Fri.Mar 05, 2021

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

Researchers Disclose More Malware Used in SolarWinds Attack

Data Breach Today

Microsoft, FireEye Find Additional Payloads Used During Supply Chain Attack Researchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds last December.

232
232
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

WIRED Threat Level

A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught. Security Security / Cyberattacks and Hacks

Hackers Exploit Exchange Flaws to Target Local Governments

Data Breach Today

FireEye, Other Security Firms Detect Activity Hackers have targeted units of local government by attempting to exploit unpatched vulnerabilities in Microsoft Exchange email servers, according to a new report by the security firm FireEye. Meanwhile, CISA has updated its alert

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

No, RSA Is Not Broken

Schneier on Security

I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” ” It describes a new factoring method, and its abstract ends with the provocative sentence: “This destroys the RSA cryptosystem.”

Paper 109

More Trending

5 Ways Social Engineers Crack Into Human Beings

Dark Reading

These common human traits are the basic ingredients in the con-man's recipe for trickery

109
109

Supply Chain Attack Jolts Airlines

Data Breach Today

Malaysia Airlines, Singapore Airlines, Finnair, Air New Zealand Confirm Breaches An aviation IT company that says it serves 90% of the world's airlines has been breached in what appears to be a coordinated supply chain attack.

IT 194

Microsoft Exchange Server Exploits Hit Retail, Government, Education

Dark Reading

Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities

Russian Hackers Deploy New Ransomware Variant

Data Breach Today

Kaspersky Says RTM Group Attempts Extortion The Russian hacker group RTM is deploying a new ransomware variant dubbed "Quoter" along with a banking Trojan as part of an extortion campaign, according to the security firm Kaspersky

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

McAfee Is Indicted for Altcoin Pump-and-Dumps and ICO Schemes

WIRED Threat Level

The 75-year-old antivirus entrepreneur faces up to 80 years in prison if convicted. Security Security / Security News

Mark of Ransomware's Success: $370 Million in 2020 Profits

Data Breach Today

Proceeds Boosted via Big Game Hunting, Data Leaking, Hitting Healthcare Sector Ransomware dominated the online-enabled crime landscape in 2020, some security experts say, thanks to the massive profits it's been generating and the relative ease of use for attackers - including support from a burgeoning cybercrime-as-a-service market.

Realistic Patch Management Tips, Post-SolarWinds

Dark Reading

Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates

102
102

Data Analytics Firm Polecat Exposed 30 TB of Data

Data Breach Today

Researchers Say Social Media Information Exposed An unsecured server belonging to UK-based data analytics company Polecat exposed an estimated 30 terabytes of data, including 12 billion records related to social media, according to Wizcase CyberResearch Team

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.

Dark Reading

On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go

Accellion Breaches: Key Takeaways

Data Breach Today

This edition of the ISMG Security Report features an analysis of key takeaways from the breaches tied to flaws in the Accellion File Transfer appliance.

Make Sure That Stimulus Check Lands in the Right Bank Account

Dark Reading

If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials

Accellion Appliance Zero-Day Attack Breaches: Key Takeaways

Data Breach Today

This edition of the ISMG Security Report features an analysis of key takeaways from the breaches tied to flaws in the Accellion File Transfer appliance.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Five privilege escalation flaws fixed in Linux Kernel

Security Affairs

Experts found five vulnerabilities in the Linux kernel, tracked as CVE-2021-26708, that could lead to local privilege escalation. Positive Technologies researcher Alexander Popov found five high severity vulnerabilities in the Linux kernel that could lead to local privilege escalation.

Massive Supply-Chain Cyberattack Breaches Several Airlines

Threatpost

The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers. Breach Cloud Security Vulnerabilities Web Security

Cloud 110

Managed Services provider CompuCom by Darkside ransomware

Security Affairs

US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its operations, experts believe it was a ransomware attack. US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its services and some of its operations.

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

Threatpost

A new variant of the Gafgyt botnet - that's actively targeting vulnerable D-Link and Internet of Things devices - is the first variant of the malware to rely on Tor communications, researchers say. IoT Malware Vulnerabilities Web Security

IoT 108

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Millions of travelers of several airlines impacted by SITA data breach

Security Affairs

SITA, a multinational IT company that provides services to the air transport industry was the victim of cyberattack that impacted multiple airlines. SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry.

WordPress Injection Anchors Widespread Malware Campaign

Threatpost

Website admins should patch all plugins, WordPress itself and back-end servers as soon as possible. Malware Web Security

Weekly Update 233

Troy Hunt

Data breaches all over the place this week!

GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers

Security Affairs

Microsoft experts continue to investigate the SolarWinds attack and spotted 3 new strains of malware used as second-stage payloads.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures

Threatpost

The lack of cybersecurity requirements in weapons contracts from the Department of Defense opens the door for dangerous cyberattacks. Vulnerabilities Web Security

Threat Model Humor

Schneier on Security

At a hospital. Uncategorized humor medicine threat models

60

What’s new in Vendor Invoice Management CE 20.4

OpenText Information Management

Currently, there are vast computing powers available to the end customer. However, this can cause complete chaos when it comes to managing the entire IT landscape.

IT 60