Wed.Oct 13, 2021

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.

Fertility Testing Lab Says Ransomware Breach Affects 350,000

Data Breach Today

Also, NJ AG Smacks Fertility Clinic With Big Fine in Hacking Incident A flurry of hacking incidents and other recent breach developments highlight the cyberthreats and risks facing fertility healthcare and other related specialty providers that handle sensitive patient information

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

In recent years, brands have started butting up against the line between convenience and privacy. Shoppers love the convenience of personalized experiences that their data powers, but then horror stories such as the Cambridge Analytica scandal make people skeptical about how much information companies should be collecting and sharing. Related: Apple battles Facebook over consumer privacy.

Dutch Cyber Cops Tell Stresser/Booter Customers: Cut It Out

Data Breach Today

How Many Strikes Should Cybercrime-as-a-Service Customers Get Before Getting Busted? Dutch cybercrime police have a message for almost 30 users of an on-demand distributed denial-of-service site: We see what you're doing; now cut it out or we're going to arrest you.

IT 173

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

VirusTotal Shares Data on Ransomware Activity

Dark Reading

Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half

More Trending

A Close Look at Russia's Ghostwriter Campaign

Dark Reading

The group, which conducts espionage and sows disinformation, is larger than previously thought and has shifted tactics

95

3 Men Charged by US DOJ With Laundering BEC Proceeds

Data Breach Today

1 Alleged Co-Conspirator Was Employed by Bank of America, TD Bank The U.S.

158
158

What Does a Chief Product Security Officer Do?

Dark Reading

A CPSO bridges the gap between developers and security to ensure products are built securely and safely

US Convenes Global Ransomware Summit Without Russia

Data Breach Today

China, Russia Both Absent from 30-Nation Gathering on the Threat of Ransomware The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Telegram Is Becoming a Cesspool of Anti-Semitic Content

WIRED Threat Level

A new report shows that channels devoted to anti-Jewish conspiracy theories are growing at an alarming rate. Why won’t the platform take action? Security

MyKings botnet operators already amassed at least $24 million

Security Affairs

The MyKings botnet (aka Smominru or DarkCloud) is still alive and continues to spread, allowing its operators to make huge amounts of money.

ROT 86

Improve the employee experience to be the employer of choice and engage your teams

DXC

In the age of the “war for talent,” it’s more important than ever to gain competitive advantage by reinventing the employee experience. Workers want to be engaged in their workplace and feel that their companies value them. That means businesses need to create a modern workplace that proves they do.

IT 83

Dutch police warn customers of a popular DDoS booter service

Security Affairs

Dutch police warn customers of a distributed denial-of-service (DDoS) website of stopping using the service to avoid prosecution. Dutch police warn customers of a booter service, abused to carry out distributed denial-of-service (DDoS) attacks, of to stop using it to avoid prosecution.

IoT 84

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Spotlight: COVID Broke Security. Can We Fix It In 2022?

The Security Ledger

In this Spotlight Podcast, Pondurance Founder and Chief Customer Officer Ron Pelletier gives us his predictions about the security trends that will shape 2022. The post Spotlight: COVID Broke Security. Can We Fix It In 2022? appeared first on The Security Ledger with Paul F. Roberts.

IT 82

Crooks use math symbols to evade anti-phishing solutions

Security Affairs

Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns.

New Python-based Ransomware Encrypts Virtual Machines Quickly

eSecurity Planet

Sophos cybersecurity researchers have discovered a Python-based ransomware operation that escalated from a compromised corporate network to encrypted virtual machines in just three hours.

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

A Chinese-speaking hacking group exploited a Windows zero-day vulnerability in a wave of attacks on defense and IT businesses. A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a new remote access trojan (RAT), tracked as MysterySnail.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Suing Infrastructure Companies for Copyright Violations

Schneier on Security

It’s a matter of going after those with deep pockets.

Apple silently fixed iOS zero-day without crediting the expet who reported it

Security Affairs

Apple has silently addressed a zero-day vulnerability that could allow attackers to gain access to sensitive user data. Apple has silently addressed zero-day vulnerability with the release of iOS 15.0.2, the vulnerability could allow attackers gain access to sensitive user information.

IT 78

OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

Threatpost

Cybercriminals exploited bugs in the world's largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users. Cloud Security Cryptography Vulnerabilities

Cloud 103

SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks

Dark Reading

Company’s virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

FreakOut Botnet Turns DVRs Into Monero Cryptominers

Threatpost

The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems. Hacks Malware Vulnerabilities Web Security

Fugue Adds Kubernetes Security Checks to Secure Infrastructure-As-Code

Dark Reading

Developers can apply proper security controls as they programmatically deploy Kubernetes clusters

Mandating a Zero-Trust Approach for Software Supply Chains

Threatpost

Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains. InfoSec Insider Vulnerabilities

A Pentagon official said he resigned because US cybersecurity is no match for China, calling it ‘kindergarten level’ via Yahoo! News

IG Guru

Check out the article here. The post A Pentagon official said he resigned because US cybersecurity is no match for China, calling it ‘kindergarten level’ via Yahoo! News appeared first on IG GURU.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

Threatpost

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities Web Security

Is the SEC Coming for Your Texts? SEC’s New Enforcement Director Telegraphs a Warning to Registrants About Improper Use of Personal Devices for Business-Related Communications

Data Matters

The U.S.

Worried Over Antitrust Debate, Apple Talks Sideloading Dangers

Dark Reading

Apple argues in a position paper that sideloading apps poses a major security threat to its users, as many lawmakers and technologists criticize its App Store as a monopoly

Paper 58