Cybersecurity Insiders

Ransomware attack makes US Company employees lose jobs

Cybersecurity Insiders

All these days we have seen malware stealing data and locking down data access for a ransom. Now, here’s a piece of different news that might grab your attention.

A company that was operating in the United States for 60 years was cyber-attacked in October last year, making the head of the company urged over 300 employees to leave their jobs and look for alternatives just before the Christmas 2019 holidays.

Full article

Naked Security

Don’t fall for the “Start your 2020 with a gift from us” scam…

Naked Security

Have you ever received items by courier from people overseas?

If so, you’ll know that sometimes – notably in the case of gifts, where the other person hasn’t told you what they’re sending – the courier company doesn’t deliver the item directly.

Sometimes you get an email saying that the item is delayed because the authorities want to inspect it; or there’s import duty; or there’s a supplementary delivery charge if you can’t collect it from the depot yourself.

And to help you get through the paperwork easily, there’s often a tracking code and a clickable link in the email.

Full article

WIRED

Russia Takes a Big Step Toward Internet Isolation

WIRED

Photograph: Alexander Nemenov/Getty Images

Over the holidays, the Russian government said it had completed a multi-day test of a national, internal internet known as RuNet, a bid to show that the country’s online infrastructure could survive even if disconnected from the rest of the world. Though Russia claims the initiative relates to cybersecurity, researchers and human rights advocates inside Russia and around the world argue that the test underscores Russia’s broader campaign to control and censor access to digital information within its borders.

….

The government is also investing 2 billion rubles — about $32 million — in a Russian Wikipedia alternative.

Full article

Our conclusion

This is a very tedious and disturbing development, especially for the Russian people!

Naked Security

7 types of virus – a short glossary of contemporary cyberbadness

Naked Security

OK, technically, this article is about malware in general, not about viruses in particular.

Strictly speaking, virus refers to a type of malware that spreads by itself, so that once it’s in your system, you may end up with hundreds or even thousands of infected files…

…on every computer in your network, and in the networks your network can see, and so on, and so on.

These days, however, the crooks don’t really need to program auto-spreading into their malware – thanks to always-on internet connectivity, the “spreading” part is easier than ever, so that’s one attention-grabbing step the crooks no longer need to use.

But the word virus has remained as a synonym for malware in general, and that’s how we’re using the word here.

So, for the record, here are seven categories of malware that give you a fair idea of the breadth and the depth of the risk that malware can pose to your organisation.

Full article

ZDNet

Russia successfully disconnected from the internet

ZDNet

The Russian government announced on Monday that it concluded a series of tests during which it successfully disconnected the country from the worldwide internet.

The tests were carried out over multiple days, starting last week, and involved Russian government agencies, local internet service providers, and local Russian internet companies.

Full article

Miscellanious

Twitter for Android Security Issue

We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages). Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.

We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution.

We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe. These instructions vary based on what versions of Android and Twitter for Android people are using. We recommend that people follow these instructions as soon as possible. If you are unsure about what to do, update to the latest version of Twitter for Android. This issue did not impact Twitter for iOS.

We’re sorry this happened and will keep working to keep your information secure on Twitter. You can reach out to our Office of Data Protection through this form to request information regarding your account security.

https://privacy.twitter.com/blog/2019/twitter-for-android-security-issue.html

Our conclusion

Change your Twitter password now and add two-factor authentication (using an app, not your phone) as soon as possible.

EFF

We Need To Save .ORG From Arbitrary Censorship By Halting the Private Equity Buy-Out

EFF

The .ORG top-level domain and all of the nonprofit organizations that depend on it are at risk if a private equity firm is allowed to buy control of it. EFF has joined with over 250 respected nonprofits to oppose the sale of Public Interest Registry, the (currently) nonprofit entity that operates the .ORG domain, to Ethos Capital. Internet pioneers including Esther Dyson and Tim Berners-Lee have spoken out against this secretive deal. And 12,000 Internet users and counting have added their voices to the opposition.

What’s the harm in this $1.135 billion deal? In short, it would give Ethos Capital the power to censor the speech of nonprofit organizations (NGOs) to advance commercial interests, and to extract ever-growing monopoly rents from those same nonprofits. Ethos Capital has a financial incentive to engage in censorship—and, of course, in price increases. And the contracts that .ORG operates under don’t create enough accountability or limits on Ethos’s conduct.

Full article

EFF

EFF Releases Certbot 1.0 to Help More Websites Encrypt Their Traffic

Electronic Frontier Foundation

The Electronic Frontier Foundation (EFF) today released Certbot 1.0: a free, open source software tool to help websites encrypt their traffic and keep their sites secure.

Certbot was first released in 2015, and since then it has helped more than two million website administrators enable HTTPS by automatically deploying Let’s Encrypt certificates. Let’s Encrypt is a free certificate authority that EFF helped launch in 2015, now run for the public’s benefit through the Internet Security Research Group (ISRG).

HTTPS is a huge upgrade in security from HTTP. For many years, web site owners chose to only implement HTTPS for a small number of pages, like those that accepted passwords or credit card numbers. However, in recent years, it has become clear that all web pages need protection. Pages served over HTTP are vulnerable to eavesdropping, content injection, and cookie stealing, which can be used to take over your online accounts.

Full article