Thu.Apr 29, 2021

Fighting Ransomware: A Call for Cryptocurrency Regulation

Data Breach Today

Coalition Offers a Framework for Disrupting Attacks A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Chinese Cyber Espionage Campaign Used Another Backdoor

Data Breach Today

Bitdefender: Naikon Targeted Military Organizations in Southeast Asia A Chinese advanced persistent threat group known as Naikon deployed a new malware backdoor to wage a lengthy cyber espionage campaign against military organizations in Southeast Asia, security firm Bitdefender reports

Researchers Connect Complex Specs to Software Vulnerabilities

Dark Reading

Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link

107
107

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Protect the Brand: Online Fraud and Cryptocurrency Scams

Data Breach Today

Phishing, online fraud, cryptocurrency scams – they are coming at lightning speed, threating enterprises and their brands. And just as fraudsters rely on automation to deliver these attacks, defenders can use automated tools to protect their brands. Jeff Baher of Bolster tells how

More Trending

Guilty Plea in SIM Swapping Scam to Steal Cryptocurrency

Data Breach Today

Prosecutors: Yearslong Scheme Resulted in Theft of $530,000 A Massachusetts man has pleaded guilty to running a yearslong scam that used SIM swapping and other hacking techniques to steal more than $530,000 worth of cryptocurrency

176
176

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package.

Experian API Flaw Raises Questions

Data Breach Today

Cybersecurity Experts Call for Systemic Improvements Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses to allow lenders to check the credit score of prospective borrowers could expose customer's scores.

An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos

Security Affairs

Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack.

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

Chinese Cyberespionage Campaign Used Another Backdoor

Data Breach Today

Bitdefender: Naikon Targeted Military Organizations in Southeast Asia A Chinese advanced persistent threat group known as Naikon deployed a new malware backdoor to wage a lengthy cyberespionage campaign against military organizations in Southeast Asia, security firm Bitdefender reports

An issue in the Linux Kernel could allow the hack of your system

Security Affairs

An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588 , could allow attackers to bypass the Kernel Address Space Layout Randomization bypass (KASLR).

IT 95

Civilian Cyber Reserve Program Proposed

Data Breach Today

Legislation Would Create Nation Guard-Style Program to Counter Cyberthreats A bipartisan group of lawmakers has introduced a legislative proposal that would create a program, similar to the National Guard, to deploy those with tech and security skills during significant cyberthreats, such as the recent SolarWinds and Microsoft Exchange attacks.

API Hole on Experian Partner Site Exposes Credit Scores

Dark Reading

Student researcher is concerned security gap may exist on many other sites

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

ISC(2): Only 13% of Cybersec Pros Had a Cyber Education

Data Breach Today

Study Points to Need for Extensive On-the-Job Training Only 13% of cybersecurity professionals had a cybersecurity education before getting into the sector reports (ISC)², pointing to the need for extensive on-the-job training

Welcoming the Romanian Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains.

Google COVID-19 Contact-Tracing Tool Exposes Data: Lawsuit

Data Breach Today

Complain Alleges 'Exposure Notification System' Allows Third-Party Access to Personal Info A lawsuit alleges that a security flaw in a Google COVID-19 contact tracing tool is exposing personal and medical information of millions of users to third parties through device system logs.

Access 169

XDR Pushing Endpoint Detection and Response Technologies to Extinction

Dark Reading

Ironically, EDR's success has spawned demand for technology that extends beyond it

IT 89

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Touhill Takes Charge at Carnegie Mellon SEI’s CERT

Data Breach Today

Ex-Federal CISO Sees New Opportunities for Partnerships, Defense He’s been an Air Force general, a CEO and the first federal CISO. Now Gregory Touhill is taking charge as director of the Carnegie Mellon University Software Engineering Institute's CERT Division.

167
167

The Challenge of Securing Non-People Identities

Dark Reading

Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk

Identifying People Through Lack of Cell Phone Use

Schneier on Security

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance: After Faïd’s helicopter breakout, 3,000 police officers took part in the manhunt.

87

Experian API Leaks Most Americans’ Credit Scores

Threatpost

Researchers fear wider exposure, amidst a tepid response from Experian. Breach Cloud Security Web Security

Cloud 114

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Successful Information Management: What's Standing in Your Way?

AIIM

One would think that the rapid pace of changing technology is the primary struggle for organizations on their journey to transforming into a truly digital organization. However, based on our recent state of the intelligent information management industry research , that is simply not the case.

SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits

Threatpost

There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps. Web Security

Your Digital Identity's Evil Shadow

Dark Reading

In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents

F5 Big-IP Vulnerable to Security-Bypass Bug

Threatpost

The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console. Vulnerabilities

Access 106

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft

Dark Reading

More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices

IoT 71

Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites

Threatpost

The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes. Malware Mobile Security Web Security

Weekly Update 241

Troy Hunt

What. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT.

IoT 66