Tue.Apr 13, 2021

A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook

Data Breach Today

Confusion Over Hacking, Scraping and Amassing Highlights Data Lockdown Imperative Criminals love to amass and sell vast quantities of user data, but not all such data sets necessarily pose a fresh risk to users.

Risk 247

Microsoft Patch Tuesday, April 2021 Edition

Krebs on Security

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Microsoft Patches 4 Additional Exchange Flaws

Data Breach Today

NSA Calls on Exchange Customers to Update Immediately Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched

GUEST ESSAY: ‘Identity Management Day’ highlights the importance of securing digital IDs

The Last Watchdog

The second Tuesday of April has been christened “ Identity Management Day ” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses. Related: The role of facial recognition. Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Modern Bank Heists: Attackers Go Beyond Account Takeover

Data Breach Today

Tom Kellermann of VMware Carbon Black on Fraud Trends and Essential Defenses Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.

213
213

More Trending

Initial Access Brokers: Credential Glut Weakening Prices?

Data Breach Today

Criminal Services Facilitate Cybercrime Gangs' Rapid Access to Hacked Sites Initial access brokers continue to ply their trade, selling immediate access to hacked sites to make it easier for gangs to steal data and crypto-lock systems.

Access 195

DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack

Dark Reading

Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products

IoT 104

Intelligence Report: 4 Nations Pose Serious Cyberthreat to US

Data Breach Today

ODNI: China, Russia, North Korea, Iran Can Launch Disruptive Attacks China, Russia, North Korea and Iran continue to pose significant cybersecurity threats to the U.S.

Clear & Present Danger: Data Hoarding Undermines Better Security

Dark Reading

Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

Former DHS Leader Shares Details on SolarWinds Attack

Data Breach Today

Chad Wolf Confirms Attackers Gained Access to His Unclassified Email Accounts Chad Wolf, the former acting secretary for the Department of Homeland Security, has confirmed the accuracy of an earlier news report saying that the SolarWinds supply chain attackers gained access to his unclassified DHS email accounts, which included calendar details.

Access 176

Expert publicly released Chromium-based browsers exploit demonstrated at Pwn2Own 2021

Security Affairs

An Indian security researcher has published a proof-of-concept (PoC) exploit code for a vulnerability impacting Google Chrome and other Chromium-based browsers.

Millions of Devices Potentially Vulnerable to DNS Flaws

Data Breach Today

Report: Healthcare and Government Organizations Particularly at Risk Forescout Research Labs and the Israeli security firm JSOF have found nine Domain Name System vulnerabilities affecting four TCP/IP stacks that, if exploited, could lead to remote code execution or denial-of-service attacks - potentially on millions of devices.

Risk 169

Experts released PoC exploit code for a critical RCE in QNAP NAS devices

Security Affairs

The exploit code for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system is available online.

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Cyberattacks on Health Insurers Continue

Data Breach Today

The Latest Victim: DC Blue Cross Blue Shield Plan A recent cyberattack on a Washington-based health plan, which the company believes was carried out by a foreign cybercrime group, is the latest in a series of hacking incidents targeting health insurers

Millions of devices impacted by NAME:WRECK flaws

Security Affairs

Security experts disclosed nine flaws, collectively tracked as NAME:WRECK, affecting implementations of the DNS protocol in popular TCP/IP network communication stacks.

NSA Alerted Microsoft to New Exchange Server Vulnerabilities

Dark Reading

Microsoft today patched 114 CVEs to address the Exchange Server flaws, more than 50 remote code execution vulnerabilities, and one zero-day

84

Microsoft fixes 2 critical Exchange Server flaws reported by the NSA

Security Affairs

Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Global Dwell Time Drops as Ransomware Attacks Accelerate

Dark Reading

The length of time attackers remain undiscovered in a target network has fallen to 24 days, researchers report, but ransomware plays a role

Chrome Zero-Day Exploit Posted on Twitter

Threatpost

An update to Google’s browser that fixes the flaw is expected to be released on Tuesday. Vulnerabilities Web Security

More Biden Cybersecurity Nominations

Schneier on Security

News : President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD).

Compromised Microsoft Exchange Server Used to Host Cryptominer

Dark Reading

Researchers say an unknown attacker is targeting vulnerable Exchange Servers with a payload hosted on a compromised Exchange Server

68

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Adobe addresses two critical vulnerabilities in Photoshop

Security Affairs

Adobe has addressed security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Adobe has fixed ten security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp.

Creating the intelligent, secure and connected organization

OpenText Information Management

Around the world, our customers are using information to anticipate trends and outmaneuver their competition, seizing new opportunities and winning market share.

Sweden blames Russia for Swedish Sports Confederation hack

Security Affairs

The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said.

Introducing OpenText Core Content

OpenText Information Management

Information access, use and governance has always been a major challenge for organizations – that has grown exponentially with the increasingly hybrid workforce.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

How the NAME:WRECK Bugs Impact Consumers, Businesses

Threatpost

How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals. Critical Infrastructure IoT Vulnerabilities

Announcing OpenText Security and Protection Cloud CE 21.2

OpenText Information Management

Forensic investigators and examiners are overwhelmed with the amount of evidence they must collect and examine, case logs are growing, and their investigative capacity is being hampered.

Cloud 64

COVID-Related Threats, PowerShell Attacks Lead Malware Surge

Threatpost

Researchers measured 648 new malware threats every minute during Q4 2020. . Malware Most Recent ThreatLists

92