for its failures in the NHS coronavirus test-and-trace programme. The MPs have urged Elizabeth Denham, the information commissioner, to demand that the government change the programme after it admitted failing to conduct a legally required impact assessment of its privacy implications. Continue reading...

  • Bank of England paid £3m in 'golden goodbyes' over 15 months
    by Jasper Jolly on August 9, 2020 at 12:57 pm

    Rise in settlements in 2019 included those paid to departing tech security staff shortly before major breach The Bank of England paid departing staff almost £3m in “golden goodbyes” over 15 months, at the same time as an exodus of workers from its information security team. Settlement payments to former staff surged to £2.3m in 2019, according to data provided to the Guardian under freedom of information laws. The Bank confirmed that former information security staff received some of the payments. Continue reading...

  • Ransomware attack on Garmin thought to be the work of 'Evil Corp'
    by Alex Hern UK technology editor on July 27, 2020 at 5:57 pm

    Russian cybercrime gang is believed to be responsible for taking Garmin services offline A ransomware attack that took the GPS and smartwatch business Garmin entirely offline for more than three days is believed to have been carried out by a Russian cybercriminal gang which calls itself “Evil Corp”. Garmin began to restore services to customers on Monday morning, after being held hostage for a reported ransom of $10m, although some services were still operating with limited functionality. Ransomware is the most common form of criminal malware currently in use. Targets are commonly infected through malicious emails, which may trick them into downloading and running the software, or through exploiting vulnerabilities in other software such as Adobe Flash. When the ransomware program is activated, it encrypts the user’s hard drive with a single use encryption key, before flashing up a message asking for ransom, typically in the form of a payment in the cryptocurrency Bitcoin. Related: Garmin down: how to still get your activities on to Strava Continue reading...

  • Smartwatch maker Garmin hit by outages after ransomware attack
    by Mark Sweney on July 24, 2020 at 7:49 am

    US company forced to shut down call centres, website and some other online services Garmin down: how to still get your activities on to Strava Garmin has been forced to shut down its call centres, website and some other online services after a ransomware attack encrypted the smartwatch maker’s internal network and some production systems. The US company shut down services including the official Garmin website and all customer services, including phone lines, online chat and email. Related: The five: ransomware attacks Ransomware is the most common form of criminal malware currently in use. Targets are commonly infected through malicious emails, which may trick them into downloading and running the software, or through exploiting vulnerabilities in other software such as Adobe Flash. When the ransomware program is activated, it encrypts the user’s hard drive with a single use encryption key, before flashing up a message asking for ransom, typically in the form of a payment in the cryptocurrency Bitcoin. Continue reading...

  • The Next Generation Security and Privacy Controls—Protecting the Nation’s Critical Assets
    by Ron Ross, Victoria Yan Pillitteri, Naomi Lefkovitz on September 23, 2020 at 12:00 pm

    It has been seven years since the last major update to NIST’s flagship security and privacy guidance document Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. Since 2013, the publication has been accessed or downloaded from the NIST web site millions of times. This month, NIST unveiled an historic update to its security and privacy controls catalog that will provide a solid foundation for protecting organizations and systems—including the personal privacy of individuals—well into the 21st century. NIST SP 800-53, Revision 5 is not just a

  • Threat Models for Differential Privacy
    by Joseph Near, David Darais on September 15, 2020 at 12:00 pm

    This post is part of a series on differential privacy. Learn more and browse all the posts published to date on the differential privacy blog series page in NIST’s Privacy Engineering Collaboration Space. It's not so simple to deploy a practical system that satisfies differential privacy. Our example in the last post was a simple Python program that adds Laplace noise to a function computed over the sensitive data. For this to work in practice, we'd need to collect all of the sensitive data on one server to run our program. What if that server gets hacked? Differential privacy provides no

  • Staff Spotlight: NIST Post-Quantum Cryptography
    by Angela Robinson on September 14, 2020 at 12:00 pm

    In July, NIST announced the third-round candidates for the Post Quantum Cryptography (PQC) Standardization Project, intended to determine the best algorithms to help form the first post-quantum cryptography standard. For decades, NIST has been actively involved in cryptography, and NIST mathematicians like Dr. Angela Robinson predict future quantum computers could break the current public-key cryptography tools. A solution is needed now to protect many current websites and applications from future attacks. We asked Dr. Robinson several questions about her work with post-quantum cryptography

  • Building the Federal Profile for IoT Device Cybersecurity | Post-Workshop Update
    by Katerina Megas on August 21, 2020 at 12:00 pm

    Thanks to everyone who attended our July 22-23 workshop, Building the Federal Profile for IoT Device Cybersecurity: Next Steps for Securing Federal Systems. And, of course, a special “thank you” to our panelists including government and industry representatives from around the United States and abroad. We were pleased to see over 500 participants – including nearly 200 attendees from the federal government representing nearly 30 agencies, as well as, state, local, and international government bodies. We were also grateful to have in attendance members of Congress, the news media, attorneys

  • HELP WANTED: Growing a Workforce for Managing Privacy Risk
    by Naomi Lefkovitz, Dylan Gilbert on August 20, 2020 at 12:00 pm

    It’s a very different world that we’re living in from the one in which we published the NIST Privacy Framework this past January. These changes have demonstrated that the need for effective privacy programs that can adapt to new risks has never been more important. A skilled workforce is a key pillar of an effective privacy program. As the framework roadmap stated, “Further development of a knowledgeable and skilled privacy workforce (to include privacy practitioners and other personnel whose duties require an understanding of privacy risks) is necessary to support organizations in better

  • Microsoft Windows XP Source Code Reportedly Leaked Online
    by (Swati Khandelwal) on September 26, 2020 at 6:23 pm

    Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's for the very first

  • Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
    by (Ravie Lakshmanan) on September 25, 2020 at 7:37 pm

    As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution—with default

  • FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations
    by (Unknown) on September 25, 2020 at 3:01 pm

    Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also

  • Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone
    by (Ravie Lakshmanan) on September 24, 2020 at 10:22 am

    Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What's more worrisome is that the flaw not only lets attackers

  • Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability
    by (Wang Wei) on September 23, 2020 at 6:09 pm

    If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the

  • Unique Passwords
    on September 28, 2020 at 5:00 am

    Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.

  • CEO Fraud
    on September 25, 2020 at 5:00 am

    CEO Fraud / BEC is a type of targeted attack. It commonly involves a cyber criminally pretending to be your boss, then tricking or fooling you into sending the criminal highly sensitive information or initiating a wire transfer. Be highly suspicious of any emails demanding immediate action and/or asking you to bypass any security procedures.

  • Email Auto-Complete
    on September 24, 2020 at 5:00 am

    Be careful with email auto-complete. This is an email feature that automatically completes a name for you when you begin typing it in the TO field. However, your email client can easily complete the wrong name for you. If you are emailing anything sensitive, always be sure to check the TO field a second time before hitting the send button.

  • Use Caution Opening Links Email Messages
    on September 23, 2020 at 5:00 am

    A common method cyber criminals use to hack into people's computers is to send them emails with malicious links. People are tricked into opening these links because they appear to come from someone or something they know and trust. If you click on a link, you may be taken to a site that attempts to harvest your information or tries to hack into your computer. Only click on links that you were expecting. Not sure about an email? Call the person to confirm they sent it.

  • Securing Your WiFi Access Point
    on September 22, 2020 at 5:00 am

    The first step to creating a cybersecure home is to start by securing your WiFi Access Point. Change your WiFi Access Points default adminstrator password to something only you know. Many WiFi Access Points or WiFi routers are shipped with default administrator passwords that are publicly known and posted on the Internet.

  • Back to School – Remote Learning Security Amid Covid-19 Pandemic
    by Danielle Siso on August 23, 2020 at 11:47 am

    Just as in every year, September marks the end of summer and the beginning of the school year. But whereas in years past the biggest issue facing many students was making sure they had the right gear or remembering the combination on their locker, the school looks very different in the time of COVID. One … The post Back to School – Remote Learning Security Amid Covid-19 Pandemic appeared first on ZoneAlarm Security Blog.

  • Protecting your Devices’ Mic from Hackers
    by Danielle Siso on August 10, 2020 at 5:05 pm

    Eavesdropping. It used to be something we did to people who shared the same space with us before text messages was a thing. We would put our ear against the door and desperately tried to pick up any parts we could of the secret conversation in the next room. Nowadays, we can have a conversation … The post Protecting your Devices’ Mic from Hackers appeared first on ZoneAlarm Security Blog.

  • Can My Webcam Be Accessed Remotely?
    by Danielle Siso on July 28, 2020 at 3:31 pm

    With the huge increase of people working from home due to Covid-19, millions of home laptops and desktops are laying around open, and with Zoom calls demanding our cameras to be open, webcam hacking even is a hot commodity for hackers these days. Webcam hacking, or ‘camfecting’ (camera + infecting), is a hacking technique that … The post Can My Webcam Be Accessed Remotely? appeared first on ZoneAlarm Security Blog.

  • Sextortion: All You Need to Know
    by Danielle Siso on July 14, 2020 at 5:53 pm

    Sextortion – a portmanteau of the words sex and extortion – is a broad term used to describe the practice of exploiting a person (usually in an attempt to get money) by threatening to reveal evidence of their sexual activity, often explicit photos or videos. Sextortion is not a new concept, and we can find … The post Sextortion: All You Need to Know appeared first on ZoneAlarm Security Blog.

  • Cyber Crimes on 4th of July Amid Corona Times
    by Danielle Siso on July 3, 2020 at 12:17 pm

    It’s clear to everyone that we are living in unprecedented times. Almost overnight, many of us have had to reassess how we work, socialize, do our groceries, and just about every other activity. Covid-19, and the social and economic upheaval many of us are feeling, has acted as a beacon to hackers. We can fight … The post Cyber Crimes on 4th of July Amid Corona Times appeared first on ZoneAlarm Security Blog.


Digiprove sealCopyright secured by Digiprove © 2020 Çağlar Özdemir
All original content on these pages is fingerprinted and certified by Digiprove
You cannot copy content of this page
%d bloggers like this: