Wed.Mar 03, 2021

Accellion Attack Involved Extensive Reverse Engineering

Data Breach Today

Sophisticated Attackers Took the Time to Master a 20-Year-Old Product, FireEye Says Using a nearly 20-year-old file-transfer product: What could go wrong?

232
232

Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys

Security Affairs

Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Microsoft Patches Four Zero-Day Flaws in Exchange

Data Breach Today

Attackers Used Flaws to Download Full Contents of Email Accounts Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server.

IT 199

CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers

Dark Reading

The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Lazarus Group Tied to TFlower Ransomware

Data Breach Today

Sygnia Researchers Say Hackers Using Their MATA Framework to Deliver Malware The Lazarus Group, a North Korean hacking operation also known as Hidden Cobra, is deploying TFlower ransomware using its MATA malware framework, security firm Sygnia reports

More Trending

GAO Report Highlights Need for Centralized Cyber Leadership

Data Breach Today

Intel: Paid Research Caught More Than 90% of Our Vulnerabilities

Dark Reading

Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software

Cybersecurity Leadership: Identity, Access, Complexity

Data Breach Today

CEOs and CISOs on Dealing With the ‘Work From Anywhere’ Challenge In this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector?

Access 186

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw

Security Affairs

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

AI Supremacy: Russia, China Could Edge Out US, Experts Warn

Data Breach Today

Cyberattack and Disinformation Risks From AI Loom Large, Commission Warns The U.S.

Gab's CTO Introduced a Critical Vulnerability to the Site

WIRED Threat Level

A review of the open source code shows an account under the executive's name made a mistake that could lead to the kind of breach reported this weekend. Security Security / Cyberattacks and Hacks

More Details Emerge on the Microsoft Exchange Server Attacks

Dark Reading

The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous

80

Home-Office Photos: A Ripe Cyberattack Vector

Threatpost

Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk. Cloud Security Privacy Web Security

Risk 102

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Design, Security, Tech Is the New Stack You Should Be Building

Dark Reading

Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Threatpost

Attackers have weaponized code dependency confusion to target internal apps at tech giants. Cloud Security Mobile Security Vulnerabilities Web Security

Cloud 101

Encoded Message in the Perseverance Mars Lander’s Parachute

Schneier on Security

NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander ‘s parachute. More information. Uncategorized encryption steganography

Google Patches Actively-Exploited Flaw in Chrome Browser

Threatpost

A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users. Web Security

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

The Ursnif Trojan has hit over 100 Italian banks

Security Affairs

Avast researchers reported that the infamous Ursnif Trojan was employed in attacks against at least 100 banks in Italy. Avast experts recently obtained information on possible victims of Ursnif malware that confirms the interest of malware operators in targeting Italian banks.

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets

Threatpost

Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks on civil-society targets by a Chinese APT. Government Hacks Malware Vulnerabilities

Attackers took over the Perl.com domain in September 2020

Security Affairs

The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of the domain in September 2020.

Sales 67

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

Threatpost

Wireless mouse-utility lacks proper authentication and opens Windows systems to attack. Hacks Mobile Security Vulnerabilities

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Cyber Defense Magazine – March 2021 has arrived. Enjoy it!

Security Affairs

Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 110 pages of excellent content.

Malaysia Air Downplays Frequent-Flyer Program Data Breach

Threatpost

A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. . Breach Hacks Privacy Web Security

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

Security Affairs

WizCase experts found a major breach in phone-tracking service Ringostat ’s database, millions of Phone Numbers, Recordings, and Call Logs Compromised. WizCase security team has found a major breach in phone-tracking service Ringostat ’s database.

Okta to Buy Rival Auth0

Dark Reading

The deal, valued at $6.5 billion, will bring together competitors in the identity management space

61

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Catches of the month: Phishing scams for March 2021

IT Governance

The Royal Mail is used in so many scams that it has a specific section on its website to help people detect and report fraudulent messages. That service has been especially busy recently after people received emails and texts supposedly from the Royal Mail demanding a shipping payment.

Intel: More Than 90% of Our Vulnerabilities Found via Research

Dark Reading

Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

Threatpost

The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics. Hacks Malware