Trending Articles

Shipping Giant CMA CGM Hit With Second Attack

Data Breach Today

Compromised PII Includes Names, Email and Phone Numbers The French shipping firm CMA CGM reported on Monday that it had been struck with a data breach almost a year after it was hit with a ransomware attack that knocked its systems offline for several days

Does Your Organization Have a Security.txt File?

Krebs on Security

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks.

Retail 189
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FTC: Health App, Device Makers Must Report Breaches

Data Breach Today

But Does the 'Policy Statement' Warning Overstep the Intention of the Rule?

262
262

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

The Last Watchdog

An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Cloud 118

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal.

More Trending

Microsoft Fully Ditches the Password

Data Breach Today

Windows Users Can Now Use Other Methods to Access Microsoft Products Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data.

Zero-Click iMessage Exploit

Schneier on Security

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Uncategorized Apple exploits patching spyware vulnerabilities

101
101

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

WIRED Threat Level

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News

Nigerian Hacker Connected to Aviation Industry Attacks

Data Breach Today

Researchers: Attacker Sold Pilfered Airline Data on the Darknet Cisco Talos researchers have connected a previously discovered series of aviation industry attacks stretching back more than three years to a Nigeria-based attacker.

236
236

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Krebs on Security

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites.

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty.

Access 100

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Tape Won’t Work for Ransomware Protection. Here’s Why.

eSecurity Planet

Tape vendors have been promoting themselves as a solution to the ransomware problem because of their ability to provide air-gapped data backup, but trying to recover terabytes of data from a tape drive can be a little like, well, running into red tape.

How to Set Up a NAS to Securely Share Files

WIRED Threat Level

From file backups to movie streaming, network attached storage drives offer plenty of functions and features. Security Security / Security Advice

Travis CI Flaw Exposed Secrets From Public Repositories

Data Breach Today

Critics Say Travis CI's Security Bulletin is Insufficient Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials and more, potentially putting thousands of organizations at risk.

Risk 245

Show-me: Spanish Data Protection laws shaken by the Supreme Court

DLA Piper Privacy Matters

By the end of the 2018, the Spanish Parliament belatedly completed the framework provided by EU’s GDPR approving a new Data Protection Act. Following a local tradition dated in 1992, the Spanish legislators deviated themselves from the mainstream position in the EU.

GDPR 89

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Security Affairs

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system.

OWASP Names a New Top Vulnerability for First Time in Years

eSecurity Planet

OWASP security researchers have updated the organization’s list of the ten most dangerous vulnerabilities – and the list has a new number one threat for the first time since 2007. The last update was in November 2017, and the latest draft is available for peer review until the end of the year.

Former US Intelligence Operatives Admit They Hacked for UAE

WIRED Threat Level

Plus: Remote learning spyware, an AT&T bribery scandal, and more of the week's top security news. Security Security / Security News

Mirai Botnet Actively Exploiting OMIGOD Flaw

Data Breach Today

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

Threatpost

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan. Malware Mobile Security

OMIGOD vulnerabilities expose thousands of Azure users to hack

Security Affairs

OMIGOD – Microsoft addressed four vulnerabilities in the Open Management Infrastructure (OMI) software agent that could expose Azure users to attacks.

Release of Standard Data Elements for Electronic Records Management

National Archives Records Express

We are pleased to announce the posting of the Standard Data Elements for Electronic Records Management ! We first shared drafts of the data elements on Records Express in January 2021. Thank you for all of your feedback. .

Microsoft Expands Passwordless Sign-on to All Accounts

eSecurity Planet

Microsoft for the past few years has been among the loudest vendors calling for a security future that doesn’t include passwords.

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

Identifying Computer-Generated Faces

Schneier on Security

It’s the eyes : The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities.

Paper 80

A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

Security Affairs

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL).

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

Threatpost

Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. Malware Vulnerabilities