Tue.Oct 12, 2021

Ransomware: No Decline in Victims Posted to Data-Leak Sites

Data Breach Today

Count of Victims - Listed on Leak Sites or Not - Appears To Be Holding Steady One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data-leak sites, as part of their so-called double extortion tactics.

Patch Tuesday, October 2021 Edition

Krebs on Security

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

CISA to Access Agencies' Endpoints, Help Enhance Security

Data Breach Today

OMB Memo: Agencies Have 90 Days to Allow CISA to Begin Reviewing EDR Status In an effort to bolster endpoint protection within the U.S. government, the White House is ordering federal agencies to allow CISA to access existing deployments.

Access 203

Microsoft mitigated a record 2.4 Tbps DDoS attack in August

Security Affairs

Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4

Cloud 99

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

OnDemand Webinar | Fraud ROI for Ecommerce: Drive More Revenue with Fewer False Positives

Data Breach Today

OnDemand Webinar | Fraud ROI for Ecommerce: Drive More Revenue with Fewer False Positives Watch this onDemand webinar which includes an e-commerce case study on fighting fraud & user friction

181
181

More Trending

Former Executive Accessed PHI of Nearly 38,000 Individuals

Data Breach Today

Accountable Care Organization Says It's Investigating 2020 Incident A compromise of sensitive health information affecting nearly 38,000 individuals discovered nearly a year after a terminated company executive accessed the data spotlights some of the top security and privacy challenges covered entities and business associates face with insiders.

Access 138

Airline Passenger Mistakes Vintage Camera for a Bomb

Schneier on Security

I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday.

IT 89

On Demand Webinar | For Retail : Preventing Application Fraud while Removing User Friction

Data Breach Today

On Demand Webinar | For Retail : Preventing Application Fraud while Removing User Friction Watch this onDemand webinar which includes a focused retail case study on fighting fraud & user friction

Retail 130

GitKraken flaw lead to the generation of weak SSH keys

Security Affairs

Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended to revoke and renew their keys. The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation of weak SSH keys.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Not Hitting Your Security KPIs? Get the Whole Business Involved

Dark Reading

CISOs can deliver better outcomes and get the support they need by linking security processes to business results

Necro botnet now targets Visual Tools DVRs

Security Affairs

The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR.

Kaspersky Updates Industrial Cybersecurity Service

Dark Reading

Kaspersky Industrial CyberSecurity unlocks centralized management and visibility across entire OT infrastructure

Olympus US was forced to take down computer systems due to cyberattack

Security Affairs

Olympus US was forced to take down IT systems in the American region (U.S., Canada, and Latin America) following a cyberattack. The medical technology giant Olympus was forced to shut down its computer network in America (U.S., Canada, and Latin America) following a cyberattack.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Microsoft Fixes Zero-Day Flaw in Win32 Driver

Dark Reading

A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

Threatpost

The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a "great" flaw that can be used for jailbreaks and local privilege escalation. Mobile Security Vulnerabilities

IT 101

Adobe addresses four critical flaws in its products

Security Affairs

Adobe addressed ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has released security updates to address ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products.

IT 66

INFOGOV.NET LAUNCHES LOBBYING FOR INFORMATION GOVERNANCE PROFESSION

IG Guru

Contact Information:Nick InglisInfoGov.net401-808-2762nick@infogov.net Release Date:October 7, 2021 Industry Veteran, Nick Inglis’ newest venture is to focus on lobbying efforts to continue the growth of the information governance profession.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Data Breaches are More Expensive than Last Year, New IBM Security Report Finds

Data Matters

Death, taxes and data breaches. Cybersecurity incidents have grown in frequency, scale and seriousness.

Why Choke-Point Analysis Is Essential in Active Directory Security

Dark Reading

Defense should focus on high-value choke points first to ensure that their most critical assets are protected, before moving on to deal with other attack paths

Windows Zero-Day Actively Exploited in Widespread Espionage Campaign

Threatpost

The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers. Malware Vulnerabilities

81

High-Profile Breaches Are Shifting Enterprise Security Strategy

Dark Reading

Increased media attention is driving changes in enterprise security strategy -- some positive, some negative

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign

Threatpost

Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers. Hacks Malware News Vulnerabilities Web Security

Smaller 'Bit and Piece' DDoS Attacks Slam Servers to Evade Mitigation Systems

Dark Reading

Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found

59

Why Is The Streaming Experience So Terrible?

John Battelle's Searchblog

I wrote this for P&G’s Signal360 publication, but I thought I’d toss it up here as well. I know I’ve been very, very absent from writing for – well, for the entire pandemic.

CIPL Publishes White Paper on GDPR Enforcement Cooperation and the One-Stop-Shop

Hunton Privacy

On September 27, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published a white paper on the “GDPR Enforcement Cooperation and the One-Stop-Shop (“OSS”) – Learning from the First Three Years” (the “Paper”).

Paper 76

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Want the full benefits of cloud? Rethink the journey.

DXC

There’s no denying that companies have realized many benefits from using public clouds – hyperscalability, faster deployment and, perhaps most importantly, flexible operating costs.

Cloud 52

Office 365 Spy Campaign Targets US Military Defense

Threatpost

An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others. Critical Infrastructure Government Web Security

Palo Alto Networks to Transfer Stock Exchange Listing to Nasdaq

Dark Reading

Palo Alto Networks anticipates meeting the requirements for inclusion in the NASDAQ-100 index when it rebalances in December

IT 49