Press Coverage

North Korean websites go dark after botched server upgrade | NK News

More than a dozen North Korean websites were knocked off the internet on Tuesday morning due to a failed software update, according to screenshots obtained by NK News. Websites affected by the outage included the online presence of The Pyongyang Times, the Ministry Of Public Health and at least 14 other sites hosted on the same server, records on the internet’s Domain Name System (DNS) showed. “The fact these websites are hosted on a single server which is liable to be taken offline by such out

North Koreans sharpen their cyberskills at online coding competitions

Free platforms may offer insights to threat researchers but help the DPRK build its cyber force, experts say Dozens of North Korean software developers appear to be honing their skills on freely accessible coding platforms that may help the DPRK build its cyber force, an NK Pro investigation of profiles across several such websites showed. But cybersecurity experts said that the participation of North Korean programmers in these coding competitions may also reveal interests, techniques and prog

North Korean hackers breached sensitive defense network at Russian firm

DPRK-linked Lazarus Group accessed restricted data by using “highly interesting technique,” according to Kaspersky In a successful attack that shows how quickly North Korean hackers are able to evolve, the DPRK-linked Lazarus Group stole sensitive information from a Russian defense firm, cybersecurity firm Kaspersky said on Thursday. According to the report, the hackers compromised a router in mid-2020 to create a bridge into a strictly separated network — a “highly interesting technique” that

Security concerns hamper IoT adoption

In its annual Internet of Things (IoT) survey, Internet of Things World found an overwhelming majority of (85 per cent) believe that security concerns remain a major obstacle to the roll out of IoT. Almost two-thirds (64 per cent) of respondents said end-to-end IoT security is their top short-term priority, surpassing machine learning and artificial intelligence (AI). With IoT potentially flooding wireless networks with billions of new connected devices, security must be a top priority for engi

The IET - From apprentice to Chartered Engineer: at just 24

“As studying took a larger share of my time, I took a role working with embedded electronics for road traffic systems at a more traditional engineering firm,” he says. “About five years ago I was headhunted by an internet infrastructure and cybersecurity firm I had always wanted to work for.” Now an Engineering Manager, Junade leads an Operations Research team in charge of developing technologies in Artificial Intelligence and formally verified software to drive improvements in cybersecurity an

mobilesyrup - 'Have I Been Pwned' creator to take service open source

Online security is a significant issue these days, and as people rely more on internet services, their libraries of accounts and login credentials also grow. Unfortunately, it’s practically guaranteed that somewhere along the line, attackers will breach a service you use and expose your passwords, login details and more. There are plenty of tools to help mitigate the threat — password managers, biometric authentication and two-factor authentication (2FA) can all help. Another popular tool is a

The Verge - Have I Been Pwned — which tells you if passwords were breached — is going open source

These days, we almost take it as a given that piss-poor security will inevitably expose some of your usernames and passwords to the world — that’s why 2FA is so important, and why you might want a password checkup tool like the ones now built into every modern browser (well, Safari is coming soon) so you can quickly replace the ones that were stolen. But nearly all of those password checkup tools owe something to Troy Hunt’s Have I Been Pwned, which was kind of a novel idea when it first launch

The Register - Firefox hooks up with HaveIBeenPwned for account pwnage probe

Firefox has started testing an easier way for users to check whether they're using an online service that has been hacked, through integration with Troy Hunt's HaveIBeenPwned database. The hookup will work like this: part of a user's email address is hashed, and this hash is used to check if the address appears in HaveIBeenPwned's database of 5.1 billion email addresses linked to compromised internet accounts. The “Firefox Monitor” test will start with 250,000 users, mostly in the US, accordin

Threat Post - Mozilla Announces Firefox Monitor Tool Testing, Firefox 61

Mozilla has made some sweeping security announcements this week: On Monday, the company announced it is testing a new security tool called Firefox Monitor, which the firm said securely checks to see if users’ accounts have been hacked. That news came just as the browser giant released Firefox 61 for Windows, Mac, Linux and Android. The testing of Firefox Monitor also comes on the heels of Mozilla’s partnership with Cloudflare and Have I Been Pwned (HIBP). Similar to the existing function of HI

TechRepublic - Mozilla’s new Firefox service can tell users if they’re a victim of a data breach

Mozilla is integrating with the online tool Have I Been Pwned to alert users if they are at risk following website hacks. Mozilla is now offering the ability to check if Firefox users have been the victim of data breaches through the new Firefox Monitor service. The service uses the dataset of the popular website Have I Been Pwned? (HIBP), which collects and analyzes the database dumps disseminated in the darker corners of the internet. From this dataset, both users of HIBP and Mozilla's Firefo

Junade Ali AMA on

Hello! I'm Junade; by day I work at Cloudflare, focussing on running the Support Operations engineering group. By night, I work on a PhD in theoretical computer science. I started my developer career at 16, initially working as a web dev for a mental health charity before entering the Digital Agency world; eventually working my way up to being the Lead Developer of the largest digital agency in the UK (by headcount). After leaving the agency world, I worked on mission critical road safety softw

Threat Post - Revamp of ‘Pwned Passwords’ Boosts Privacy and Size of Database

Researcher Troy Hunt announced a major revamp of his Pwned Passwords tool that includes more passwords, added features and tightened privacy for organizations who want to check if their in-use passwords can easily be cracked. In V2 of Pwned Passwords, launched last week, Hunt updated his password data set from 320 million passwords to 501 million new passwords, pulled from almost 3,000 breaches over the past year. These new data sources come courtesy of the Onliner Spambot Dump breach from Aug

BGR - 1Password has a new feature that alerts you if a password is stolen

If you’re online then you know nobody is safe. We’ve witnessed some colossal hacks in recent years, whether we’re talking about Target, Yahoo, Equifax, Yahoo, or Yahoo, to name just a few of the more prominent ones. Hackers usually steal a treasure trove of information about users, including login credentials for the hacked site. While it may not be your fault that your data was just stolen in a massive cyber heist, if you recycle passwords between various online accounts, then it’s your fault

Ars Technica - Find out if your password has been pwned—without sending it to a server

A new system that securely checks whether your passwords have been made public in known data breaches has been integrated into the widely used password manager, 1Password. This new tool lets customers find out if their passwords have been leaked without ever transmitting full credentials to a server. Security researcher Troy Hunt this week announced his new version of "Pwned Passwords," a search tool and list of more than 500 million passwords that have been leaked in data breaches. Users can a

TechCrunch - 1Password bolts on a ‘pwned password’ check

Password management service 1Password has a neat new feature that lets users check whether a password they’re thinking of using has already been breached. At which point it will suggest they pick another. This is in addition to the more usual password strength indicator bar that tries to encourage web users to improve their security practices. The pwnage check builds on that by further reducing the risk of password reuse because it’s verifying if the specific password has appeared in a number o

Boing Boing - The "anti-patterns" that turned the IoT into the Internet of Shit

Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares. This JSON request instructs the alarm clock on every "alarmSound" event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk. By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vu

SC Magazine - EU ministers rattle sabres at encrypted ISIS jihadi comms channels

French interior minister Bernard Cazeneuve is due to meet his German counterpart, Thomas de Maizere this month (August 2016) to discuss new measures that could result in a limitation in the use of encrypted communications across the EU. Cazeneuve has already told the press that he regards this as a, “central issue in the fight against terrorism.” Existing methods including phone tapping are now thought to be somewhat outdated in an age where online communications platforms exist in so many mult

SC Magazine - FireEye layoffs as cyber-criminals gorge on low-hanging ransomware

Paradoxically, 'good' news for businesses and ransomware cyber-criminals alike appears to be bad news for security platform provider FireEye. Security firm FireEye is said to be laying off hundreds of staff as a result of what is perceived to be a tactical shift among the global cyber-criminal community. With the firm's software aligned towards protection for larger-scale compromises, the suggestion is that smaller-scale ransomware attacks are essentially easier to clean up without recourse to