Fri.Aug 05, 2022

Class Action Targets Experian Over Account Security

Krebs on Security

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts.

US Extradites Russian Accused of Crypto Laundering

Data Breach Today

Alexander Vinnik Makes First Apperance in US Federal Court Accused cryptocurrency money launder Alexander Vinnik made his first appearance in U.S. federal court today.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022.

IoT 113

Europe Gets a New DDoS Attack Record

Data Breach Today

DDoS Attacks Intensify Worldwide Amid Geopolitical Unrest An unnamed Eastern Europe company became a victim of that continent's largest-ever distributed denial-of-service attack, says Akamai.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor

Security Affairs

A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor.

More Trending

CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog.

FFIEC Solicits Comments on Cybersecurity Assessment Tool

Data Breach Today

Council Looks to Enhance Quality, Utility and Clarity Information to Be Collected The Federal Financial Institutions Examination Council is asking for comments regarding the Cybersecurity Assessment Tool, the ostensibly voluntary way for banks and credit unions to self-assess exposure to risk and the maturity of their cybersecurity.

A Ransomware Explosion Fosters Thriving Dark Web Ecosystem

Dark Reading

For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience

Reports: NHS Dealing With IT Outages Due to Cyber Incident

Data Breach Today

A Third-Party Vendor to the UK's Health System Is Apparently at Center of Issues The U.K.'s s National Health Service is experiencing IT outages resulting from a cyberattack on a third-party vendor.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

How to Resolve Permission Issues in CI/CD Pipelines

Dark Reading

This Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines

Arctic Wolf's Dan Schiappa on Cloud Security in a Recession

Data Breach Today

The impending recession should accelerate cloud adoption as firms look to reduce infrastructure costs, but these moves will introduce a new set of security challenges. Arctic Wolf Chief Product Officer Dan Schiappa predicts many companies will start building security into their applications sooner

Cloud 206

DHS warns of critical flaws in Emergency Alert System encoder/decoder devices

Security Affairs

The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices.

Access 103

HHS HC3 Warns Healthcare of IoT Device, Open Web App Risks

Data Breach Today

IoT 206

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

All the Data Amazon's Ring Cameras Collect About You

WIRED Threat Level

The popular security devices are tracking (and sharing) more than you might think. Security Security / Privacy

Okta's Marc Rogers on Why Beating Ransomware Is a Team Sport

Data Breach Today

Increased collaboration between the public and private sectors hasn't slowed the increased frequency and ease of ransomware intrusions, but efforts to change the financial incentives of ransomware are having "a pretty good effect," says Marc Rogers, vice president of cybersecurity strategy at Okta

A Digital Home Has Many Open Doors

Dark Reading

Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access

Access 102

Nomad Entices Thieves of $190M Hack With Offer to Keep 10%

Data Breach Today

Give Us Back 90% and We'll Say You're a Good Guy,' Says Cryptocurrency Bridge The hackers who stole $190 million from cross-chain bridge Nomad stand to keep up to 10% of the loot and escape civil liability and criminal prosecution. The only caveat: They must return the rest of the money.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Twitter confirms zero-day used to access data of 5.4 million accounts

Security Affairs

Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4

Access 100

Genesis IAB Market Brings Polish to the Dark Web

Dark Reading

As the market for initial access brokers matures, services like Genesis — which offers elite access to compromised systems and slick, professional services — are raising the bar in the underground economy

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

WIRED Threat Level

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either. Security Security / Cyberattacks and Hacks Security / Security News

Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers

Dark Reading

Over the past few weeks, a Mirai variant appears to have made a pivot from infecting new servers to maintaining remote access

12 Plays to Kickstart Your Recruitment Process

To stay ahead in this race, every recruiter needs a good playbook. In this eBook, we lay out 12 recruiting plays that can automate key steps in your recruitment process, helping you reduce both the cost and the time it takes to hire the best candidates.

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Security Affairs

Dark Utilities “C2-as-a-Service” is attracting a growing number of customers searching for a command-and-control for their campaigns.

Stolen Data Gives Attackers Advantage Against Text-Based 2FA

Dark Reading

With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place

Origins of the ICRM, by Steven D. Whitaker, CRM?

IG Guru

Check out this article featured in 2022 to learn more about the history of the Institute of Certified Records Managers (ICRM). ICRM Records Management Sponsored Archives

What Worries Security Teams About the Cloud?

Dark Reading

What issues are cybersecurity professionals concerned about in 2022? You tell us

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Open Redirect Flaw Snags Amex, Snapchat User Data

Threatpost

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims. Hacks Vulnerabilities Web Security

OpenText named a leader in the 2022 Aspire CCM-CXM Leaderboard

OpenText Information Management

Fifth year running as a market leader underpinned by investments in AI, content services and customer data platforms The OpenTextTM Experience Platform for Communications solution was recently recognized as a Leader in the 2022 Aspire LeaderboardTM for Communications Experience Platforms (CXP).

Weekly Update 307

Troy Hunt

A very early weekly update this time after an especially hectic week. The process with the couple of data breaches in particular was a real time sap and it shouldn't be this hard.