A prison video visitation service exposed private calls between inmates and their attorneys

Thousands of calls were spilling from an unprotected server. Fearing the spread of coronavirus, jails and prisons remain on lockdown. Visitors are unable to see their loved ones serving time, forcing friends and families to use prohibitively expensive video visitation services that often don't work.

TechCrunch

SnykCon | Snyk

SnykCon is a free, multi-track event designed to help development, security and operations teams accelerate the development of secure software. 100% of the proceeds will benefit our charitable partner The Bill & Melinda Gates Foundation. Discover the best practices and technologies for integrating development and security teams, tools, and processes to accelerate your company's development of secure software.

Snyk

Trickbot and the Context of Cyber Warfare

TrickBot was in the news quite a bit in early October 2020. Starting with reports of TrickBot disruption in late September 2020 subsequently linked to United States Cyber Command (USCC), events ramped up with an independent coordinated infrastructure take-down organized by Microsoft coming shortly thereafter.

Stranded on Pylos

Ryuk's Return

The Ryuk group went from an email to domain wide ransomware in 29 hours and asked for over $6 million to unlock our systems. They used tools such as Cobalt Strike, AdFind, WMI, vsftpd, PowerShell, PowerView, and Rubeus to accomplish their objective.

The DFIR Report

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

There's an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Krebsonsecurity

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug

Microsoft has pushed out fixes for 87 security vulnerabilities in October - 11 of them critical - and one of those potentially wormable. This month's Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.

Threatpost

MEGA Provided Suspended Account Files to FBI in Child Porn Case

Image: Brendon O'Hagan/Bloomberg via Getty Images Do you know anything else about what sort of data companies provide to law enforcement? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de , or email joseph.cox@vice.com .

Vice

Smashing Security

A helpful and hilarious take on the week's tech SNAFUs. Computer security industry veterans Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy. It's not your typical cybersecurity podcast... Winner: "Best Security Podcast 2018" and "Best Security Podcast 2019."

Smashing Security

Cyber Command, Microsoft take action against Trickbot botnet before Election Day

Written by Shannon Vavra Oct 12, 2020 | CYBERSCOOP TrickBot's margin for success just got a lot smaller. The Pentagon's offensive hacking arm, Cyber Command, has carried out an operation to hinder the ability of TrickBot, one of the world's largest botnets, from attacking American targets, according to one U.S.

CyberScoop

Hackney Borough Council suffers serious cyber attack

Hackney Borough Council in north London has fallen victim to a serious cyber attack which is disrupting many of its services and IT systems. The Council revealed some details about the security incident in an online post published today on its website, stating that it was working closely with the National Cyber Security Centre (NCSC) and external cyber security experts to investigate the scope of the breach.

Computing

Investigation details how a hacking group called OceanLotus has been spying on Vietnamese opposition members and dissidents for years, including in Germany

BR24: Investigation details how a hacking group called OceanLotus has been spying on Vietnamese opposition members and dissidents for years, including in Germany

Techmeme