Thu.Oct 14, 2021

To Repel Supply Chain Attacks, Better Incentives Needed

Data Breach Today

The breach of text message routing giant Syniverse revealed yet another supply chain attack involving a key supplier, exacerbated by outdated communications protocols desperately in need of a security revamp and better incentives for improvement, says mobile telephony security expert Karsten Nohl

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Flaws In GitHub Actions Bypass Code Review Mechanism

Data Breach Today

Attackers Can Push Code To A Protected Branch Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production

Digging Deep Into the Top Security Certifications

Dark Reading

When it comes to technical certifications, which ones pay off so you can get that infosec job or more money for the one you're already doing

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Missouri Refers Responsible Bug Report to Prosecutors

Data Breach Today

Michael L. Parson Alleges Newspaper Employee Improperly Accessed Data A newspaper employee in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor.

More Trending

Thingiverse Data Leak Affects 228,000 Subscribers

Data Breach Today

The Data Dump Is Being Broadly Circulated on a Popular Hacking Forum Thingiverse, a popular website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 2.5 million unique email addresses and other personally identifiable information

208
208

How Security Teams Can Reinforce End-User Awareness

Dark Reading

Training programs provide the information, but security teams can reinforce these for better end-user education

House Lawmakers Announce Bill Targeting Tech Algorithms

Data Breach Today

Bill Would Remove Some Third-Party Content 'Immunity' Held by Social Platforms Democratic lawmakers on the House Committee on Energy and Commerce announced legislation that would rein in tech algorithms on platforms exceeding 5 million monthly viewers.

193
193

For the first time, an Israeli hospital was hit by a major ransomware attack

Security Affairs

The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel’s National Cyber Directorate as a “major” attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted the system of the hospital.

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

Australia Plans Ransomware Attack Reporting Requirement

Data Breach Today

New Criminal Penalties, Assistance to Victims in the Ransomware Action Plan Australia plans to require businesses with more than $10 million in revenue to report ransomware attacks to the government, part of a comprehensive strategy to fight the attacks that also includes new criminal penalties and assistance to victims.

Enterprise Data Storage Environments Riddled With Vulnerabilities

Dark Reading

Many organizations are not properly protecting their storage and backup systems from compromise, new study finds

75

MITRE Launches Centers to Protect Infrastructure and Health

Data Breach Today

Focus is on Critical Infrastructure Threats and Clinical Data MITRE, the not-for-profit organization that works across governmental and federal agencies, as well as various industrial verticals and academia, has set up The Cyber Infrastructure Protection Innovation Center and The Clinical Insights Innovation Cell to protect healthcare.

141
141

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page

74

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Osteopathic Professional Group Reports Year-Old Breach

Data Breach Today

PII of Nearly 28,000 Members Exfiltrated in June 2020 Hacking Incident The American Osteopathic Association has just begun notifying nearly 28,000 individuals about a June 2020 data exfiltration incident involving their personal information.

141
141

Recovering Real Faces from Face-Generation ML System

Schneier on Security

New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers.

Paper 74

New Yanluowang ransomware used in highly targeted attacks on large orgs

Security Affairs

Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises.

Microsoft Azure Attack Illustrates Ongoing DDoS Threats

eSecurity Planet

Officials with Microsoft’s Azure public cloud said the company in late August was able to stave off a record distributed denial-of-service (DDoS) attack against a European customer that originated in the Asia-Pacific region. The attack, which hit 2.4

IoT 71

LinkedIn + ZoomInfo Recruiter: Better Data for Better Candidates

Check out our latest ebook for a guide to the in-depth, wide-ranging candidate and company data offered by ZoomInfo Recruiter — and make your next round of candidate searches faster, more efficient, and ultimately more successful.

Since 2020, at least 130 different ransomware families have been active

Security Affairs

The popular Google’s VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples that have been uploaded from 140 countries worldwide.

US CISA releases Social Media Tip Sheet citing “Half a Billion Users Joined Social in the Last Year” Hootsuite Article #CyberMonth

IG Guru

Check out the tip sheet here. The post US CISA releases Social Media Tip Sheet citing “Half a Billion Users Joined Social in the Last Year” Hootsuite Article #CyberMonth appeared first on IG GURU.

Risk 70

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021.

A Telegram Bot Told Iranian Hackers When They Got a Hit

WIRED Threat Level

APT35 may not be the most dangerous group out there, but they've got a new phishing trick. Security Security / Cyberattacks and Hacks

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Becoming a Cybercriminal Keeps Getting Easier

eSecurity Planet

Zero-day vulnerabilities are no longer exclusively for elite hackers. There are now automated scripts available on GitHub so even novice hackers can explore these previously unknown security flaws. That was one of the insights in the HP Wolf Security Threat Insights Report released today.

WhatsApp made available end-to-end encrypted chat backups

Security Affairs

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats.

NCSC warns of “devastating” Russian ransomware attacks

IT Governance

The head of the NCSC (National Cyber Security Centre) has warned that “most of the devastating ransomware attacks against UK targets” originated in Russia and that not enough organisations in the UK are adequately prepared to deal with the threat.

6 Lessons From the Expiration of the Let's Encrypt Root Certificate

Dark Reading

Fallout from the transition highlights the need for organizations to monitor and have processes for updating CA roots, experts say

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Rickroll Grad Prank Exposes Exterity IPTV Bug

Threatpost

IPTV and IP video security is increasingly under scrutiny, even by high school kids. Vulnerabilities Web Security

US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn

Dark Reading

CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart "ongoing" threats targeting IT and OT networks

IT 67

Acer suffered the second security breach in a few months

Security Affairs

Taiwanese electronics technology giant Acer discloses a security breach suffered by its after-sales service systems in India after an isolated attack. Bad news for the Taiwanese electronics technology giant Acer, it disclosed a second security breach this year.

Sales 66