Comments on: Looking back last decade 2010-2019

By: Tomi Engdahl

Tomi Engdahl — Sun, 28 Jun 2020 12:20:47 +0000

https://www.infosecurity-magazine.com/news/ransomware-demands-soared-950-in/

By: Tomi Engdahl

Tomi Engdahl — Fri, 26 Jun 2020 20:12:11 +0000

https://techcrunch.com/2020/06/14/where-are-all-the-robots/

By: Tomi Engdahl

Tomi Engdahl — Thu, 25 Jun 2020 08:52:04 +0000

OneZero :
Inside DayLife Army, a social media cult, spun off from a Facebook group, that seduces young people with empty promises of a better worldF

Inside the Social Media Cult That Convinces Young People to Give Up Everything
The DayLife Army always seemed like a troll. Then it became a nightmare.
https://onezero.medium.com/inside-the-social-media-cult-that-convinces-young-people-to-give-up-everything-f3878fbec632

By: Tomi Engdahl

Tomi Engdahl — Mon, 22 Jun 2020 07:58:27 +0000

Joseph Cox / VICE:
In 2019, just days after NSO Group unveiled a human rights policy for the use of its malware, Amnesty International says an activist was hacked with NSO tools

Days After New Human Rights Policy, NSO Client Hacked an Activist
https://www.vice.com/en_us/article/v7gbpj/nso-group-human-rights-hacked-activist

The finding comes as part of a new technical report into a series of NSO attacks from Amnesty International.

By: Tomi Engdahl

Tomi Engdahl — Sun, 21 Jun 2020 19:42:54 +0000

Assessing Kurzweil predictions about 2019: the results
https://www.lesswrong.com/posts/NcGBmDEe5qXB7dFBF/assessing-kurzweil-predictions-about-2019-the-results

By: Tomi Engdahl

Tomi Engdahl — Thu, 18 Jun 2020 05:58:14 +0000

Operation In(ter)ception: Aerospace and military companies in the
crosshairs of cyberspies
https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/
At the end of last year, we discovered targeted attacks against
aerospace and military companies in Europe and the Middle East, active
from September to December 2019. A collaborative investigation with
two of the affected European companies allowed us to gain insight into
the operation and uncover previously undocumented malware. This
blogpost will shed light on how the attacks unfolded. The full
research can be found in our white paper, Operation In(ter)ception:
Targeted attacks against European aerospace and military companies.
While we did not find strong evidence connecting the attacks to a
known threat actor, we discovered several hints suggesting a possible
link to the Lazarus group, including similarities in targeting,
development environment, and anti-analysis techniques used. PDF
report:
https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf

By: Tomi Engdahl

Tomi Engdahl — Thu, 11 Jun 2020 06:58:18 +0000

Ransomware attacks spike by 140%, 57% of organizations agree to pay
https://atlasvpn.com/blog/ransomware-attacks-spike-by-140-57-of-organizations-agree-to-pay
Data extracted and analyzed by Atlas VPN reveals, the amounts of
demanded ransom payments increased by 140%, comparing the numbers of
2018 to 2019. More and more organizations succumb to blackmail: 57% of
organizations settled and paid the ransom during the last 12 months.

By: Tomi Engdahl

Tomi Engdahl — Tue, 09 Jun 2020 10:56:32 +0000

Nearly 1,000 Vulnerabilities Found in Popular Open Source Projects in 2019
https://www.securityweek.com/nearly-1000-vulnerabilities-found-popular-open-source-projects-2019

Nearly 1,000 vulnerabilities were found in popular open source projects in 2019, more than double compared to the previous year, according to a report published on Monday by risk management company RiskSense.

RiskSense has analyzed 54 open source projects in which nearly 2,700 vulnerabilities were reported between 2015 and March 2020. Overall, the Jenkins automation server and MySQL had the most vulnerabilities reported during this timeframe, with more than 600 flaws each. For each of these pieces of software, 15 vulnerabilities were weaponized (i.e. public exploit code exists).

Some projects, such as Vagrant, Alfresco and Artifactory have only a few vulnerabilities, but high weaponization rates.

By: Tomi Engdahl

Tomi Engdahl — Mon, 27 Apr 2020 14:02:57 +0000

It is human stupidity that started reveals the data was a major issue:
‘The words “unsecured database” seemed to run on repeat through security journalism in 2019.’
https://www.cnet.com/news/2019-data-breach-hall-of-shame-these-were-the-biggest-data-breaches-of-the-year/

By: Tomi Engdahl

Tomi Engdahl — Mon, 27 Apr 2020 04:53:36 +0000

2019 Data Breach Hall of Shame: These were the biggest data breaches of the year
We never want to hear the words “unsecured database” ever again.
https://www.cnet.com/news/2019-data-breach-hall-of-shame-these-were-the-biggest-data-breaches-of-the-year/