Get Your List of Top Infosec Journalists and Sources Today!

Become a Patron of Metacurity today and gain access to our exclusive quarterly lists ot top infosec journalists and resources.

Sponsor message. Interested in sponsoring Metacurity? Email us at info@metacurity.com and we’ll get back to you right away.


Latest News

2 years ago
Catalin Cimpanu / Bleeping Computer

Jury Convicts Former Anonymous Hacker Who DDoS’ed Children’s Hospital and Was Rescued by Disney Cruise Ship

A jury convicted a member of the Anonymous hacking collective, Martin Gottesfeld of Sommerville, Massachusetts, for a series of cyber-attacks he conducted in 2014. Gottesfeld was a member of the #OpJustina Anonymous campaign, which centered on the case of a young child removed by protective services from her parents’ custody and placed in the Wayside Youth and Family Support Network in Massachusetts. Gottesfeld and certain Anonymous members launched cyber-attacks against the Wayside facility in March 2014, followed by massive DDoS attacks the next month against Boston Children’s Hospital, which knocked the facility offline. Gottesfeld and his wife tried to flee to Cuba by boat only to find themselves in need of rescue, whereupon a Disney cruise ship responded to the distress call and took the two to Miami, where they were arrested. Gottesfeld’s sentence is scheduled for November 14.

2 years ago
Jordan Fabian / The Hill

White House Attempts to Neutralize Election Security Criticism By Rolling Out Top National Security Officials During Press Briefing

On the heels of a heavily PR-oriented cybersecurity summit hosted by Homeland Security this week, the White House rolled out five top national security officials during a White House press briefing in an effort to portray the administration as taking action against Russian efforts to interfere in the midterm elections. In a clear attempt to deflect criticism that the White House has been derelict in addressing election security matters, Dan Coats, Director of National Intelligence said that Donald Trump had “specifically directed us to make the matter of election meddling and securing our election process a top priority, and we have done that.” Coats was joined by John Bolton, Homeland Security Secretary Kirstjen Nielsen, FBI Director Christopher Wray and National Security Agency Director Gen. Paul Nakasone. Unlike Trump, who frequently denies that Russia interfered in the 2016 election, all the officials admitted that Russia did indeed attempt to interfere in the last election and continues to operate in the election system in a “malign” way.

2 years ago
Reinhardt Krause / Investor's Business Daily

Cisco to Buy Unified Access Security Start-Up Duo Security for $2.35 Billion

Cisco Systems has announced it will acquire privately held cloud-based unified access security and authentication start-up Duo Security for $2.35 billion, marking its biggest cybersecurity acquisition since the 2013 purchase of security company Sourcefire, for which Cisco paid $2.7 billion. With Duo, Cisco gains a greater toehold in the unified access and multifactor authentication market. Cisco said Duo will enable it to add authentication services throughout its application portfolio and customers’ networked devices.

ANNOUNCING METACURITY’S INFOSEC JOBS DESTINATION

Metacurity is now offering employers a unique way to reach out to thousands of elite infosec job candidates. Visit our infosec jobs destination today and take advantage of early-bird pricing.

(Sponsor message)


2 years ago
Sheera Frenkel and Kate Conger / New York Times

Facebook’s CSO Alex Stamos Will Join Stanford University in September, Facebook Won’t Fill His Position

Facebook’s high-profile Chief Security Officer Alex Stamos will leave the embattled social media giant on August 17, a departure that had been announced in March, and will join Stanford University in September as an adjunct professor. Stamos will also become part of a faculty working group called Information Warfare where he will examine the role of security and technology in society. Stamos’ three-year tenure at Facebook marked a period of increasing security threats to the dominant social media platform and Stamos helped the company identify the Russian actors who ran disinformation campaigns on the platform. He also became an outspoken critic of some of Facebook’s security, privacy, and data collection policies. Prior to joining Facebook, Stamos was briefly the Chief Information Security Officer at Yahoo, another Internet giant rocked by a series of massive and undisclosed data breaches. Stamos will not be replaced after he leaves, meaning that no one will hold the title of Chief Security Officer at Facebook.

2 years ago
Kieren McCarthy / The Register

‘Unhackable’ Bifi Wallet is Rife With Vulnerabilities and Has Been Thoroughly Hacked Within a Week

The $120 Wi-Fi connected Bitfi wallet, heavily promoted as “unhackable” complete with endorsements from John McAfee and a $350,000 bounty challenge mounted by the company, has been hacked within a week. The wallet, an inexpensive Android phone with components pulled out powered by a Mediatek MT6580 system-on-chip, doesn’t store the actual key used to access the crypto-currencies on the device itself. The bounty offered by Bitfi covers one specific method of theft, accessing coins on a stolen device, but there are many more attacks to which the device is vulnerable, including modifying the device so that it records and sends the key to a malicious third party. Crucially the device has no anti-tamper measures, meaning the back can be popped off and the hardware reprogrammed, among many other security flaws outlined by infosec researchers.

2 years ago
Catalin Cimpanu / Bleeping Computer

Massive Cryptojacking Campaign Spreading to MikroTik Routers Globally, Injects Coinhive Mining Script Into Potentially Millions of Web Pages

A massive cryptojacking campaign targeting MikroTik routers, which changes the devices’ configuration to inject a copy of the Coinhive in-browser cryptocurrency mining script in some parts of users’ web traffic, has been discovered by a researcher who goes by the name of MalwareHunterBR on Twitter and subsequently studied by researchers at Trustwave. The campaign appears to have been launched this week and was active mostly in Brazil, compromising 72,000 routers there, but is starting to target MikroTik routers all over the world. Hundreds of thousands of MikroTik devices are used by ISPs globally, with each device serving tens if not hundreds of users, raising the attack’s reach to millions of web pages. With the addition of a second Coinhive key being injected in the traffic of MikroTik routers, discovered by security researcher Troy Mursch, the total number of MicroTik routers infected is now 200,000. A Shodan search reveals over 1.7 million MikroTik routers available online.

2 years ago
John Geddie, Manuel Mogato / Reuters

Southeast Asian Nations Plan to Issue a Joint Cybersecurity Agreement With Russia

Following a series of high-profile hacks in Singapore and Asia, Southeast Asian nations plan to issue a joint agreement on cybersecurity with Russia in a document set to be issued by foreign ministers of the 10-member Association of Southeast Asian Nations (ASEAN) at the close of meetings underway with other global lawmakers in Singapore. “We welcome the further strengthening [of] our cooperation in cybersecurity with Russia through the issuance of the statement of ASEAN and Russian foreign ministers on cooperation in the field of cybersecurity,” a draft of the document states.

2 years ago
Lorenzo Franceschi-Bicchierai / Motherboard

Twenty-Year-Old College Student Allegedly Stole $5 Million in Cryptocurrency From 40 Victims in Elaborate SIM Swapping Scheme

Police arrested a 20-year-old University of Massachusetts student from Boston, Joel Ortiz, and charged him with hacking more than 40 phones along with unnamed accomplices and stealing $5 million in cryptocurrencies in an elaborate SIM swapping scheme to gain access to victims’ phone numbers. Ortiz and his accomplices allegedly targeted people involved in the world of cryptocurrency and blockchain, allegedly hacking several people during the high-profile Consensus conference in New York City in May. He faces 28 charges: 13 counts of identity theft, 13 counts of hacking, and two counts of grand theft, according to the complaint filed against him on the day before his arrest. Ortiz allegedly stole more than $1.5 million from a cryptocurrency entrepreneur, including nearly $1 million that he had crowdfunded in an ICO.

2 years ago
Karoun Demirjian / Washington Post

Senate Republicans Reject Additional Funding for 2018 Midterm Election Security

The U.S. Senate voted 50-47 against adding an amendment from Senator Patrick Leahy (D-VT) that would have provided election $250 million in state election security grants ahead of the 2018 midterm elections. Senate Republicans argued that the funding is not needed and that and states haven’t yet spent the $380 million previously approved by Congress. The Senate vote comes one day after Facebook revealed a complex disinformation campaign targeting the 2018 midterm elections and one week after Senator Claire McCaskill (D-MO) revealed she had been targeted by a Russian hacking effort.

Podcasts

2 years ago
Cracking Cyber Security

How can organisations leverage the power of AI?

This episode features an interview with Dr. Anton Grashion, managing director, security practice at Cylance who talks about how organizations can leverage the power of Artificial Intelligence.

2 years ago
ISC StormCast

Facebook #smishing; Port 52869 UPNP Attacks; Google/Microsoft Improve Security

Johannes Ullrich talks about Facebook Smishing Attack, Port 52869 UPNP Attacks, Microsoft Improves Account Security for Midterm Elections, Google Improves “Government Sponsored Attacks” Alert for GSuite.

2 years ago
Hack Naked News #183

DHS, AOL, and Breach Prevention

This week, hacking AOL style, DHS attempts to secure critical infrastructure, hacking for poison, ERP targeting, hacking 10,000 WordPress sites, prisoners steal things, wiping your car and get paid to hack your printer. Ed Sattar from QuickStart joins the podcast for expert commentary with some tips for breach prevention.

2 years ago
Security Conversations

Chad Loder, co-founder and CEO, Habitu8

Cybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.

Cybersecurity Events

June 25Breaking Security AwarenessVirtualVirtual
June 29Middle East CISO ForumVirtualVirtual
June 30FutureConVirtualVirtual
July 1SANS Firehose TrainingVirtualVirtual
July 8ICS LockdownVirtualVirtual
July 11BSides San AntonioVirtualVirtual
July 20-24DFRWSVirtualVirtual
July 25-Aug. 2HOPE: Hackers on Planet EarthVirtualVirtual
Aug. 4-5CANCELED BSides Las VegasLas Vegas, NVUSA
Aug. 1-6Virtual Black Hat USAVirtualVirtual
Aug. 6-9 DefconVirtualVirtual
Sept. 22-25WWHF DEADWOOD 2020Deadwood, SDUSA
Oct. 24-25GrrrconGrand Rapids, MIUSA


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!”


Please Support Us!

We need the help and support of our individual readers as we develop new forms of corporate support, including sponsorships and an information security job hub. Please support Metacurity’s  by one of the two following methods. If you have any questions at all, please don’t hesitate to contact us at info@metacurity.com

Patreon

We’ve launched a Patreon campaign to help you support the Metacurity community. Check it out and earn lots of goodwill from your infosec peers and even get a great Metacurity sticker, among other patron rewards!

One-Time or Recurring Payments

If you like to support our effort to truly become the end of cybersecurity information overload, chip in and for less than a proverbial cup of coffee you will be doing your part to help Metacurity survive. Please select one of the options below to ensure that Metacurity sticks around as an important information security resource.