Fri.Jul 23, 2021

Alert for Ransomware Attack Victims: Here's How to Respond

Data Breach Today

As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery

Holes in Linux Kernel Could Pose Problems for Red Hat, Ubuntu, Other Distros

eSecurity Planet

A pair of vulnerabilities in the Linux kernel disclosed this week expose major Linux operating systems that could let a hacker either gain root privileges on a compromised host or shut down the entire OS altogether.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Congress Focuses on Industrial Control System Security

Data Breach Today

Senate Bill Would Require CISA to Identify and Respond to ICS Threats A bipartisan group of senators is pushing a bill that would require CISA to identify and respond to vulnerabilities and threats that target industrial control systems. The House has already passed a similar measure

Kaseya obtained a universal decryptor for REvil ransomware attack

Security Affairs

The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

South African Port Operations Disrupted by Cyberattack

Data Breach Today

Transnet, Which Operates the Ports, Is Investigating Incident A massive cyberattack has disrupted container operations at a port in Cape Town, South Africa, and a port in Durban also was affected, Reuters reports

273
273

More Trending

Saudi Aramco Traces Data Leak to Attack on Supplier

Data Breach Today

Extortionists Demand $50 Million - Payable in Monero Cryptocurrency - From Oil Giant Saudi Aramco, one of the world's largest oil and natural gas firms, has confirmed that company data was leaked after one of its suppliers was breached.

IT 269

Commercial Location Data Used to Out Priest

Schneier on Security

A Catholic priest was outed through commercially available surveillance data.

Resiliency Is Key to Surviving a CDN Outage

Data Breach Today

Akamai Incident Highlights Risks of Relying on a Single Provider A short-lived outage at the content delivery network supplier Akamai on Thursday which briefly knocked offline many corporate websites, is another indicator that companies need resiliency built into their systems.

Risk 266

Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet.

Security Affairs

Estonian hacker Pavel Tsurkan has pleaded guilty in a United States court to the counts of computer fraud and of creating and operating a proxy botnet. The Estonian national Pavel Tsurkan has pleaded guilty in a United States court to two counts of computer fraud and abuse.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

US Customs Apps Put Travelers' PII at Risk

Data Breach Today

OIG Audit Shows Consumer Applications Inadequately Protected U.S.

Risk 247

LastPass: Password Manager Review for 2021

eSecurity Planet

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. When it was acquired by LogMeIn Inc. in 2015, it became part of a suite of cloud-based collaboration tools.

Analysis: Implications of the Pegasus Spyware Investigation

Data Breach Today

This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.

What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It?

Security Affairs

How businesses can benefit from the adoption of an identity and access management solution. Businesses that use outdated manual processes to grant and control access to their IT resources are getting left behind.

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Kaseya Obtains Decryption Tool After REvil Ransomware Hit

Data Breach Today

Software Vendor Said Approximately 60 MSPs and 1,500 Clients Affected by Attack Remote management software vendor Kaseya has obtained a decryption tool for all organizations affected by the massive ransomware attack launched via its software.

Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

Security Affairs

WizCase’s team of ethical hackers, led by Ata Hakç?l, l, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. Original post at [link].

ISMG Editors’ Panel: Examining the Pegasus Project

Data Breach Today

Discussion Also Addresses Telecom Security Issues In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the use of commercially available spyware and security risk management in the telecom sector

Microsoft Security Under Scrutiny After Recent Incidents

eSecurity Planet

Microsoft is struggling through a rough July for security issues even as the company continues to add more cybersecurity capabilities through acquisitions.

Cloud 83

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

St. John’s University Collaborates with the Institute of Certified Records Managers (ICRM) to Accelerate Graduates’ RIM Certification

IG Guru

Congratulations to St. John’s University for joining the list of universities to partner with the ICRM. Check out the article here. The post St.

Weekly Update 253

Troy Hunt

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC.

IoT 82

Discord CDN and API Abuses Drive Wave of Malware Detections

Threatpost

Targets of Discord malware expand far beyond gamers. Hacks Web Security

Biden Administration Responds to Geopolitical Cyber Threats

Dark Reading

In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Email in PDF – Pushing the (email) envelope.

National Archives Records Express

[link]. When NARA released its revised Format Guidance for the Transfer of Permanent Electronic Records in 2014, we identified the file formats acceptable for use by Federal agencies when transferring permanent email messages to NARA. These formats include EML, MBOX, MSG, and PST.

e-Records 2021: Call for Presentations Extended

The Texas Record

Update: The deadline for submitting a presentation proposal for the 2021 e-Records Conference has been extended to Wednesday, August 4, 2021. Check out our previous blog post for details about submitting your proposal. Keep up-to-date on all event information at the conference web page: [link].

75

Forrester names Collibra a leader among data governance solutions

Collibra

Collibra provides a data governance foundation that ensures trust and access of data for every use, every user, and across every source. We believe this is why Collibra was named a leader in The Forrester Wave : Data Governance Solutions. Q3 2021.

5 Steps to Improving Ransomware Resiliency

Threatpost

Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today. InfoSec Insider Malware

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

President Biden Signs Executive Order to Promote Fair Competition and Further Regulate Data Privacy

Hunton Privacy

On July 9, 2021, President Biden signed the Executive Order on Promoting Competition in the American Economy (the “Executive Order”).

FIN7’s Liquor Lure Compromises Law Firm with Backdoor

Threatpost

Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment. Breach Malware Web Security

Modern viewing and collaboration for the secure remote workforce

OpenText Information Management

Supporting your workforce requires visibility, collaboration, and adaptability. Bringing solutions to the cloud provides the flexibility your organization needs to enable your workforce to work from anywhere. It sounds perfect, but there’s a real challenge to reaching this goal—security.

Cloud 60