Fri.Jan 08, 2021

SolarWinds Hires Chris Krebs to Reboot Its Cybersecurity

Data Breach Today

Hacked Firm Also Taps Former Facebook CSO as It Responds to Supply Chain Attack As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S.

WhatsApp Has Shared Your Data With Facebook for Years

WIRED Threat Level

A pop-up notification has alerted the messaging app's users to a practice that's been in place since 2016. Security Security / Privacy

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Federal Courts Investigate 'Apparent Compromise' of System

Data Breach Today

Meanwhile, Courts Suspend Use of SolarWinds, Adopt New Document Security Measures The U.S. federal court system is investigating an "apparent compromise" of a confidential electronic filing system used for sensitive legal documents.

IT 247

Top 5 'Need to Know' Coding Defects for DevSecOps

Dark Reading

Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Ryuk Ransomware Profits: $150 Million

Data Breach Today

Researchers Track Funds in 61 Cryptocurrency Wallets Researchers say cryptocurrency wallets used by the operators behind the Ryuk ransomware strain and the gang's affiliates hold more than $150 million

More Trending

JPMorgan Chase Hacker Sentenced to 12 Years in Prison

Data Breach Today

Russian Andrei Tyurin Pleaded Guilty to Numerous Charges A Russian national who pleaded guilty to hacking JPMorgan Chase and other financial institutions has been sentenced to 12 years in federal prison. The hacking scheme affected more than 100 million bank customers

197
197

Russian Hacker Sentenced to 12 Years for Role in Breaches of JP Morgan, Others

Dark Reading

Crimes netted him $19 million overall

105
105

Analysis: The Latest SolarWinds Hack Developments

Data Breach Today

This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends

Cloud 197

Ezuri memory loader used in Linux and Windows malware

Security Affairs

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Researchers Warn Attackers Are Scanning for Zyxel Products

Data Breach Today

Recently Disclosed Vulnerability Could Create Hard-Coded Backdoor Security researchers are warning that attackers appear to have stepped up scanning for vulnerable Zyxel products, including VPN gateways, access point controllers and firewalls.

Access 186

5 key trends that will impact cyber security in 2021

DXC

Will this year be as tumultuous as 2020? Let’s hope not. But one thing won’t change: In 2021, as is the case every year, companies will continue to be challenged by new or evolving cyber security threats.

State Department Plans to Create Cybersecurity Office

Data Breach Today

But Will the Move Be Carried Out Under Biden Administration? The U.S. Department of State has announced plans to create a Bureau of Cyberspace Security and Emerging Technologies to enhance its security and help it deal with international cybersecurity issues.

Russia’s SolarWinds Attack and Software Security

Schneier on Security

The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Ransomware and EHR Systems: A Dangerous Mix

Data Breach Today

Attack on Greater Baltimore Medical Center Spotlights the Fallout A Baltimore medical center that suffered a ransomware attack a month ago and pulled its electronic health record system offline as a precaution is finally beginning to restore access to the system, the organization's CEO says.

Welcome Bureau of Cyberspace Security and Emerging Technologies (CSET)

Security Affairs

United States Department of State approved the creation of the Bureau of Cyberspace Security and Emerging Technologies (CSET). The United States Secretary of State Mike Pompeo approved the creation of the Bureau of Cyberspace Security and Emerging Technologies (CSET) that was first announced in 2019.

2021: The State of Privacy

Data Breach Today

IAPP's Trevor Hughes Previews the Year's Global Trends, Challenges and Legislation From contact tracing to data transfer to the new California Privacy Rights Act, 2021 already is shaping up to be a big year for privacy.

Cartoon: Shakin' It Up at the Office

Dark Reading

And the winner of our December cartoon caption contest is

IT 85

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack

Threatpost

Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds. Government Hacks Malware Vulnerabilities Alex Stamos Chris Krebs cyberattack hack solarwinds

SolarWinds Hires Chris Krebs and Alex Stamos for Breach Recovery

Dark Reading

The former US cybersecurity official and former Facebook security chief will help SolarWinds respond to its recent attack and improve security

Unsecured Git server exposed Nissan North America

Security Affairs

A misconfigured Git server is the root cause for the leak of source code of mobile apps and internal tools belonging to Nissan North America. A misconfigured Git server has caused the leak of the source code of mobile apps and internal software used by Nissan North America.

FBI Warns of Egregor Attacks on Businesses Worldwide

Threatpost

The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior. Government Malware barnes & noble cyberattack egregor Encryption FBI malware ransomware ransomware as a service threat actors

IT 109

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Nvidia releases security updates for GPU display driver and vGPU flaws

Security Affairs

Nvidia has released security updates to address high-severity vulnerabilities affecting the Nvidia GPU display driver and vGPU software. . Nvidia has addressed a total of 16 flaws , including high-severity vulnerabilities affecting the Nvidia GPU display driver and vGPU software. .

Evolving customer communications

OpenText Information Management

Targeted customer communications are a powerful way to increase engagement and build brand loyalty. Done poorly, they’re also an effective way to drive your audience away. Your audience is being bombarded by tons of messages every day and the problem is getting worse, not better.

Ryuk Rakes in $150M in Ransom Payments

Threatpost

An examination of the malware gang's payments reveals insights into its economic operations. Malware Bitcoin malware payments ransomware ryuk

IT 98

APT Horoscope

Schneier on Security

This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Malicious Software Infrastructure Easier to Get and Deploy Than Ever

Threatpost

Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces. Malware Web Security advanced persistent threat apt C2 cobalt strike command and control server malware Metasploit Open Source PupyRAT

OCR Settles Thirteenth Investigation in HIPAA Right of Access Initiative via OCR Listserv

IG Guru

December 22, 2020 The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its thirteenth settlement of an enforcement action in its HIPAA Right of Access Initiative.

A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets

Threatpost

Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021. Government Hacks Podcasts Vulnerabilities COVID-19 cyberattack Healthcare ransomware solarwinds