Wed.May 18, 2022

WSJ: "Cyber Insurance Went Up A Whopping 92% In 2021"

KnowBe4

Whoa Nellie, that's getting to be real money here. This is the kind of thing that starts cutting into your whole IT budget. Security Awareness Training

Conti Claims It Has 'Insiders' in Costa Rican Government

Data Breach Today

Ransomware Group Continues to Demand Ransom Payment From Besieged Government Ransomware group Conti, which has been holding to ransom crypto-locked Costa Rican government systems since April, has claimed on its leak site Conti News that it has "insiders" in the country's government, and that they are working toward the compromise of "other systems

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me

CISA: Majority of US Gov Will Be Getting EDR Later in 2022

Data Breach Today

EDR Deployments Will be Underway at More Than Half of Federal Agencies This Year EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials.

Cyber Security, Change Management and Enterprise Risk Management: Scaling Operations for Growth

Speaker: William Hord, Vice President of Risk Management and Compliance

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

MY TAKE: How ‘CAASM’ can help security teams embrace complexity – instead of trying to tame it

The Last Watchdog

The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly. Related: Stopping attack surface expansion. And yet, the modern attack surface continues to expand exponentially, largely unchecked. This dichotomy cannot be tolerated over the long run. Encouragingly, an emerging class of network visibility technology is gaining notable traction.

More Trending

MITRE Creates Framework for Supply Chain Security

Dark Reading

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers

North Korean IT Workers Using US Salaries to Fund Nukes

Data Breach Today

Scheme Results in Firms Unknowingly Financing Sanctioned Weapons Programs North Korean information technology workers have been attempting to obtain employment in public and private sectors in the United States to fund their home country's weapons of mass destruction and ballistic missiles programs, according to an advisory from U.S.

2022: The Year Zero Trust Becomes Mainstream

Dark Reading

It has never been more important for organizations of all sizes to prioritize securing their users and their infrastructure secrets with zero-trust network access

Victim List in EHR Vendor Hack Grows as New Details Emerge

Data Breach Today

More Than 348,000 Patients at Multiple Eye Care Practices Affected So Far The list of ophthalmology practices and the number of individuals affected by a December hacking incident at a cloud-based electronic health records vendor, which resulted in deleted databases, are growing as more details about the attack slowly emerge.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

iPhone Malware that Operates Even When the Phone Is Turned Off

Schneier on Security

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs.

CISA: Majority of US Government Will Get EDR Later in 2022

Data Breach Today

EDR Deployments Will Be Underway at More Than Half of Federal Agencies This Year EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials.

This Hacktivist Site Lets You Prank-Call Russian Officials

WIRED Threat Level

To protest the war in Ukraine, WasteRussianTime.today auto-dials Russian government officials, connects them to each other, and lets you listen in to their confusion. Security Security / Cyberattacks and Hacks

Five Eyes Alliance Advises on Top 10 Initial Attack Vectors

Data Breach Today

Cybersecurity Companies Weigh in on Pros and Cons of the Latest Alert Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Conti Ransomware gang threatens to overthrow the government of Costa Rica

Security Affairs

The Conti ransomware gang is threatening to ‘overthrow’ the new government of Costa Rica after last month’s attack. Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government refused to pay a ransom.

How Threat Actors Are a Click Away From Becoming Quasi-APTs

Dark Reading

As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare

91

Microsoft warns of the rise of cryware targeting hot wallets

Security Affairs

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets.

CISA to Federal Agencies: Patch VMWare Products Now or Take Them Offline

Dark Reading

Last month attackers quickly reverse-engineered VMWare patches to launch RCE attacks. CISA warns it's going to happen again

IT 90

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Security Affairs

Microsoft warns of brute-forcing attacks targeting Microsoft SQL Server (MSSQL) database servers exposed online. Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected instances.

Microsoft Flags Attack Targeting SQL Servers With Novel Approach

Dark Reading

Attackers appear to have found a way around PowerShell monitoring by using a default utility instead

88

CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws

Security Affairs

CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 vulnerabilities by May 23, 2022.

The Industry Must Better Secure Open Source Code From Threat Actors

Dark Reading

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats

12 Plays to Kickstart Your Recruitment Process

To stay ahead in this race, every recruiter needs a good playbook. In this eBook, we lay out 12 recruiting plays that can automate key steps in your recruitment process, helping you reduce both the cost and the time it takes to hire the best candidates.

VMware fixed a critical auth bypass issue in some of its products

Security Affairs

VMware addressed a critical authentication bypass vulnerability “affecting local domain users” in multiple products.

How Pwn2Own Made Bug Hunting a Real Sport

Dark Reading

From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting

83

IT Buyers Don’t Take Security Seriously Enough: HP

eSecurity Planet

Given the insane security environment we are in, it may seem weird to suggest that a tech company is too good at security. How can you be too good at something that is critical to the safety and operational resilience of companies and nations? Security is weird that way.

IT 78

CISA: Unpatched F5 BIG-IP Devices Under Active Attack

Dark Reading

Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns

79

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift

Security Affairs

Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers from the Jamf Threat Labs team have uncovered a new variant of the UpdateAgent macOS malware dropper.

Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments

Dark Reading

Polygraph Data Platform adds Kubernetes audit log monitoring, integration with Kubernetes admission controller, and Infrastructure as Code (IaC) security to help seamlessly integrate security into developer workflows

Cloud 78

Log4j Vulnerability Puts Enterprise Data Lakes and AI at Risk

eSecurity Planet

The Apache Log4j Log4Shell bug is one of the most critical vulnerabilities in the history of cybersecurity. Hundreds of millions of devices use the Log4j component for various online services, among them government organizations, critical infrastructure, companies and individuals.

Risk 76