Trending Articles

Mercenary Hacking Group Deploys Android Malware

Data Breach Today

StrongPity Campaign Targeted Syrian E-Governance Website Hack-for-hire group StrongPity deployed Android malware to target Syria's e-government site visitors as part of its latest cyberespionage campaign, a new report by security firm Trend Micro details

Serial Swatter Who Caused Death Gets Five Years in Prison

Krebs on Security

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

Most of us, by now, take electronic signatures for granted. Related: Why PKI will endure as the Internet’s secure core. Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations.

Crooks target Kubernetes installs via Argo Workflows to deploy miners

Security Affairs

Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered new attacks on Kubernetes (K8s) installs via misconfigured Argo Workflows aimed at deploying cryptocurrency miners.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

When millions of people around the world were sent home to work at the onset of the global COVD-19 pandemic, they left behind not only empty offices but also a host of Internet of Things (IoT) devices – from smartwatches to networked printers – that were still connected to corporate networks and cranking away.

IoT 83

More Trending

Alert for Ransomware Attack Victims: Here's How to Respond

Data Breach Today

As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

Threat actor offers Clubhouse secret database containing 3.8B phone numbers

Security Affairs

A threat actor is offering for sale on hacking forums the secret database Clubhouse containing 3.8B phone numbers. Clubhouse is a social audio app for iOS and Android where users can communicate in voice chat rooms that accommodate groups of thousands of people.

Sales 77

Holes in Linux Kernel Could Pose Problems for Red Hat, Ubuntu, Other Distros

eSecurity Planet

A pair of vulnerabilities in the Linux kernel disclosed this week expose major Linux operating systems that could let a hacker either gain root privileges on a compromised host or shut down the entire OS altogether.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

Peter Levashov, appearing via Zoom at his sentencing hearing today.

Congress Focuses on Industrial Control System Security

Data Breach Today

Senate Bill Would Require CISA to Identify and Respond to ICS Threats A bipartisan group of senators is pushing a bill that would require CISA to identify and respond to vulnerabilities and threats that target industrial control systems. The House has already passed a similar measure

FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics

Threatpost

Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn. Breach Cloud Security Government Hacks Web Security

Cloud 114

Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics

Security Affairs

Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics.

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

NSO Group Hacked

Schneier on Security

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists.

Email in PDF – Pushing the (email) envelope.

National Archives Records Express

[link]. When NARA released its revised Format Guidance for the Transfer of Permanent Electronic Records in 2014, we identified the file formats acceptable for use by Federal agencies when transferring permanent email messages to NARA. These formats include EML, MBOX, MSG, and PST.

Saudi Aramco Says Supplier Leaked Company Data

Data Breach Today

Cybercriminals Reportedly Demanding $50 Million Payment From Oil Giant Saudi Aramco, one of the world's largest oil and natural gas firms, has confirmed that company data was leaked after one of its suppliers was breached.

IT 202

7 Ways AI and ML Are Helping and Hurting Cybersecurity

Dark Reading

In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

Kaseya obtained a universal decryptor for REvil ransomware attack

Security Affairs

The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware.

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

Threatpost

Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware. Mobile Security Vulnerabilities Web Security

An Explosive Spyware Report Shows the Limits of iOS Security

WIRED Threat Level

Amnesty International sheds alarming light on an NSO Group surveillance tool—and the gaps in Apple’s and Google's defenses. Security Security / Cyberattacks and Hacks

Saudi Aramco Traces Data Leak to Attack on Supplier

Data Breach Today

Extortionists Demand $50 Million - Payable in Monero Cryptocurrency - From Oil Giant Saudi Aramco, one of the world's largest oil and natural gas firms, has confirmed that company data was leaked after one of its suppliers was breached.

IT 187

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

Officials who are US allies among targets of NSO malware, says WhatsApp chief

The Guardian Data Protection

Microsoft publishes mitigations for the PetitPotam attack

Security Affairs

Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes.

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

Threatpost

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. Malware Web Security

How China's Hacking Entered a Reckless New Phase

WIRED Threat Level

The country's hackers have gotten far more aggressive since 2015, when the Ministry of State Security largely took over the country’s cyberespionage. Security Security / National Security

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Resiliency Is Key to Surviving a CDN Outage

Data Breach Today

Akamai Incident Highlights Risks of Relying on a Single Provider A short-lived outage at the content delivery network supplier Akamai on Thursday which briefly knocked offline many corporate websites, is another indicator that companies need resiliency built into their systems.

Risk 184

Commercial Location Data Used to Out Priest

Schneier on Security

A Catholic priest was outed through commercially available surveillance data.

Obtaining password hashes of Windows systems with PetitPotam attack

Security Affairs

A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes.