Trending Articles

REvil Ransomware Gang Threatens Stolen Apple Blueprint Leak

Data Breach Today

$50 Million Extortion Demand Issued to Apple and Taiwanese Manufacturer Quanta The REvil - aka Sodinokibi - ransomware gang is threatening to release stolen Apple device blueprints unless it receives a massive payoff.

Note to Self: Create Non-Exhaustive List of Competitors

Krebs on Security

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. NYSE:IT ] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

US Pulls Back Curtain on Russian Cyber Operations

Data Breach Today

Foreign Intelligence Service's Techniques, Partners Revealed While the Biden administration is betting that the latest round of sanctions aimed at Russia and its economy will help deter the country's cyber operations, several U.S.

IT 254

The FBI Is Now Securing Networks Without Their Owners’ Permission

Schneier on Security

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange.

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Codecov was a victim of a supply chain attack

Security Affairs

The software company Codecov suffered a security breach, threat actors compromised the supply chain of one of its tools.

More Trending

Payment Card Theft Ring Tech Leader Gets 10-Year Sentence

Data Breach Today

Fedir Hladyr of Ukraine Admitted to Working as System Admin for FIN7 A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Krebs on Security

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal , a service that scans submitted files against more than five dozen antivirus and security products.

The cost of a cyber attack in 2021

IT Governance

It’s been rough sailing for organisations in the past year or so. In addition to the ongoing challenges of COVID-19, there are the effects of Brexit, increasing public awareness of privacy rights and regulatory pressure to improve data protection practices.

Experts demonstrated how to hack a utility and take over a smart meter

Security Affairs

Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

Dark Reading

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks

XCSSET Malware Can Adapt to Target More Macs

Data Breach Today

Trend Micro Describes the Evolving Threat The XCSSET malware campaign can now adapt to target a wider variety of Macs, including those with the M1 chip, according to Trend Micro researchers

201
201

Small Acts Make a Big Difference: Earth Day and Beyond

Micro Focus

At Micro Focus, we are committed to reducing our environmental impact – as are our customers, partners and suppliers. Our aim is to make sustainable and responsible business part of the way we operate.

IT 84

NSA Discloses Vulnerabilities in Microsoft Exchange

Schneier on Security

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday , there are four in Microsoft Exchange that were disclosed by the NSA. Uncategorized disclosure Microsoft NSA patching vulnerabilities

90

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K.

High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison

Dark Reading

Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking

89

Updating your data protection documentation following Brexit

IT Governance

The UK data protection landscape is a lot more complex following Brexit. Many organisations are now subject to both the EU GDPR (General Data Protection Regulation) and the UK GDPR (General Data Protection).

GDPR 88

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

Schneier on Security

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

WeChat users targeted by hackers using recently disclosed Chromium exploit

Security Affairs

Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn. China-based firm Qingteng Cloud Security, reported that threat actors weaponized the recently disclosed Chrome exploit to target WeChat users in China.

Cloud 83

Foreign Spies Target British Nationals With Fake Social Media Profiles

Dark Reading

British security agency MI5 has launched a new education campaign to warn potential victims of the attacks

Nation-State Actor Linked to Pulse Secure Attacks

Data Breach Today

Vulnerabilities Exploited Include a Zero-Day in Ivanti's Pulse Connect Secure The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that U.S.

Tracking Bills in the 2021 Legislative Session

The Texas Record

Where the legislative magic happens… The determination of retention periods is based on a review of the administrative, fiscal, legal, and historical value of the information being created or received in the course of conducting business.

IT 73

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Biden Administration Imposes Sanctions on Russia for SolarWinds

Schneier on Security

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks.

IT 68

For the second time in a week, a Google Chromium zero-day released online

Security Affairs

For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted.

Software Developer Arrested in Computer Sabotage Case

Dark Reading

Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer

87

Unscripted: 3 Security Leaders Dissect Today's Top Trends

Data Breach Today

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

Authors: Carolyn Bigg , Venus Cheung and Fangfang Song. Important new guidelines outlining how personal and other types of financial information should be handled by financial institutions throughout the data lifecycle have just come into force in China, including a new data localisation obligation.

US Sanctions on Russia Rewrite Cyberespionage's Rules

WIRED Threat Level

The US has sent a loud message to Moscow—though what it's saying isn’t exactly clear. Security Security / National Security

IT 80

Crooks stole driver’s license numbers from Geico auto insurer

Security Affairs

Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S.,