Trending Articles

Colonial Pipeline Starts Recovery from Ransomware

Data Breach Today

Report: DarkSide Ransomware Gang Infected Fuel Supplier Colonial Pipeline Company has restored smaller pipelines that ship fuels to the U.S. East Coast after a ransomware incident, but its larger ones are still offline as it assesses safety. Citing U.S.

Fintech Startup Offers $500 for Payroll Passwords

Krebs on Security

How much is your payroll data worth? Probably a lot more than you think.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page.

Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

Security Affairs

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites.

Access 112

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

Encryption agility is going to be essential as we move forward with digital transformation. Refer: The vital role of basic research. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. But cryptography historically has been anything but agile; major advances require years, if not decades, of inspired theoretical research.

More Trending

NIST Seeks Input on HIPAA Security Rule Guidance Update

Data Breach Today

But Is It Time to Overhaul the Rule Itself? The National Institute of Standards and Technology is seeking public comment as it plans to update its 2008 guidance for implementing the HIPAA Security Rule. But is it time to update the security rule itself

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom.

CISA MAR report provides technical details of FiveHands Ransomware

Security Affairs

CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. The U.S.

Tesla Remotely Hacked from a Drone

Schneier on Security

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc.

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

It's Time to Ditch Celebrity Cybersecurity

Dark Reading

High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection

Hybrid Work Means SASE: Rethinking Traditional Network and Security Architecture

Data Breach Today

Having a VPN Isn't Enough Anymore

Investment Scammer John Davies Reinvents Himself?

Krebs on Security

John Bernard , a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here.

Sales 175

TsuNAME flaw exposes DNS servers to DDoS attacks

Security Affairs

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for.nl domains), InternetNZ (the registry for.nz

Paper 103

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Teaching Cybersecurity to Children

Schneier on Security

Then a Hacker Began Posting Patients’ Deepest Secrets Online

WIRED Threat Level

A family-run psychotherapy startup grew into a health care giant. It was a huge success—until the data breach and the anonymous ransom notes sent to clients. Backchannel Security Security / Cyberattacks and Hacks

US and UK Issue Joint Alert on Russian Cyber Activity

Data Breach Today

SVR's TTPs and General Tradecraft Detailed U.S. and U.K.

188
188

19 petabytes of data exposed across 29,000+ unprotected databases

Security Affairs

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Newly Unclassified NSA Document on Cryptography in the 1970s

Schneier on Security

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “ New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era ,” Cryptographic Quarterly , Spring 1996, author still classified.

FOIA 77

What's Google Floc? And How Does It Affect Your Privacy?

WIRED Threat Level

There's a battle raging over how advertisers can target us on the web—or whether they should be able to target us at all. Security Security / Privacy

Buer Dropper Malware Updated Using Rust

Data Breach Today

Proofpoint: New Code Makes 'RustyBuer' Version Harder to Detect Attackers are using a freshly updated variant of the Buer first-stage malware loader rewritten in the Rust programming language to help evade detection, Proofpoint reports

214
214

The Edge Pro Quote: Password Empowerment

Dark Reading

Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

A cyberattack shutdown US Colonial Pipeline

Security Affairs

A cyberattack forced the shutdown of one of the largest pipelines in the United States, the Colonial Pipeline facility in Pelham, Alabama. The Colonial Pipeline facility in Pelham, Alabama was hit by a cybersecurity attack, its operators were forced to shut down its systems.

Latest MITRE EDR Evaluations Contain Some Surprises

eSecurity Planet

MITRE Engenuity last month released the latest MITRE ATT&CK evaluations of endpoint security products, and the results contain some pretty big surprises.

German Federal Labor Court rules on the scope of the right to information under Art. 15 GDPR

DLA Piper Privacy Matters

Authors: Katharina Pauls and Katia Helbig. In a legal dispute to be decided by the German Federal Labor Court, the court had the opportunity to rule on the highly controversial scope of the right to information under Art. 15 GDPR. Specifically, the issue was whether or to what extent Art.

GDPR 92

Colonial Pipeline Confirms Ransomware Causing Disruptions

Data Breach Today

Company Has Taken Systems Offline As A Precaution; Investigation Ongoing Colonial Pipeline, which oversees more than 5,500 miles of pipeline that supplies fuel throughout the U.S.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Researchers Explore Active Directory Attack Vectors

Dark Reading

Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems

95

Russia-linked APT29 group changes TTPs following April advisories

Security Affairs

The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear).

Risk 94

Don’t Buy Into Facebook’s Ad-Tracking Pressure on iOS 14.5

WIRED Threat Level

The company tells Apple users that tracking helps keep those platforms “free of charge,” but opting out now doesn't mean paying up later. Security Security / Privacy