Krebs on Security

MARCH 4, 2021

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.

Passwords 363

Passwords Analytics Encryption Authentication 363

Data Breach Today

MARCH 4, 2021

Microsoft, FireEye Find Additional Payloads Used During Supply Chain Attack Researchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds in December. These second-stage malware variants appear to have been deployed after organizations downloaded the "Sunburst" backdoor hidden in a software update.

339

339

AIIM

MARCH 4, 2021

To succeed on the Digital Transformation journey, requires a strategy, planning, and the design of a better information ecosystem - what we refer to as Intelligent Information Management (IIM). The first step on this journey is to get all of your information into the information ecosystem. This is a practice called Capture. Let’s take a deeper look at this first step of digital transformation.

Information capture 136

Information capture Digital transformation Records Management Metadata 136

Data Breach Today

MARCH 4, 2021

Forecast Calls for Backdoored Email and Possibly Ransomware, Cryptominers One day after Microsoft disclosed four serious flaws in Microsoft Exchange email servers, attackers are going on a wide hunt for vulnerable machines, experts say. There's not only a risk of backdoored email accounts, but also ransomware and cryptominers.

Ransomware 329

Ransomware Risk 329

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

MARCH 4, 2021

Group-IB published a report titled “Ransomware Uncovered 2020-2021 ”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Group-IB , a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021 ”. The research dives deep into the global ransomware outbreak in 2020 and analyzes major players’ TTPs (tactics, techniques, and procedures).

Ransomware 113

Ransomware Encryption Marketing Access 113

Security Affairs

MARCH 4, 2021

FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. Malware researchers at FireEye discovered a new sophisticated second-stage backdoor, dubbed Sunshuttle, while analyzing the servers of an organization that was compromised as a result of the SolarWinds supply-chain attack.

Communications 110

Communications IT Security Information Security 110

Data Breach Today

MARCH 4, 2021

NIST, CISA Call for Rethinking Security in Wake of Supply Chain Attack The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues - especially identity and access management, according to a breakdown of the attack presented this week by NIST and CISA.

IT 283

IT Access Security 283

Threatpost

MARCH 4, 2021

TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.

Privacy 107

Privacy Security 107

Data Breach Today

MARCH 4, 2021

Navy Federal Credit Union’s Thomas Malta on Applying CIAM Techniques New authentication models, including dynamic authorization and continuous authentication, that work well for consumers can be adopted for employees as well, says Thomas Malta, head of identity and access management at the Virginia-based Navy Federal Credit Union.

Authentication 261

Authentication Access 261

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Threatpost

MARCH 4, 2021

Cybercriminals are using the COVID-19 vaccine to steal Microsoft credentials, infect systems with malware and bilk victims out of hundreds of dollars.

Phishing 113

Phishing Security 113

Data Breach Today

MARCH 4, 2021

Flaw Being Exploited in the Wild Google has rolled out patches for a zero-day vulnerability in the popular web browser Chrome that's being exploited in the wild.

274

274

Threatpost

MARCH 4, 2021

Researchers with Microsoft and FireEye found three new malware families, which they said are used by the threat group behind the SolarWinds attack.

Government 114

Government Security 114

Data Breach Today

MARCH 4, 2021

In Other M&A Activity, TPG Capital to Acquire Thycotic; KnowBe4 Buys MediaPRO The security firm Okta shook up the identity and access management market Wednesday by announcing a $6.5 billion deal to acquire the customer IAM technology supplier Auth0. Two other cybersecurity M&A deals were also announced this week.

Marketing 257

Marketing Cybersecurity Access Security 257

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Thales Cloud Protection & Licensing

MARCH 4, 2021

The Cloud Trust Paradox: Keeping Control of Data & Encryption Keys in the Cloud. divya. Thu, 03/04/2021 - 09:38. Trust is a much-debated topic in cloud security. It is as important as privacy, security and compliance. With customers increasingly being less trusting of how companies store and process their data in the cloud, encrypting this data and controlling the encryption keys is essential for building trust.

Encryption 96

Encryption Cloud Healthcare Compliance 96

Data Breach Today

MARCH 4, 2021

Security Firm Confirms Breach After Clop Ransomware Gang Posts Stolen Customer Data Qualys has confirmed that its Accellion File Transfer Appliance software was breached by zero-day-wielding attackers after stolen customer data appeared on the Clop ransomware gang's data leaks site. The security firm's public breach notification comes more than two months after the firm first learned it had been breached.

Ransomware 233

Ransomware Security IT 233

WIRED Threat Level

MARCH 4, 2021

It's the digital equivalent of leaving your windows or doors open when you leave the house—and in some cases, leaving them open all the time.

Cloud 113

Cloud IT Privacy Security 113

Schneier on Security

MARCH 4, 2021

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level

Systems administration 99

Systems administration Government IT 99

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

MARCH 4, 2021

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive related to recently fixed Microsoft Exchange zero-days. . The US Cybersecurity and Infrastructure Security Agency (CISA) has issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange. . This week Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858,

Cybersecurity 100

Cybersecurity Access Cloud Security 100

IG Guru

MARCH 4, 2021

Check out the open letter to Ms. Dana Remus, White House Counsel, from the Government Accountability Project here. The post The White House will release visitor logs, but not for virtual visits – per the Government Accountability Project appeared first on IG GURU.

Government 97

Government Records Management Archiving 97

Threatpost

MARCH 4, 2021

Espionage attacks exploiting the just-patched remote code-execution security bugs in Microsoft Exchange servers are quickly spreading.

Security 107

Security Government 107

eSecurity Planet

MARCH 4, 2021

One reality of managing large organizations involves collecting massive amounts of sensitive data that is stored and managed in databases. This makes databases a prime target for cyberattacks. In this article, we cover some database security best practices that can help keep your databases safe from attackers. Separate database servers and web servers.

Security 88

Security Encryption Passwords Access 88

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Threatpost

MARCH 4, 2021

Elite Russian forums for cybercriminals have been hacked in a string of breaches, leaving hackers edgy and worried about law enforcement. .

Security 103

Security 103

Schneier on Security

MARCH 4, 2021

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China.

101

101

Security Affairs

MARCH 4, 2021

Now maintainers at the GRUB project have released security updates to address more than 100 vulnerabilities. GRUB2 (the GR and U nified B ootloader version 2 ) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks. In July 2020, researchers at the cybersecurity firmware Eclypsium disclosed a buffer overflow vulnerability, tracked as CVE-2020-10713 and dubbed BootHole , which c

Security 84

Security Cybersecurity Information Security IT 84

Dark Reading

MARCH 4, 2021

Newly discovered tools were designed for late-stage use after the attackers had already established a relatively firm presence on a breached network, vendors say.

91

91

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

WIRED Threat Level

MARCH 4, 2021

The full extent of the Solarwinds hack and Hafnium's attack on Microsoft Exchange Server may never be known.

Security 104

Security 104

Dark Reading

MARCH 4, 2021

Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.

Phishing 97

Phishing 97

Hunton Privacy

MARCH 4, 2021

On March 1, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted a response to the new Brazilian data protection authority’s ( Agência Nacional de Proteção de Dados, the “ANPD’s”) public consultation (in Portuguese) on the impact of the Brazilian data protection law ( Lei Geral de Proteção de Dados , the “LGPD”) on small and medium-sized enterprises (“SMEs”), which will inform the ANPD’s upcoming special rules for SMEs.

Compliance 75

Compliance Personal data Data breaches Education 75