Thu.May 13, 2021

Colonial Pipeline Restarts Operations Following Attack

Data Breach Today

Company Says It Will Take Several Days to Restore Supply Chain Colonial Pipeline Co. announced Wednesday that it had restarted its operations following a ransomware attack last Friday. The company says it will take several days to restore all of its supply chain operations

RSAC insights: Security Compass leverages automation to weave security deeper into SecOps

The Last Watchdog

In a day and age when the prime directive for many organizations is to seek digital agility above all else, cool new apps get conceived, assembled and deployed at breakneck speed. Related: DHS instigates 60-day cybersecurity sprints. Software developers are king of the hill; they are the deeply-committed disciples pursuing wide open, highly dynamic creative processes set forth in the gospels of DevOps and CI/CD.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Why a Lab Launched a Vulnerability Disclosure Program

Data Breach Today

A recently launched vulnerability disclosure program is a critical component of Toronto-based LifeLabs' efforts to bolster the security of its medical diagnostic laboratory services and online technologies used by healthcare providers across Canada, says the company's CISO, Mike Melo

85% of Data Breaches Involve Human Interaction: Verizon DBIR

Dark Reading

Ransomware, phishing, and Web application attacks all increased during a year in which the majority of attacks involved a human element

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Biden's Cybersecurity Executive Order: 4 Key Takeaways

Data Breach Today

White House Puts Focus on 'Zero Trust,' Software Standards, Information Sharing By issuing a sweeping cybersecurity executive order on Wednesday, the Biden administration is attempting to take a critical step to address security issues that have come to light after recent cyberattacks.

More Trending

Colonial Pipeline Attack: 'We're Simply Unprepared'

Data Breach Today

CISO Bernie Cowens on Mitigating the Vulnerabilities of Critical Infrastructure Facilities As former CISO of Pacific Gas & Electric, Bernie Cowens knows plenty about cybersecuring the nation's critical infrastructure.

Defending the Castle: How World History Can Teach Cybersecurity a Lesson

Dark Reading

Cybersecurity attackers follow the same principles practiced in warfare for millennia. They show up in unexpected places, seeking out portions of an organization's attack surface that are largely unmonitored and undefended

Biden: Russian Government Not Behind Colonial Pipeline Attack

Data Breach Today

But President Says Attackers Reside in Russia President Joe Biden says the Russian government was not behind the ransomware attack that struck Colonial Pipeline Co. May 7, but he said attackers living in Russia were involved

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

New US Executive Order on Cybersecurity

Schneier on Security

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government.

Software, Incident Response Among Big Focus Areas in Biden's Cybersecurity Executive Order

Dark Reading

Overall objectives are good, but EO may be too prescriptive in parts, industry experts say

Critical Infrastructure Protection: Physical and Cyber Security Both Matter

eSecurity Planet

Oil and gas companies have two key areas of concern when addressing cybersecurity, especially in their unmanned remote facilities.

Verizon DBIR 2021: "Winners" No Surprise, But All-round Vigilance Essential

Dark Reading

Verizon's Data Breach Investigations Report (DBIR) covers 2020 -- a year like no other. Phishing, ransomware, and innovation caused big problems

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Decades-Old 'Frag Attack' Flaws Affect Almost Every Wi-Fi Device

WIRED Threat Level

The so-called Frag Attack vulnerabilities could let hackers steal data or compromise connected gadgets. Security Security / Security News

Dragos & IronNet Partner on Critical Infrastructure Security

Dark Reading

The IT and OT security providers will integrate solutions aimed at improving critical infrastructure security

IT 98

Rapid7 says source code, credentials accessed as a result of Codecov supply-chain attack

Security Affairs

Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack.

Firms Struggle to Secure Multicloud Misconfigurations

Dark Reading

Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

GameStop FOMO Inspires a New Wave of Crypto Pump-and-Dumps

WIRED Threat Level

Thousands of would-be investors are joining Discord groups that promise big earnings by manipulating the crypto market. Business Business / Blockchain and Cryptocurrency Security Security / Security News

Adapting to the Security Threat of Climate Change

Dark Reading

Business continuity plans that address natural and manmade disasters can help turn a cataclysmic business event into a minor slowdown

Cisco fixes AnyConnect Client VPN zero-day disclosed in November

Security Affairs

Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client , tracked as CVE-2020-3556 , that was disclosed in November.

Colonial Pipeline Shells Out $5M in Extortion Payout, Report

Threatpost

According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key. Critical Infrastructure Malware Vulnerabilities Web Security

IT 114

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Security at Bay: Critical Infrastructure Under Attack

Security Affairs

The recent Colonial Pipeline attack highlights the dangers that are facing Critical Infrastructure worldwide.

Ransomware Going for $4K on the Cyber-Underground

Threatpost

An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. Malware Most Recent ThreatLists Vulnerabilities Web Security

Biden signed executive order to improve the Nation’s Cybersecurity

Security Affairs

President Joe Biden signed an ambitious executive order to dramatically improve the security of the US government networks.

Apple’s ‘Find My’ Network Exploited via Bluetooth

Threatpost

The ‘Send My’ exploit can use Apple's locator service to collect and send information from nearby devices for later upload to iCloud servers. Cloud Security IoT Mobile Security Vulnerabilities Web Security

IoT 111

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Organizations in aerospace and travel sectors under attack, Microsoft warns

Security Affairs

Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign.

Five Critical Password Security Rules Your Employees Are Ignoring

Threatpost

According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security. Web Security

12 cyber security questions to ask your CISO

IT Governance

Cyber security affects companies of all sizes in all sectors. Moreover, threats are constantly evolving and your legal and regulatory requirements have become major issues – particularly with the introduction of the the GDPR (General Data Protection Regulation) and NIS Directive.