Security News > 2020 > June

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn't quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. KrebsOnSecurity has learned that the phishing site Privnotes.com uses some kind of automated script that scours messages for bitcoin addresses, and replaces any bitcoin addresses found with its own bitcoin address.

In the coming years, poor implementation of edge computing solutions will leave organizations open to attack.

How organizations can realize the benefits of intent-based networking across their hybrid networks.

You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there-visible from a window-and measuring the amount of light it emits. A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim's room that contains an overhead hanging bulb.

I think we need more human organs with squid-like features. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting...

An infosec researcher reckons Whatsapp was a bit too quick off the mark to blame its users when hundreds of thousands of phone numbers, names and profile pictures were found to be easily accessible via Google. Athul Jayaram, a self-described "Full time bug bounty hunter", published a blog post earlier this week highlighting that a large number of Whatsapp users' mobile numbers could easily be found by searching Google for the domain "Wa.me".

Is reeling from a ransomware attack that knocked the city's network offline and prevented police officers from responding to non-life-threatening traffic crashes. Glenn Jacobs, the mayor of Knox county, said on Thursday, via Twitter, that while the county and city share basic network infrastructure, there's no evidence of compromise on the county's network.

Only 37% of "High performer" organizations monitor the risk of IoT devices used by third parties, and current IoT risk-management programs can't keep pace, study said. The report, A New Roadmap for Third Party IoT Risk Management, offered up a chart chronicling the differences between 2017, 2018, 2019, and 2020 in IoT and TPRM, and this year definitely shows an increase.

A honeypot created by Cybereason to lure cybercriminals and analyze their methods showed that ransomware attacks infiltrate their victims in multiple stages. Using a honeypot, researchers at security firm Cybereason were able to attract multiple criminals using ransomware and follow each stage of an attack.

Dell Technologies' Global Data Protection Index 2020 Snapshot takes a closer look at the disruptions plaguing organizations around the globe. "Vulnerabilities, if not addressed, can do lasting damage to a company. Businesses must become more resilient, such as implementing air-gapped solutions that are physically disconnected while protecting their data, as cyber criminals continue to seize new opportunities to cause disruptions," said Nelson Hsu, director of data protection solutions marketing at Dell Technologies.