Tue.Aug 02, 2022

Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk

Dark Reading

To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control

Risk 79

Big Clinic Breach Tied to Vendor's 2021 Ransomware Attack

Data Breach Today

Florida Urgent Care Center Says Incident Involved Billing Vendor PracticeMax A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's ransomware attack in May 2021.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet.

Aetna Reports 326,000 Affected by Mailing Vendor Hack

Data Breach Today

Insurer Says OneTouchPoint Was a Subcontractor Health insurer Aetna ACE reported to federal regulators a health data breach affecting nearly 326,000 individuals tied to an apparent ransomware incident involving OneTouchPoint, a subcontractor that provides printing and mailing services to one of the insurer's vendors.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

VMware fixed critical authentication bypass vulnerability

Security Affairs

VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products.

More Trending

New Linux Malware Surges, Surpassing Android

eSecurity Planet

Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system.

Netskope Expands Into Cloud Networking With Infiot Purchase

Data Breach Today

Acquisition to Offer Netskope Customers the Entire SASE Stack in One Place With its acquisition of Infiot, Netskope now carries both the networking and security technology needed to build a Secure Access Service Edge architecture following.

Cloud 207

Surveillance of Your Car

Schneier on Security

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it.

Sales 100

Crypto Bridge Nomad Loses $190M in Free-For-All Attack

Data Breach Today

Attacker Exploited Bug Introduced During 'Routine Upgrade' Attackers drained crypto assets worth nearly $200 million on Monday from cross-chain bridge Nomad, a "security-first cross-chain messaging protocol."

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Gootkit AaaS malware is still active and uses updated tactics

Security Affairs

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems.

New York Nabs $30M From Robinhood Crypto in Regulatory Fine

Data Breach Today

Trading Platform Had Poor Cybersecurity and Anti-Money Laundering Controls Cryptocurrency trading platform Robinhood Crypto will pay $30 million to the state of New York after an investigation revealed deficiencies in its cybersecurity and anti-money laundering programs.

5 Steps to Becoming Secure by Design in the Face of Evolving Cyber Threats

Dark Reading

From adopting zero-trust security models to dynamic environments to operating under an "assumed breach" mentality, here are ways IT departments can reduce vulnerabilities as they move deliberately to become more secure

IT 94

LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender?

Security Affairs

An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Massive New Phishing Campaign Targets Microsoft Email Service Users

Dark Reading

The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection

Cyber Insurance Expected to Continue to Rise as Sophistication and Cost of Ransomware Attacks Increase

KnowBe4

New data about the state of cyber insurance shows that given the current loss ratios by insurers – and the reasons behind those losses – will result in higher premiums for the foreseeable future. Ransomware

VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware

Dark Reading

Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal

93

Austria investigates DSIRF firm for allegedly developing Subzero spyware 

Security Affairs

Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Microsoft Intros New Attack Surface Management, Threat Intel Tools

Dark Reading

Microsoft says the new tools will give security teams an attacker's-eye view of their systems and supercharge their investigation and remediation efforts

Security and Gender: The Gaps Are Not Where You Expect

KnowBe4

The 2022 KnowBe4 Women’s Day Survey interviewed more than 200 women from across the technology industry in South Africa to find out more about how they perceive the industry, the gender gap and discrimination.

Thousands of Mobile Apps Leaking Twitter API Keys

Dark Reading

New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year

IoT 82

CyberheistNews Vol 12 #31 [Heads Up] Crafty Microsoft USB Scam Shows the Importance of Security Awareness Training

KnowBe4

Cybercrime KnowBe4

12 Plays to Kickstart Your Recruitment Process

To stay ahead in this race, every recruiter needs a good playbook. In this eBook, we lay out 12 recruiting plays that can automate key steps in your recruitment process, helping you reduce both the cost and the time it takes to hire the best candidates.

Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps

Dark Reading

With over 323 million users of dating apps worldwide, study finds location spoofing is a threat to user trust and safety

82

The aftermath of an incident – business considerations surrounding record-keeping

Data Protection Report

In our previous publication , we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents.

Large Language AI Models Have Real Security Benefits

Dark Reading

Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities such as explaining malware and quickly classifying websites, researchers find

Experian Customer “Impersonation” Account Takeover Uncovered by KrebsOnSecurity

KnowBe4

After a few notifications of a potential problem with Experian by his readership, Brian Krebs and team checked out Experian’s account signup process and found some disturbing news. Security Awareness Training Cybersecurity

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

T-Mobile Store Owner Made $25M Using Stolen Employee Credentials

Dark Reading

Now-convicted phone dealer reset locked and blocked phones on various mobile networks

77

11 health providers settle HIPAA right of access failures with feds via SC Media

IG Guru

Check out the post here. Breach Business Compliance HIPAA Risk News Fines

From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web

Dark Reading

Venafi investigation of 35 million Dark Web URLs shows macro-enabled ransomware widely available at bargain prices