Thursday, July 2

Cyber Security

Cyber Security

5 New InfoSec Job Training Trends: What We’re Studying During COVID-19
Cyber Security

5 New InfoSec Job Training Trends: What We’re Studying During COVID-19

With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not? ') } else document.write('') When things change, the most successful organizations and individuals are those who can learn from the new environment and adapt to the new requirements. In the age of COVID-19, what lessons have infosec professionals been able and willing to learn? Whether you have been busier than ever or recently joined the ranks of the unemployed, cybersecurity pros have been learning new skills to get by -- training in the school of hard knocks or in more formal settings. So we asked: What types of security training modules have become more or less popular? What types of skill sets are people interested in developing now and w...
HackerOne’s 2020 Top 10 public bug bounty programs
Cyber Security

HackerOne’s 2020 Top 10 public bug bounty programs

HackerOne, a company that hosts bug bounty programs for some of the world's largest companies, has published today its ranking for the Top 10 most successful programs hosted on its platform.The ranking is based on the total amount of bounties awarded to hackers by each company, as of April 2020.HackerOne's 2020 list is the second edition of this ranking, with the first published last year. The 2019 Top 10 ranking was: (1) Verizon Media, (2) Uber, (3) PayPal, (4) Shopify, (5) Twitter, (6) Intel, (7) Airbnb, (8) Ubiquiti Networks, (9) Valve, and (10) GitLab.In 2020, there have been some shifts in the Top 10, but the leader remained the same, with Verizon Media still retaining is positi...
No Internet Access? Amid Protests, Here’s How to Tell Whether the Government Is Behind it
Cyber Security

No Internet Access? Amid Protests, Here’s How to Tell Whether the Government Is Behind it

Government-mandated Internet shutdowns occur far more regularly than you might expect. Since the death of George Floyd at the hands of Minneapolis law enforcement on May 25, millions of people worldwide have taken to the streets to protest police violence. But one oft-used government tactic in some countries to limit the ability of their citizens to communicate and organize has been absent so far: There have been virtually no reports of state-mandated Internet shutdowns in response to the protest. Part of the reason for that is it's much harder to diagnose cellular connectivity problems when thousands of people flood into one neighborhood, all demanding to use mobile phone infrastructure that wasn't designed to handle so many devices at once. While one of the few instances of a US governme...
‘GoldenSpy’ Malware Hidden in Tax Software Spies on Companies Doing Business in China
Cyber Security

‘GoldenSpy’ Malware Hidden in Tax Software Spies on Companies Doing Business in China

Advanced persistent threat (APT) campaign aims to steal intelligence secrets from foreign companies operating in China. A newly discovered attack campaign infiltrated a UK-based technology company via tax payment software required by a Chinese bank in order to conduct business in China. Researchers at Trustwave found the so-called GoldenSpy malware during a threat-hunting operation on behalf of the victim UK company in mid-April. The UK company, which Trustwave did not disclose in its newly published research, has strong ties to the defense industry and does significant business in the US, Australia, and the UK; it recently opened operations in China. Brian Hussey, Trustwave's vice president of cyber threat detection and response, says the attackers used a backdoor to take control of the U...
5 New InfoSec Job Training Trends: What We’re Studying During COVID-19
Cyber Security

5 New InfoSec Job Training Trends: What We’re Studying During COVID-19

With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not? ') } else document.write('') When things change, the most successful organizations and individuals are those who can learn from the new environment and adapt to the new requirements. In the age of COVID-19, what lessons have infosec professionals been able and willing to learn? Whether you have been busier than ever or recently joined the ranks of the unemployed, cybersecurity pros have been learning new skills to get by -- training in the school of hard knocks or in more formal settings. So we asked: What types of security training modules have become more or less popular? What types of skill sets are people interested in developing now and w...
HackerOne Reveals Top 10 Bug-Bounty Programs
Cyber Security

HackerOne Reveals Top 10 Bug-Bounty Programs

Rankings based on total bounties paid, top single bounty paid, time to respond, and more.HackerOne, a platform on which companies offer bug bounties, has released its annual list of the biggest and most lucrative programs being offered. For the second consecutive year, Verizon Media has the No. 1 program, with more than $9.4 million in bounties paid as of April. The No. 10 program on the list belongs to Airbnb, which paid a total of $944,000 and a top bounty of $15,000. Between the two were the bug-bounty programs of companies like PayPal, Uber, GitLab, and Mail.ru, which paid total bounties ranging from $3 million to $987,000. In addition to total bounties paid, the rankings were based on factors including top single bounty paid, time to respond, time to bounty payout, and the number of h...
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
Cyber Security

Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years

Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.Russian national Alexei Yurievich Burkov has been sentenced to nine years in federal prison for his operation of two websites, CardPlanet and Direct Connection, dedicated to payment card fraud, computer hacking, and other crimes, the Department of Justice said late last week. CardPlanet was a so-called "carding" website built to sell credit and debit card numbers stolen through computer hacking. Many of the card numbers sold belonged to US citizens, and more than 150,000 stolen payment card numbers were sold on CardPlanet, resulting in at least $20 million in fraudulent purchases made with US payment card accounts. The price of stolen payment cards ranged fr...
University of California SF Pays Ransom After Medical Servers Hit
Cyber Security

University of California SF Pays Ransom After Medical Servers Hit

As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.The University of California San Francisco paid about $1.14 million to ransomware operators earlier this month after its malware compromised several important servers in the UCSF School of Medicine and encrypted them to prevent access, UCSF administrators stated on June 26. The crypto-ransomware attacks, which have been attributed to the NetWalker group, also reportedly hit Michigan State University and Columbia College of Chicago. UCSF, which has pursued a substantial amount of research on coronavirus and COVID-19, stated that the attacks had not affected that research, nor had an impact on the operations of its medic...
HackerOne’s 2020 Top 10 public bug bounty programs
Cyber Security

HackerOne’s 2020 Top 10 public bug bounty programs

HackerOne, a company that hosts bug bounty programs for some of the world's largest companies, has published today its ranking for the Top 10 most successful programs hosted on its platform.The ranking is based on the total amount of bounties awarded to hackers by each company, as of April 2020.HackerOne's 2020 list is the second edition of this ranking, with the first published last year. The 2019 Top 10 ranking was: (1) Verizon Media, (2) Uber, (3) PayPal, (4) Shopify, (5) Twitter, (6) Intel, (7) Airbnb, (8) Ubiquiti Networks, (9) Valve, and (10) GitLab.In 2020, there have been some shifts in the Top 10, but the leader remained the same, with Verizon Media still retaining is positi...
A hacker gang is wiping Lenovo NAS devices and asking for ransoms
Cyber Security

A hacker gang is wiping Lenovo NAS devices and asking for ransoms

A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.Attacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams.Attacks appear to have targeted only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password.ZDNet was able to identify around 1,000 such devices using a Shodan search.Many o...