Mon.Feb 22, 2021

Chinese Hacking Group 'Cloned' NSA Exploit Tool

Data Breach Today

Researchers: 'Jian' Hacking Tool Targeted Zero-Day Flaw in Windows A Chinese hacking group reportedly "cloned" and deployed a zero-day exploit developed by the NSA's Equation Group before Microsoft patched the Windows flaw being exploited, according to Check Point Research.

212
212

China Hijacked an NSA Hacking Tool—and Used It for Years

WIRED Threat Level

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online. Security Security / National Security

IT 113
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

SonicWall Was Hacked. Was it Also Extorted?

Data Breach Today

Hacker Claims SonicWall Paid Ransom; SonicWall Stays Silent SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement.

IT 198

What Can Your Connected Car Reveal About You?

Dark Reading

App developers must take responsibility for the security of users' data

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Accellion: How Attackers Stole Data and Ransomed Companies

Data Breach Today

Accellion and Mandiant Say Four Vulnerabilities Have Now Been Patched Software company Accellion has released preliminary findings around the security incident that stung customers using its 20-year-old File Transfer Appliance.

More Trending

Fraudsters Using Telegram API to Harvest Credentials

Data Breach Today

Phishing Campaign Bypasses Secure Email Gateway A newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app's application programming interface to bypass secure email gateways, report researchers at the Cofense Phishing Defense Center

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Security Affairs

An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website.

Mobile Health App and API Security: Common Flaws

Data Breach Today

Broken object level authorization, or BOLA, vulnerabilities are among the most common and worrisome weaknesses contained in dozens of mobile health applications used by patients and clinicians, posing security and privacy risks to health information, says cybersecurity researcher Alissa Knight

GPS Vulnerabilities

Schneier on Security

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives.

IT 81

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

Sequoia Capital Investigating 'Cybersecurity Incident'

Data Breach Today

Few Details Are Known, But Phishing Attack May Have Played a Role Venture capital firm Sequoia Capital confirmed it was recently involved in a "cybersecurity incident," but offered no details on exactly what may have transpired. Cybersecurity teams and law enforcement agencies have been notified

Ukraine sites suffered massive attacks launched from Russian networks

Security Affairs

Ukraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites.

Sequoia Capital Suffers Data Breach

Dark Reading

The attack began with a successful phishing email

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research team discovered that China-linked APT31 group ( aka Zirconium.)

IT 78

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Assume ClubHouse Conversations Are Being Recorded, Researchers Warn

Threatpost

At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded.

Cloud 106

The Woman Bulldozing Video Games’ Toughest DRM

WIRED Threat Level

For Empress, cracking titles like Red Dead Redemption 2 and Immortals Fenyx Rising is more than a pastime. It's a mission. Security Security / Security News Culture / Video Games

IT 72

8 Ways Ransomware Operators Target Your Network

Dark Reading

Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques

NurseryCam daycare cam service shut down after security breach

Security Affairs

Daycare camera product NurseryCam was hacked last week, the company was forced to shut down its IoT camera service. On Friday, The Register become aware of the compromise of the NurseryCam network. NurseryCam is produced by the companies FootfallCam Ltd and Meta Technologies Ltd.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Researcher Reports Vulnerability in Apple iCloud Domain

Dark Reading

A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000

Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report

Threatpost

APT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers. Hacks Podcasts

99

Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims

Dark Reading

FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group

TDoS Attacks Take Aim at Emergency First-Responder Services

Threatpost

The FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services. Critical Infrastructure Hacks Web Security

IT 96

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Organisations turn the tide on ransomware attackers

IT Governance

Ransomware has become one of the most common and profitable forms of cyber crime, but there’s an obvious fact that is neglected: the attacks are only worthwhile if the victim chooses to pay up.

Georgetown County has yet to recover from a sophisticated cyber attack

Security Affairs

The systems of Georgetown County have been hacked at the end of January, and the county staff is still working to rebuild its computer network.

Cybercrime Groups More Prolific, Focus on Healthcare in 2020

Dark Reading

Almost four of every five attacks attributed in 2020 were conducted by cybercriminal groups, a significant jump from 2019, with attacks on healthcare or using the pandemic rising fast

62

OCR Settles Sixteenth Investigation in HIPAA Right of Access Initiative

IG Guru

February 12, 2021 The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its sixteenth settlement of an enforcement action in its HIPAA Right of Access Initiative.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11

Threatpost

The threat actors stole data and used Clop's leaks site to demand money in an extortion scheme, though no ransomware was deployed. Breach Hacks Vulnerabilities Web Security

Cybersecurity Responsibility in a Post-Pandemic World

Dark Reading

In this video, Omdia Cybersecurity Senior Research Director Maxine Holt explains why a more sustainable approach to post-pandemic cybersecurity is necessary

Thales leading the way with PCI-approved remote management solutions

Thales Cloud Protection & Licensing

Thales leading the way with PCI-approved remote management solutions. madhav. Tue, 02/23/2021 - 06:20. There is an increasing focus in the payments world regarding certifications. After all, transaction processing systems require robust security techniques in their attempts to defeat the fraudsters.