Mon.May 16, 2022

Cause for Concern? Ransomware Strains Trace to North Korea

Data Breach Today

Attackers Appear to Be Testing the Profit-Making Potential of Crypto-Locking Malware If you were a nation with legions of hackers at your disposal, seeking to sidestep crippling international sanctions, would you look to ransomware to fund your regime?

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

It’s a scenario executives know too well. Related: Third-party audits can hold valuable intel. You and your cybersecurity team do everything correctly to safeguard your infrastructure, yet the frightening alert still arrives that you’ve suffered a data breach. It’s a maddening situation that occurs far more often than it should.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Proof of Concept: Apple/Microsoft/Google Back Passwordless

Data Breach Today

Also: Cyber Readiness in Wartime; Privacy Regulation Updates In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S.

Why People Fall for Scams

KnowBe4

Scammers use a variety of tried-and-true tactics to trick people, according to André Lameiras at ESET. For example, they can easily find open-source information about people on the internet and use this to craft targeted attacks. Social Engineering Security Awareness Training

Cyber Security, Change Management and Enterprise Risk Management: Scaling Operations for Growth

Speaker: William Hord, Vice President of Risk Management and Compliance

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

EU Parliament, Council Agree on Cybersecurity Risk Framework

Data Breach Today

NIS2 Directive Aims to Counter Increasing Cyberthreats to Europe The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations."

Risk 201

More Trending

AvosLocker Claims Data Theft From Another Healthcare Entity

Data Breach Today

Ransomware Group Leaks Alleged Sample of Stolen Cancer Patient Info In its most recent assault against a healthcare entity, ransomware-as-a-service operator AvosLocker claims to be behind an attack allegedly involving data theft from Texas-based CHRISTUS Health, which operates hundreds of healthcare facilities in the U.S., Mexico and South America.

iPhones Open to Attack Even When Off, Researchers Say

Dark Reading

Wireless chips that run when the iPhone iOS is shut down can be exploited

98

New Cyberattacks on Italy Include Eurovision Disruption

Data Breach Today

Pro-Russian Killnet Denies Attack on Music Festival, Vows Retaliation The Italian police have reportedly thwarted a cyberattack on music competition Eurovision, allegedly perpetrated by pro-Russian threat group Killnet.

Open Source Security Gets $150M Boost From Industry Heavy Hitters

Dark Reading

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.”

Paper 83

Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future

Dark Reading

A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services

A custom PowerShell RAT uses to target German users using Ukraine crisis as bait

Security Affairs

Researchers spotted a threat actor using a custom PowerShell RAT targeting German users to gain intelligence on the Ukraine crisis. Malwarebytes experts uncovered a campaign that targets German users with custom PowerShell RAT targeting.

NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards

Dark Reading

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Apple fixes the sixth zero-day since the beginning of 2022

Security Affairs

Apple released security updates to address a zero-day bug actively exploited in attacks against Macs and Apple Watch devices. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22675, actively exploited in attacks aimed at Macs and Apple Watch devices.

Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

Dark Reading

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear

85

UpdateAgent Adapts Again

Jamf

The Jamf Threat Labs team has recently identified changes to the UpdateAgent malware dropper. These changes primarily focus on new executables written in Swift that reach out to a registration server to pull down a new set of instructions in the form of a bash script.

IT 114

US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional

Dark Reading

In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Data Conversion: Dos and Don’ts

ARMA International

As technology continues to evolve at a rapid rate, it is inevitable that you will be faced with at least one data conversion project during the course of your career. There are many reasons why your organization might face a data conversion project. Your current system may be outdated.

Name That Toon: Knives Out

Dark Reading

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card

82

Ukrainian national sentenced to 4 years in prison for selling access to hacked servers

Security Affairs

A 28-year-old Ukrainian national has been sentenced to four years in prison for selling access to hacked servers. Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old Ukrainian national, has been sentenced to four years in prison for selling access to comprised servers on the dark web.

Sales 78

You Can't Opt Out of Citizen Development

Dark Reading

To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise

IT 81

12 Plays to Kickstart Your Recruitment Process

To stay ahead in this race, every recruiter needs a good playbook. In this eBook, we lay out 12 recruiting plays that can automate key steps in your recruitment process, helping you reduce both the cost and the time it takes to hire the best candidates.

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms

Schneier on Security

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest.

TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft

Dark Reading

MDR Sentinel expands TorchLight’s leading managed detection and response (MDR) services with turnkey SIEM and SOAR capabilities from Microsoft; TorchLight also announces it attains elite Microsoft Gold Partner Status

US Courts Are Coming After Crypto Exchanges That Skirt Sanctions

WIRED Threat Level

A newly unsealed opinion is likely the first decision from a US federal court to find that cryptocurrencies can't be used to evade sanctions. Security Business / Blockchain and Cryptocurrency

Inside the Effort to Revamp the DC Archives via The Washingtonian

IG Guru

Check out the article here. The post Inside the Effort to Revamp the DC Archives via The Washingtonian appeared first on IG GURU. Archives IG News Storage DC Washingtonian

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Why you should keep data observability separate from data cleansing

Collibra

As a principal for data quality, I enjoy taking time to work with our customer base. Since joining Collibra, I had the privilege of speaking to over 60 companies in just a few months. These organizations demonstrate perspectives and prioritization that show great promise in the industry of data. .

Risk 87

How is intelligent information management driving your sector?

OpenText Information Management

As businesses in every sector emerge from the Covid-19 pandemic, change is top of the agenda. If we were digitally transforming before, now we’re accelerating at a seemingly unstoppable pace.

Exploring “green” finance offerings, part 2

CGI

This blog shares insight on key “green” finance offerings and why banks should pay attention to them

83