Wed.Jun 23, 2021

How Cyber Sleuths Cracked an ATM Shimmer Gang

Krebs on Security

In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions.

Lawsuits Allege Colonial Pipeline Had Inadequate Cybersecurity

Data Breach Today

Gas Stations as Well as Consumers Seek Damages Colonial Pipeline Co. now faces at least two lawsuits seeking class action status in the aftermath of a ransomware attack in May that led the firm to shut down the operations of a 5,500-mile pipeline for nearly a week

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

John McAfee Dies in Spanish Prison After Extradition Order

WIRED Threat Level

The antivirus pioneer and alleged cryptocurrency scammer was 75 years old. Security Security / Security News

EU Proposes Joint Cybersecurity Unit

Data Breach Today

Agency Would Help Member States Respond to Cyberattacks The European Commission has proposed creating a Joint Cyber Unit to help EU member states respond to and prevent cyberattacks, especially those involving ransomware. The goal is for the unit to begin operations by the end of next year

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

The challenge of embracing digital transformation while also quelling the accompanying cyber risks has never been greater for small- and mid-sized businesses. Related: How ‘PAM’ improves authentication. SMBs today face a daunting balancing act. To boost productivity, they must leverage cloud infrastructure and participate in agile software development. But this also opens up a sprawling array of fresh security gaps that threat actors are proactively probing and exploiting.

More Trending

John McAfee found dead in prison cell ahead of extradition to US

Security Affairs

One of the fathers of antivirus software, the entrepreneur John McAfee has been found dead in a Barcelona prison cell while he was waiting for extradition to the US.

Medicaid Contractor Data Breach Affected 334,000 Providers

Data Breach Today

Maximus Corp. Says Personal Information Exposed in Unauthorized Access to App Maximus Corp., a global provider of government health data services, says a data breach exposed the personal information of more than 334,000 Medicaid healthcare providers nationwide

French Spyware Executives Are Indicted for Aiding Torture

WIRED Threat Level

The managers are accused of selling tech to Libya and Egypt that was used to to identify activists, read private messages, and kidnap, torture, or kill them. Business Business / Computers and Software Security

Best Practices for Fighting Authorized Push Payment Fraud

Data Breach Today

3 Experts Describe Lessons Learned How can financial institutions deal with the problem of authorized push payment fraud? Three experts - Karen Boyer of People’s United Bank, Alasdair MacFarlane of NatWest Bank and Dave Excell of Featurespace - offer their insights on best practices

147
147

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

Threatpost

Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses. Vulnerabilities

Access 114

Australia Considers Mandating Ransom Payment Reporting

Data Breach Today

Sponsor of Bill Says Ransomware Attacks Are 'Completely Out of Control' A bill introduced this week in the Australian Parliament would make it mandatory for organizations based in the country to report to the Australian Cyber Security Center any payments they plan to make to ransomware gangs

VMs Help Ransomware Attackers Evade Detection, But It's Uncommon

Dark Reading

Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique

John McAfee Found Dead in Spanish Prison Cell

Data Breach Today

Spanish Court Had Just Authorized McAfee's Extradition to US John McAfee, 75, was found dead in a Spanish prison cell Wednesday, hours after a Spanish court had authorized his extradition to the U.S. to face tax evasion charges, according to multiple news reports

138
138

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

When Will Cybersecurity Operations Adopt the Peter Parker Principle?

Dark Reading

Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response

LV ransomware operators repurposed a REvil binary to launch a new RaaS

Security Affairs

The LV ransomware operators repurposed a REvil binary to create their own strain and launch a ransomware-as-a-service (RaaS).

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Schneier on Security

Palo Alto Networks fixes critical flaw (CVE-2021-3044) in Cortex XSOAR

Security Affairs

Palo Alto Networks addresses a critical improper authorization vulnerability (CVE-2021-3044) affecting its Cortex XSOAR security orchestration solution, automation and response (SOAR) platform.

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

eSecurity Planet

The increasing mobility of data, as it ping-pongs between clouds, data centers and the edge, has made it an easier target of cybercrime groups, which has put a premium on the encryption of that data in recent years.

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data.

Welcoming the Jamaican Government to Have I Been Pwned

Troy Hunt

Recently, I've been providing a lot of additional government access to Have I Been Pwned. Today I'm happy to welcome the Jamaica Cyber Incident Response Team (JaCIRT), the 22nd national CERT on HIBP and 11th in the last 4 months.

New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies

Dark Reading

Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

Clop ransomware is back into action after the recent police operation

Security Affairs

A week after the law enforcement operation that targeted the Clop ransomware operators, the gang is back into action. A week after the international operation conducted by law enforcement that targeted several members of the Clop ransomware gang, the group is back into action.

How to effectively deliver virtual training

OpenText Information Management

COVID-19 has significantly altered how we deliver and consume training. With companies moving to remote work, many employees are now balancing work and responsibilities at home while trying to learn virtually.

Microsoft Tracks New BazaCall Malware Campaign

Dark Reading

Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file

58

VMware fixes privilege escalation issue in VMware Tools for Windows

Security Affairs

VMware patched a high-severity vulnerability in VMware Tools for Windows that attackers could exploit to execute arbitrary code with elevated privileges.

4 AI Hacks to Make Sales Teams More Efficient

Over the last two years, there’s been a 76 percent increase in AI adoption across sales organizations. For sales teams, AI opens up a world of new possibilities, including automating outreach, identifying best-fit buyers, and keeping CRMs flush with fresh data. Read on to learn the four AI hacks sales teams need to improve their performance. Download the eBook today!

EDPB adopts final Recommendations on Supplementary Measures

DLA Piper Privacy Matters

On 21 June 2021, the European Data Protection Board (“ EDPB ”) published the final Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (“ Recommendations ”).

GDPR 56

The European Commission proposed to launch the new Joint Cyber Unit

Security Affairs

The European Union Agency for Cybersecurity welcomes the European Commission proposal to launch the new Joint Cyber Unit. The European Commission proposed on Wednesday the creation of a new Joint Cyber Unit that aims at providing a coordinated response to large-scale cyber attacks and crises.

Senator Gillibrand Announces Renewed Data Protection Act 2021

Hunton Privacy

On June 17, 2021, Senator Kirsten Gillibrand (D-NY) announced the reintroduction of the Data Protection Act of 2021 (the “bill”), which would create an independent federal agency, the Data Protection Agency, to “regulate high-risk data practices and the collection, processing, and sharing of personal data.”