Tue.Jul 28, 2020

Anatomy of a Breach: Criminal Data Brokers Hit Dave

Data Breach Today

Evidence Points to 'ShinyHunters' Hacking Team Phishing Employees of Mobile Bank Mobile banking startup Dave is just the latest victim of criminal data brokers.

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Disclaimer : due to a complaint from the citizens of my native city in Italy… I had to rename #PiadinaBoard into #BurtleinaBoard.

IoT 108

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

US, UK Agencies Warn: QNAP NAS Devices Vulnerable

Data Breach Today

Over 62,000 Storage Devices Infected by QSnatch Data-Stealing Malware U.S. and U.K. cybersecurity agencies issued a joint warning this week that over 62,000 QNAP network-attached storage devices worldwide have been infected with data-stealing malware

ShinyHunters leaked over 386 million user records from 18 companies

Security Affairs

ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online. The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum.

Phishing Campaign Uses Fake SharePoint Alerts

Data Breach Today

Fraudsters Leverage Automated Messages in Effort to Steal Office 365 Credentials Fraudsters are mimicking automated messages from Microsoft SharePoint for a phishing campaign that attempts to steal Office 365 credentials, according to the security firm Abnormal Security

Survey of Supply Chain Attacks

Schneier on Security

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.

Access 104

More Trending

FBI warns US companies on the use of Chinese Tax Software

Security Affairs

The FBI has issued an alert to warn US organizations of the risk associated with the use of Chinese tax software that could be infected with malware.

HCA Healthcare's CSO on Leadership Under Fire

Data Breach Today

Paul Connelly on Lessons from COVID-19, Public Service and 18 Years on the Job Paul Connelly has been CSO at HCA Healthcare for more than 18 years. But no year has been more trying than this one.

Nefilim ransomware operators leaked data alleged stolen from the Dussmann group

Security Affairs

Cyble researchers reported that Nefilim ransomware operators allegedly targeted the Dussmann group, the German largest private multi-service provider.

Mitigating Brand Impersonation Fraud

Data Breach Today

Social media analytics tools can play a key role in mitigating the risk of brand impersonation fraud, says Barika Pace, senior director analyst at Gartner

Universities across the UK and North America confirm cyber attack

IT Governance

A software supplier used by some of the UK’s biggest universities has confirmed that it suffered a cyber attack in May.

GDPR 87

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices.

Why healthcare needs big data and analytics

IBM Big Data Hub

The COVID-19 global pandemic has heightened the focus on collecting, analyzing, and leveraging big data to drive positive and lifesaving outcomes. Yet the volume, velocity, and variety of data generated by COVID-19 is too vast and complex to be analyzed by traditional means

North Korea-Linked Lazarus APT is behind the VHD ransomware

Security Affairs

Security experts from Kaspersky Lab reported that North Korea-linked hackers are attempting to spread a new ransomware strain known as VHD.

Burners, Dots, and Pluses: Protecting Your Email in the Post-Privacy Age

Adam Levin

If you find your personal email account bombarded with unwanted marketing emails, there’s a good chance your account was compromised in a breach. That said, email these days is a minefield we all need to learn how to traverse safely. .

Researchers Warn of High-Severity Dell PowerEdge Server Flaw

Threatpost

A path traversal vulnerability in the iDRAC technology can allow remote attackers to take over control of server operations. Vulnerabilities Dell iDRAC technology patch path traversal flaw Server vulnerability

102
102

Pirate Ship Sailing to Developing World: Group-IB Uncovers Real Captains of Online Piracy Crew

Security Affairs

Group-IB’s report uncovers major players and driving forces of a criminal digital piracy syndicate which has been flourishing in the post-Soviet space. Group-IB , a global threat hunting and intelligence company headquartered in Singapore, today presented its report “ Jolly Roger’s patrons.

7.5M Banking Customers Affected in Dave Security Breach

Dark Reading

The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev

Dell Technologies has named DXC Technology as a Titanium Black Partner. What does it mean for our customers?

DXC

I’m very excited and proud to announce that DXC Technology recently achieved Dell Technologies’ highest level of partner status – Titanium Black. Only 13 companies in Dell Technologies’ partner network, one of the largest in the industry, have been recognized at this level.

Cloud 70

Lazarus Group Brings APT Tactics to Ransomware

Threatpost

A new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA. Malware apt Kaspersky Lazarus Malware analysis mata framework ransomware vhd

Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness

Dark Reading

More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data

Cloud 68

[Podcast] IIM Challenges and Opportunities in the Energy Industry

AIIM

The energy industry plays a crucial role in all our lives. Without it, we wouldn't be able to keep the lights on.or the wifi, or the computers.and so on, but what is it that powers this critical industry?

Lazarus Group Shifts Gears with Custom Ransomware

Dark Reading

The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report

NAGARA Webinar – Mining Our Past, Engineering Our Future – Registration and Fee Required – 5 Credits

IG Guru

NAGARA’s 2020 Summer Online Forum: Mining Our Past, Engineering Our Future is on Friday, July 31, 2020! Today, we want to highlight for you the fifth of five Forum session presentations. Remember, this event has been pre-approved for 5.0 CEUs by ARMA International 5.0 CMPs from ICRM, and 5.0

Avon Server Leaks User Info and Administrative Data

Dark Reading

An unprotected server has exposed more than 7GB of data from the beauty brand

68

The Fuzzing Files: The Anatomy of a Heartbleed

ForAllSecure

In late March 2014, two teams of security researchers independently started fuzz testing OpenSSL, an open source utility that encrypts traffic from a web browser to a server and forms the basis of trusted transactions online.

As Businesses Move to the Cloud, Cybercriminals Follow Close Behind

Dark Reading

In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware

What is Modernization?

Rocket Software

I was asked as part of our Ask Rocket program to answer the question “What is Modernization?”. In product roadmap meetings, customer conversations and discussions with analyst firms, we grapple with that every day here.

Researchers Foil Phishing Attempt on Netflix Customers

Dark Reading

Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site

Podcast: Security Lessons Learned In Times of Uncertainty

Threatpost

Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2020. Podcasts coronavirus COVID-19 Cybersecurity podcast ransomware Security social engineering Threats

Autonomous IT: Less Reacting, More Securing

Dark Reading

Keeping data secure requires a range of skills and perfect execution. AI makes that possible

IT 56

Jamf releases enhancements and delivers on community feature requests

Jamf

Jamf Pro 10.23 is here and with it comes a feature directly from your requests

IT 67

Schrems II Fallout — Understanding Essential Equivalence and What Businesses Should Do Now

Data Matters

Schrems II — Legal Analysis. With the EU-U.S. Privacy Shield declared invalid as a result of the Schrems II decision, there will be an immediate impact on the future of international data flows and potentially for your business.

Michael McClure: In Memoriam

Archives Blogs

Robbie Robertson, Michael McClure, Bob Dylan and Allen Ginsberg in the alley behind City Lights Books, San Francisco, 1965. On May 4th of this year , one of the great geniuses of poetry and the arts passed away, and we wanted to take a moment here to commemorate his passing.