Tue.Apr 06, 2021

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles.

Stolen Cards, Reportedly From Cardpool.com, Sold on Darknet

Data Breach Today

Gemini Advisory Says Russian Cybercriminal Sold Gift Card, Payment Card Data A Russian-speaking cybercriminal recently sold on a darknet forum thousands of stolen payment and gift cards that researchers at Gemini Advisory believe were taken from the now defunct online gift card exchange Cardpool.com.

211
211
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

As digital transformation kicks into high gear, it’s certainly not getting any easier to operate IT systems securely, especially for small- and medium-sized businesses. Related: Business-logic attacks target commercial websites. SMBs are tapping into cloud infrastructure and rich mobile app experiences, making great leaps forward in business agility, the same as large enterprises.

Access 156

Africa OnDemand | Mitigating Remote: Maintaining Visibility and Maximizing Efficiency

Data Breach Today

View this webinar as we discuss how can organizations throughout Africa maintain security and visibility as employees and customers work from home, and manage the added responsibility this places on the CISO and security team

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

Troy Hunt

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works.

IT 114

More Trending

Signal Adds a Payments Feature—With Cryptocurrency

WIRED Threat Level

The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals. Security Security / Privacy

Ransomware Cleanup Costs Scottish Agency $1.1 Million

Data Breach Today

Conti Ransomware Gang Hit Scottish Environment Protection Agency on Christmas Eve How much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas Eve, reported cleanup costs have reached $1.1

Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021

Dark Reading

The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products

IT 108

EMEA OnDemand | Mitigating Remote: Maintaining Visibility and Maximizing Efficiency

Data Breach Today

Webinar | Securing Remote Workers: Using SASE to Maintain Visibility and Maximize Efficiency View this webinar as we discuss how organizations throughout EMEA maintain security and visibility as employees and customers work from home, and manage the added responsibility this places on the CISO and security team.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

What Really Caused Facebook's 500M-User Data Leak?

WIRED Threat Level

The company's explanations have been confusing and inconsistent, but there are finally some answers. Security / National Security

Evolution of Endpoint Security

Data Breach Today

Cisco’s Elias Levy on the Leap From EDR to XDR and What It Means Exponentially more devices on the network mean proportionately less visibility. This is reality for most enterprises today, and it’s changed the role of endpoint security solutions.

I’m Writing a Book with Rob Conery, and It’s Gonna Be Awesome

Troy Hunt

I've been chatting about this in some of my recent weekly videos and I thought it was finally time to sit down and write the blog post. So, this is a blog post about a book about blog posts. Gotcha, makes sense.

Sales 92

Senators Raise Security Concerns Over Selling Personal Data

Data Breach Today

Letter to Twitter, Google, Others Asks About Selling Information to Foreign Governments A bipartisan group of senators has sent a letter to Google, Twitter, Verizon, AT&T and online advertising firms and networks raising national security concerns about the selling of citizens' personal data, which could end up in the hands of foreign governments.

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Ryuk's Rampage Has Lessons for the Enterprise

Dark Reading

The Ryuk ransomware epidemic is no accident. The cybercriminals responsible for its spread have systematically exploited weaknesses in enterprise defenses that must be addressed

IG: Cybersecurity Weaknesses Persist in US Energy Dept.

Data Breach Today

Meanwhile, Agency Continues to Investigate SolarWinds Attack Cybersecurity weakness persist throughout the U.S. Department of Energy's unclassified networks, including those of the National Nuclear Security Administration, according to an inspector general audit

SAP systems are targeted within 72 hours after updates are released

Security Affairs

On-premises SAP systems are targeted by threat actors within 72 hours after security patches are released, security SAP security firm Onapsis warns.

Phone Cloning Scam

Schneier on Security

A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it.

IT 76

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

European Commission and other institutions were hit by a major cyber-attack

Security Affairs

Not only the European Commission, but many other organizations of the European Union have been targeted by a cyberattack in March. A European Commission spokesperson confirmed that the European Commission, along with other European Union organizations, was hit by a cyberattack in March.

9 Modern-Day Best Practices for Log Management

Dark Reading

Log management is nothing new. But doing so smartly, correctly, and concisely in today's data-driven world is another story

75

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam.

Catches of the month: Phishing scams for April 2021

IT Governance

With the UK edging towards the end of lockdown, we are all eager to make plans and get the most out of our renewed freedom. But before you rush off to buy festival or theatre tickets, you should check whether you’re dealing with a scammer.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

This service allows checking if your mobile is included in the Facebook leak

Security Affairs

Security researcher implemented a service to verify if your mobile number is included in the recent Facebook data leak.

SAP Bugs Under Active Cyberattack, Causing Widespread Compromise

Threatpost

Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further. Malware Vulnerabilities Web Security

Crime Service Gives Firms Another Reason to Purge Macros

Dark Reading

Recent Trickbot campaigns and at least three common banking Trojans all attempt to infect systems using malicious macros in Microsoft Office documents created using EtterSilent

69

Critical Cloud Bug in VMWare Carbon Black Allows Takeover

Threatpost

CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain. Cloud Security Vulnerabilities

Cloud 101

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Experts found critical flaws in Rockwell FactoryTalk AssetCentre

Security Affairs

Rockwell Automation has recently addressed nine critical vulnerabilities in its FactoryTalk AssetCentre product with the release of version v11.

NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets

Dark Reading

Compromised NFT accounts highlight security concerns inherent in the design of centralized systems

Risk 67

Optimizing O365 Impossible Travel

Daymark

Cloud security is a constant concern for organizations of every size. Stopping malicious actors from accessing your company’s systems and data is a top priority, but is made difficult by the number of different exploit techniques coupled with the sophistication of the attacks.