Security daily (29-12-2020)

Signing executables with HSM-backed certificates using multiple Windows instances

Customers use code signing certificates to digitally sign software, documents, and other certificates. Signing is a cryptographic tool that lets users verify that the code hasn’t been altered and that the software, documents or other certificates can be trusted. This blog post shows you how to configure your applications so you can use a key […] (AWS Security Blog)

UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

It’s been almost a year since an international sting took down WeLeakInfo, a site that marketed stolen personal data, but its alleged customers are still drawing the attention of law enforcement. The U.K.’s National Crime Agency says that 21 people have been arrested across the country recently for using data purchased on WeLeakInfo for criminal activity, including hacking and fraud. “Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release. The operation began Nov. 16 and will continue into next year, the agency said. Some WeLeakInfo users are being threatened with legal action rather than arrested outright. “A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially […] The post UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data appeared first on CyberScoop. (CyberScoop)

2020 Had Its Share Of Memorable Hacks And Breaches

(News ≈ Packet Storm)

Hackers Amp Up COVID-19 IP Theft Attacks

(News ≈ Packet Storm)

Japanese Aerospace Firm Kawasaki Warns Of Data Breach

(News ≈ Packet Storm)

How Your Digital Trails Wind Up In The Hands Of The Police

(News ≈ Packet Storm)

SEO Spam Links in Nulled Plugins

It’s not unusual to see website owners running things on a budget. Choosing a safe and reliable hosting company, buying a nice domain name, boosting posts on social media, and ranking on search engines — all this costs a lot of money. At the end of the day, some site owners may even choose to cut expenses by installing pirated (or nulled) software on their websites. Unfortunately, as discussed in some of our earlier posts about free software and fake verification, these “free” components may still come with a hefty price tag. Continue reading SEO Spam Links in Nulled Plugins at Sucuri Blog. (Sucuri Blog)

Lawsuit Claims Flawed Facial Recognition Led to Man’s Wrongful Arrest

Black man sues police, saying he was falsely ID’d by facial recognition, joining other Black Americans falling victim to the technology’s racial bias. (Threatpost)

6 Questions Attackers Ask Before Choosing an Asset to Exploit

David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses. (Threatpost)

Japanese Aerospace Firm Kawasaki Warns of Data Breach

The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data. (Threatpost)

2020 Work-for-Home Shift: What We Learned

Threatpost explores 5 big takeaways from 2020 -- and what they mean for 2021. (Threatpost)


/security-daily/ 30-12-2020 23:44:25