May 7, 2021

A town in Japan built a giant squid statue with its COVID relief grant.

One local told the Chunichi Shimbun newspaper that while the statue may be effective in the long run, the money could have been used for “urgent support,” such as for medical staff and long-term care facilities.

But a spokesperson for the town told Fuji News Network that the statue would be a tourist attraction and part of a long term strategy to help promote Noto’s famous flying squid.

I am impressed by the town’s sense of priorities.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered…

Read More Friday Squid Blogging: COVID Relief Funds

The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The […]

The post Russia-linked APT29 group changes TTPs following April advisories appeared first on Security Affairs.

Read More Russia-linked APT29 group changes TTPs following April advisories

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, […]

The post 19 petabytes of data exposed across 29,000+ unprotected databases appeared first on Security Affairs.

Read More 19 petabytes of data exposed across 29,000+ unprotected databases

A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity:

The proposed curriculum aims to teach five-year-old children — an age at which Australian kids first attend school — not to share information such as date of birth or full names with strangers, and that they should consult parents or guardians before entering personal information online.

Six-and-seven-year-olds will be taught how to use usernames and passwords, and the pitfalls of clicking on pop-up links to competitions.

By the time kids are in third and fourth grade, they’ll be taught how to identify the personal data that may be stored by online services, and how that can reveal their location or identity. Teachers will also discuss “the use of nicknames and why these are important when playing online games.”…

Read More Teaching Cybersecurity to Children

HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Prologue: After my first success in bypassing APPROTECT readout protection of the NRF52-based Slok smartlock with #PocketGlitcher (i.e. video below), I started looking around […]

The post [Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure) appeared first on Security Affairs.

Read More [Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

John Bernard, a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish and head of a new “private office” called Hempton Business Management LLP.

Read More Investment Scammer John Davies Reinvents Himself?

VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware vRealize Business for Cloud. vRealize Business for Cloud is an automated cloud business management solution that allows customers to […]

The post VMware addresses critical RCE in vRealize Business for Cloud appeared first on Security Affairs.

Read More VMware addresses critical RCE in vRealize Business for Cloud

It’s finally time to go paperless. The pandemic has forced organizations to change the way they work. Tedious paper and in-person processes are out. Digitization and e-signatures are a must. Now, the ability to do business remotely is a necessity, said David Gaudio, Senior Content Writer at OneSpan. “The anywhere economy is here to stay,” […]

The post E-signatures essential for the anywhere economy first appeared on IT World Canada.

Read More E-signatures essential for the anywhere economy

This podcast reports on a series of hacks at restaurant online ordering platforms, Google forces users to add two-factor login authentication and a fake online product review scam revealed

The post Cyber Security Today, May 7, 2021 – Security of restaurant online ordering platforms questioned, Google gets tough with 2FA and product review scam revealed first appeared on IT World Canada.

Read More Cyber Security Today, May 7, 2021 – Security of restaurant online ordering platforms questioned, Google gets tough with 2FA and product review scam revealed

LinkedIn publishes its list of Canada’s top companies, and the tech industry is well-represented, Facebook shuts down advertisements from Signal, and it’s Google Docs versus Word on Twitter

The post Hashtag Trending, May 7, 2021 – Canada’s top tech companies in 2021; Facebook shuts down Signal ads; Google Docs VS Word first appeared on IT World Canada.

Read More Hashtag Trending, May 7, 2021 – Canada’s top tech companies in 2021; Facebook shuts down Signal ads; Google Docs VS Word

The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […]

The post Connecting the Bots – Hancitor fuels Cuba Ransomware Operations appeared first on Security Affairs.

Read More Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Let’s look at what types of threats each layer of the TCP/IP protocol stack may be susceptible to. The task of a computer security system is to safeguard the information transmitted over the network and to adequately preserve the data stored in it.  Excluding in this discussion threats due to natural disasters, we can classify […]

The post Possible attacks on the TCP/IP protocol stack and countermeasures appeared first on Security Affairs.

Read More Possible attacks on the TCP/IP protocol stack and countermeasures