Trending Articles

MirrorBlast Campaign Targets Finance Sector Using Macros

Data Breach Today

TA505 APT Group delivers phishing email containing malicious links Researchers at Morphisec Labs have published fresh details about a new MirrorBlast campaign that they say is run by a Russia-based threat group TA505, targeting financial services organizations.

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ransomware: No Decline in Victims Posted to Data-Leak Sites

Data Breach Today

Count of Victims - Listed on Leak Sites or Not - Appears To Be Holding Steady One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data-leak sites, as part of their so-called double extortion tactics.

GUEST ESSAY: How SPDX helps reconcile interdependencies of open, proprietary software

The Last Watchdog

Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Security Risks of Client-Side Scanning

Schneier on Security

Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption.

Risk 96

More Trending

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

In recent years, brands have started butting up against the line between convenience and privacy. Shoppers love the convenience of personalized experiences that their data powers, but then horror stories such as the Cambridge Analytica scandal make people skeptical about how much information companies should be collecting and sharing. Related: Apple battles Facebook over consumer privacy.

Missouri Threatens to Sue a Reporter Over a Security Flaw

WIRED Threat Level

The governor warned that he would take legal action against a journalist who identified a vulnerability that exposed teachers' Social Security numbers. Security Security / Security News

NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

Security Affairs

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Missouri Refers Responsible Bug Report to Prosecutors

Data Breach Today

Michael L. Parson Alleges Newspaper Employee Improperly Accessed Data A newspaper employee in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor.

Patch Tuesday, October 2021 Edition

Krebs on Security

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.

VirusTotal Shares Data on Ransomware Activity

Dark Reading

Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half

The European Parliament Voted to Ban Remote Biometric Surveillance

Schneier on Security

It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.

IT 100

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Microsoft mitigated a record 2.4 Tbps DDoS attack in August

Security Affairs

Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4

Cloud 98

US Agencies to Water Facilities: You May Be Next Target

Data Breach Today

FBI, CISA, EPA & NSA Advisory Says Threats to Critical Infrastructure Rising U.S. federal agencies issued a joint advisory around potential cyber threats to the nation's water facilities.

IT 200

How to Permanently Delete Your Facebook Account

WIRED Threat Level

If you've finally hit your breaking point, here's how to say goodbye to Mark Zuckerberg's empire. Security Security / Security Advice

A Close Look at Russia's Ghostwriter Campaign

Dark Reading

The group, which conducts espionage and sows disinformation, is larger than previously thought and has shifted tactics

95

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Microsoft Azure Attack Illustrates Ongoing DDoS Threats

eSecurity Planet

Officials with Microsoft’s Azure public cloud said the company in late August was able to stave off a record distributed denial-of-service (DDoS) attack against a European customer that originated in the Asia-Pacific region. The attack, which hit 2.4

IoT 86

Apple released emergency update to fix zero-day actively exploited

Security Affairs

Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild.

IT 98

ISMG Editors' Panel: Are Our Systems Too Complex to Secure?

Data Breach Today

Airline Passenger Mistakes Vintage Camera for a Bomb

Schneier on Security

I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday.

IT 89

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Google Launches Security Advisory Service, Security to Workspaces

Dark Reading

Internet giant aims to help companies use the cloud securely and adds more security features to its productivity workspaces to better compete with Microsoft

Cloud 95

Telegram Is Becoming a Cesspool of Anti-Semitic Content

WIRED Threat Level

A new report shows that channels devoted to anti-Jewish conspiracy theories are growing at an alarming rate. Why won’t the platform take action? Security

For the first time, an Israeli hospital was hit by a major ransomware attack

Security Affairs

The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel’s National Cyber Directorate as a “major” attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted the system of the hospital.

Thingiverse Data Leak Affects 228,000 Subscribers

Data Breach Today

The Data Dump Is Being Broadly Circulated on a Popular Hacking Forum Thingiverse, a popular website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 2.5 million unique email addresses and other personally identifiable information

208
208

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Becoming a Cybercriminal Keeps Getting Easier

eSecurity Planet

Zero-day vulnerabilities are no longer exclusively for elite hackers. There are now automated scripts available on GitHub so even novice hackers can explore these previously unknown security flaws. That was one of the insights in the HP Wolf Security Threat Insights Report released today.

'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks

Dark Reading

Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system

Improve the employee experience to be the employer of choice and engage your teams

DXC

In the age of the “war for talent,” it’s more important than ever to gain competitive advantage by reinventing the employee experience. Workers want to be engaged in their workplace and feel that their companies value them. That means businesses need to create a modern workplace that proves they do.

IT 83