Issue 1

San Francisco 'Muni' Hack: Crooks Threaten to Release 30GB Stolen Data

Hackers attacked the San Francisco public railway system over the Thanksgiving weekend with ransomware. The hackers allowed passengers to ride for free for two days due to the technical glitches, and they are also threatening to release about 30 Gigabytes of stolen employee data.

fortune.com

More Than 1 Million Google Accounts Breached by Gooligan

A new malware called Gooligan has been exposed on the Android platform. It attacks the Google products including Google Drive, Google Photos and G Suite. The malware is said to be breaching 13,000 devices every day.

checkpoint.com

IoT camera turned into a zombie in under two minutes

A security researcher hooked up his brand new security camera. Just 98 second later it was compromised by the Mirai botnet.

sophos.com

Great. Now Even Your Headphones Can Spy on You

Researchers at the Ben Gurion University in Israel have recently found a way to record what you are saying through your earphones, even when they are not connected to any device.

wired.com

Security Policy

America wonders what path Trump will tread on cybersecurity

Knowing full well that anything related to the new president-elect's policies is very uncertain, Sophos attempts to find out what the Trump presidency would mean for the Internet, cyber security and privacy.

sophos.com

McAfee Labs predicts 14 security developments for 2017

McAfee Labs has listed a set of security predictions for 2017. Among other things they include a decrease in ransomware attacks and Windows vulnerability exploits, but an increase in drone hijacking attacks and IoT malware. They even mention machine learning being used to enhance social engineering attacks.

helpnetsecurity.com

Measuring what matters in cybersecurity

An interview with Twilio CISO Richard Seiersen, discussing the difficulties in measuring cybersecurity risk.

csoonline.com

New book by O'Reilly on Ransomware

O'Reilly has released a new book talking on how to defend against digital extortion, aka ransomware. Judging from the table of contents it talks about when to pay up, who the people behind ransomware are, and which ransomware families exist.

oreilly.com

Security Technology

Node.js Foundation to oversee the Node.js Security Project

The Node.js Security Project, founded by Adam Baldwin, collects data around vulnerability and security flaws in the Node.js module ecosystem. It will soon become a part of the Node.js foundation, the industry-backed consortium tasked with advancing the Node.js ecosystem.

helpnetsecurity.com

Early Warning Detectors Using AWS Access Keys as Honeytokens

This article discusses so called 'honeytokens' for usage in AWS. Honeytokens are tokens that you don't use yourself, but for which you get an alert when they are being used by someone else.

komand.com