Sat.May 21, 2022 - Fri.May 27, 2022

Twitter Fined $150M for Misusing Private Data to Sell Ads

Data Breach Today

Firm Deceptively Used Account Security Data of 140 Million Users A $150 million penalty has been slapped on Twitter for deceptively using account security data of millions of users for targeted advertising, the U.S. Justice Department and the Federal Trade Commission say.

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

Dark Reading

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required

109
109

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Feds Allege Former IT Consultant Hacked Healthcare Company

Data Breach Today

Experts: Case Spotlights Critical, But Often Overlooked, Insider Threats, Risks A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization.

IT 269

More Trending

ChromeLoader Malware Hijacks Browsers With ISO Files

Dark Reading

The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals.

Paper 114

Lacework Announces Layoffs, 6 Months After Raising $1.3B

Data Breach Today

Layoffs Designed to Increase Lacework's Cash Runway and Strengthen Balance Sheet High-flying cybersecurity startup Lacework has announced layoffs - affecting 20% of its employees, according to one report - in a bid to strengthen its balance sheet, just six months after raising $1.3 billion.

GUEST ESSAY: Deploying ‘XDR’ can help companies avoid the security ‘vendor-silo’ trap

The Last Watchdog

According to recent data from Oracle and KPMG, organizations today employ over 100 cybersecurity products to secure their environments. These products play essential roles in detecting and preventing threats. Related: Taking a ‘risk-base’ approach to security compliance. However, because they generate thousands of alerts every day , this vast sprawl of security sources adds even more work to already over-stretched security teams. It could create a cybersecurity ticking time bomb.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Act Now: Leveraging PCI Compliance to Improve Security

Dark Reading

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products.

Massive Surge in Use of Linux XorDDos Malware Reported

Data Breach Today

Microsoft: XorDDos is Known for Using Secure Shell Brute Force Attacks Microsoft has observed a 254% increase in activity over the past six months from a Linux Trojan called XorDDos.

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption. Related: Leveraging PKI to advance electronic signatures. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

New Chaos Malware Variant Ditches Wiper for Encryption

Dark Reading

The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes

Proton Is Trying to Become Google—Without Your Data

WIRED Threat Level

The encrypted-email company, popular with security-conscious users, has a plan to go mainstream. Security Security / Privacy Security / Security News

US Sets Up Multiagency Initiatives to Curb Ransomware

Data Breach Today

FBI, CISA Will Focus on Threat Awareness and DOJ Will Focus on Illicit Crypto Use The U.S.

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security Affairs

Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Space Force Expands Cyber Defense Operations

Dark Reading

Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network

113
113

NOYB open letter on the new EU – US data deal

DLA Piper Privacy Matters

Max Schrems, through his organisation, ‘My Privacy is None of your Business’ (“ noyb.eu ”) has issued an open letter to U.S. and EU officials about the announcement of an ‘agreement in principle’ for a new Trans-Atlantic Data Privacy Framework (“ letter ”).

Suspected Business Email Compromise Ringleader Busted

Data Breach Today

Leader of 'Transnational Cybercrime Syndicate' Arrested in Nigeria, Interpol Reports Police in Nigeria this week arrested a 37-year-old man who's been charged with masterminding "a criminal syndicate tied to massive business email compromise and phishing campaigns," Interpol reports.

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

IT 111

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

Dark Reading

Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures

IoT 113

Open Source Intelligence May Be Changing Old-School War

WIRED Threat Level

Intelligence collected from public information online could be impacting traditional warfare and altering the calculus between large and small powers. Security Security / National Security

ISMG Editors: London Summit Highlights

Data Breach Today

Italy announced its National Cybersecurity Strategy 2022/26

Security Affairs

Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years

Dark Reading

The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering

110
110

North Korean IT Workers Are Infiltrating Tech Companies

WIRED Threat Level

Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news. Security Security / Cyberattacks and Hacks

Ransomware Costs City of Quincy, Illinois, $650,000

Data Breach Today

No Evidence of Data Being Stolen From Affected Systems The City of Quincy, Illinois' administrative systems were hit by a ransomware attack on May 7, confirmed Mayor Mike Troup in a press conference held on Tuesday.