Tue.Jun 30, 2020

US Cyber Command Alert: Patch Palo Alto Networks Products

Data Breach Today

Critical' Authentication Bypass Risk Posed by Easy-to-Exploit PAN-OS Software Flaw Palo Alto Networks product alert: All users should immediately patch a "critical" flaw in Pan-OS that can be remotely exploited to bypass authentication and take full control of systems or gain access to networks, U.S.

COVID-19 ‘Breach Bubble’ Waiting to Pop?

Krebs on Security

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants.

Sales 172

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Brute-Force Attacks Targeting RDP on the Rise

Data Breach Today

ESET Researchers: Attacks Open the Door to Launching Ransomware, Planting Cryptominers Since the start of the COVID-19 pandemic, the number of brute-force attacks targeting RDP connections has steadily increased, spiking to 100,000 incidents per day in April and May, according to the security firm ESET.

Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn

Dark Reading

After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it

IT 103

Victim Count in Magellan Ransomware Incident Soars

Data Breach Today

Breach Reports Show Growing Tally of Affiliates, Individuals Affected The number of companies and individuals affected by an April ransomware attack on managed care provider Magellan Health continues to grow. This illustrates the risks faced by interconnected organizations in the healthcare sector

Profile of the Post-Pandemic CISO

Dark Reading

Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath

More Trending

A threat actor is selling databases stolen from 14 companies

Security Affairs

A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020.

Sales 99

Ransomware Targets Mac Users

Data Breach Today

Malwarebytes Says Malware Hidden in Fake Installer for 'Little Snitch' App A ransomware strain targeting Mac users is spreading via a fake installer for Little Snitch - a host-based application firewall for macOS - according to the security firm Malwarebytes, which says the malware is poorly designed.

Android Apps Stealing Facebook Credentials

Schneier on Security

Google has removed 25 Android apps from its store because they steal Facebook credentials : Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times.

OnDemand | Excelling in Difficult Times and Doing Business in the New Normal

Data Breach Today

Leadership Insights with John Chambers This webinar will provide leaders inside and outside of contact centers with actionable recommendations and proven strategies to keep your organization and its' teams moving forward in our rapidly changing world

IT 141

DDoS Attacks Jump 542% from Q4 2019 to Q1 2020

Dark Reading

The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs

84

APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

Security Affairs

Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability , tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated as critical severity and received a CVSS 3.x base score of 10.

CISA Issues Advisory on Home Routers

Dark Reading

The increase in work-from-home employees raises the importance of home router security

Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam

Security Affairs

Group-IB discovered thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam.

FCC Designates Huawei & ZTE as National Security Threats

Dark Reading

Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says

Five network essentials to connect your business to anything

OpenText Information Management

The global COVID-19 pandemic has highlighted the importance for companies to find a trusted partner that can seamlessly connect their digital ecosystem together.

IoT 69

Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan

Dark Reading

We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity

EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities

Threatpost

A rare, new Mac ransomware has been discovered spreading via pirated software packages. Malware apple crypto wallet Cryptocurrency EvilQuest keylogger Mac macOS malware pirated software ransom ransomware Ransomware Attack

COVID-19 Puts ICS Security Initiatives 'On Pause'

Dark Reading

Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk

Risk 72

Off the Record: Zoom Trials

The Texas Record

Tune in monthly for a curated collection of articles we found interesting on a broad range of topics; some which are directly related to records management and others which might share common themes.

Ripple20 Threatens Increasingly Connected Medical Devices

Dark Reading

A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk

IoT 65

CISA: Nation-State Attackers Likely to Exploit Palo Alto Networks Bug

Threatpost

An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.

3 Ways to Flatten the Health Data Hacking Curve

Dark Reading

With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data

The State of Content Management in 2020 [Expert Tips & Research]

AIIM

Few announcements in information management have been bigger than Gartner’s article heard round the world that announced the death of Enterprise Content Management (ECM) as we knew it.

3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks

Dark Reading

The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say

Automation in OpenText Media Management

OpenText Information Management

When managing a Digital Asset Management (DAM) system, many administrators quickly find that the management part is the hardest to get right. In addition to standard asset governance processes, such as approval, expiration and archiving, digital assets present special challenges.

UCSF Pays $1.14M After NetWalker Ransomware Attack

Threatpost

UCSF has paid more than $1 million after a ransomware attack encrypted data related to "important" academic research on several servers. Malware decrypt encrypted data netwalker paying the ransom ransom ransomware UCSF

Think Ransomware Can’t Put You Out of Business?

Adam Levin

We’re not even halfway through 2020, and already it’s been a record-breaking year for ransomware attacks. Barely a week goes by without reports of a new strain or variant of malware wreaking havoc among companies. 1-99-employee companies are a target.

Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings

Threatpost

Verizon Media has paid nearly $10 million to ethical hackers via HackerOne's platform. Bug Bounty Vulnerabilities 2020 rankings bug bounty programs ethical hackers HackerOne paypal uber Security Vulnerabilities twitter verizon media white hats

Life As A Professional Hacker

ForAllSecure

Last month Guido Vranken hosted a successful Reddit AMA , sharing insight on his experience as a professional vulnerability researcher.

56

Researcher calls on CEO’s to have more Women in Cybersecurity Roles

IG Guru

Jan Buitron covers women in cyber roles and the ERA below. Article via LinkedIn. The post Researcher calls on CEO’s to have more Women in Cybersecurity Roles appeared first on IG GURU. Business IG News information security Security Cybersecurity ERA Women Women in Security

StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks

Threatpost

The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis. Malware Web Security apt BitDefender Cyberattacks espionage kurds Malware analysis Spyware StrongPity Syria Trojanized applications Turkey watering hole

How NIST Is Securing The Quantum Era

The Security Ledger

Quantum computers powerful enough to break the strongest classical encryption are at least a decade away, but the time to develop quantum safe encryption is now.

How to Safeguard Data When the Majority of Your Workforce is Remote

Threatpost

More employees working remotely most likely means an increased reliance on cloud services and applications. Web Security data protection remote work

Cloud 76