Tue.Apr 20, 2021

Nation-State Actor Linked to Pulse Secure Attacks

Data Breach Today

Vulnerabilities Exploited Include a Zero-Day in Ivanti's Pulse Connect Secure The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that U.S.

Note to Self: Create Non-Exhaustive List of Competitors

Krebs on Security

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. NYSE:IT ] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

XCSSET Malware Can Adapt to Target More Macs

Data Breach Today

Trend Micro Describes the Evolving Threat The XCSSET malware campaign can now adapt to target a wider variety of Macs, including those with the M1 chip, according to Trend Micro researchers

214
214

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War

WIRED Threat Level

Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out. Backchannel Security Security / Cyberattacks and Hacks

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Telehealth: Safeguarding Patient Data

Data Breach Today

New Guidance Spells Out Security Precautions Given the surge in the use of telehealth during the COVID-19 pandemic - and expectations for continued growth - the Healthcare and Public Health Sector Coordinating Council has unveiled guidance on safeguarding patient data during remote care encounters

More Trending

Geico Says Driver's License Numbers Stolen From Website

Data Breach Today

Data Used for Fraudulent Unemployment Claims U.S. insurance giant Geico says fraudsters stole driver's license numbers from its website after they supplied personal information that they had acquired elsewhere.

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

Dark Reading

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks

Did Huawei Eavesdrop on KPN Mobile Network?

Data Breach Today

KPN Disputes Reported Surveillance Risk to Users, Who Included Dutch Prime Minister A bombshell news report suggests that Dutch mobile network provider KPN in 2010 didn't know if one of its major equipment suppliers - China's Huawei - was spying on users.

Risk 189

Critical update: Facebook Messenger users hit by scammers in over 80 states

Security Affairs

Researchers from security firm Group-IB have detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB has detected a large-scale scam campaign targeting Facebook Messenger users all over the world.

Risk 102

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

100-Day Plan to Enhance Electrical Grid Security Unveiled

Data Breach Today

Biden Administration Plan Is Part of a Broader Critical Infrastructure Protection Effort The Biden administration is rolling out a 100-day plan to improve cybersecurity and address cyberthreats across the nation's electrical grid

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors.

Identity Management at the Core of Recent M&A Activity

Data Breach Today

Mastercard, Entrust and Keyfactor All Look to Bolster Identity Capabilities Identity management was the focus of three acquisitions announced in the last several days by Mastercard, Entrust and Keyfactor

169
169

WeChat users targeted by hackers using recently disclosed Chromium exploit

Security Affairs

Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn. China-based firm Qingteng Cloud Security, reported that threat actors weaponized the recently disclosed Chrome exploit to target WeChat users in China.

Cloud 96

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Foreign Spies Target British Nationals With Fake Social Media Profiles

Dark Reading

British security agency MI5 has launched a new education campaign to warn potential victims of the attacks

Watch out, hackers can take over your Cosori Smart Air Fryer

Security Affairs

Watch out, hackers could breach into your house by exploiting two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer. Security experts from Cisco Talos have found two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer.

2020 Changed Identity Forever; What's Next?

Dark Reading

For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations

Crooks stole driver’s license numbers from Geico auto insurer

Security Affairs

Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S.,

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Biden Administration Imposes Sanctions on Russia for SolarWinds

Schneier on Security

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks.

IT 75

Hacking a X-RAY Machine with WHIDelite & EvilCrowRF

Security Affairs

The popular cyber security expert Luca Bongiorni demonstrated how to hack an X-Ray Machine using his WHIDelite tool. Recently I bought a X-RAY machine from China to have some ghetto-style desktop setup in order to inspect/reverse engineer some PCBs and hardware implants.

Attackers Compromised Code-Checking Vendor's Tool for Two Months

Dark Reading

A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

North Korea-linked Lazarus APT group is abusing bitmap (.BMP) BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. .

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack

Dark Reading

Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems

GEICO Alerts Customers Hackers Stole Driver License Data for Two Months

Threatpost

The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website. Hacks Privacy Web Security

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

Authors: Carolyn Bigg , Venus Cheung and Fangfang Song. Important new guidelines outlining how personal and other types of financial information should be handled by financial institutions throughout the data lifecycle have just come into force in China, including a new data localisation obligation.

Collabware divides cloud platform into three parts

IG Guru

In an email last week, Graham Sibley the CEO of Collabware announces the following “…we’ve decided to divide our cloud platform, Collabspace, into three distinct products, each focused on a specific problem area that you need to solve.

Cloud 66

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Beware the Bug Bounty

Dark Reading

In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors

Risk 66

Net Zero by 2050 – Wind Digital Solutions Summit

RFID Global Solution, Inc.

Join us in supporting Zero by 2050 at the Wind Energy Digital Summit, April 20-21, 2021. The post Net Zero by 2050 – Wind Digital Solutions Summit appeared first on RFID Global Solution. Events News Digital Solutions rfid rfid global Wind Energy

63

Revealing the Invisible

AIIM

As the AIIM team and I put the finishing touches on AIIM21: a galactic digital experience , our attention is laser-focused on the educational content we bring to this year's participants.