Tue.Jul 27, 2021

Kaseya Says It Paid No Ransom to Obtain Universal Decryptor

Data Breach Today

Vendor of Remote Management Software - Used to Hit Victims - Helps Them Recover Remote management software company Kaseya says it obtained the ability to decrypt all victims of a massive REvil - aka Sodinokibi - attack via its software, without paying a ransom to attackers.

IT 255

SHARED INTEL: Ramifications of 86 cities storing citizens’ data in misconfigured AWS S3 buckets

The Last Watchdog

The ethical hackers at WizCase recently disclosed another stunning example of sensitive consumer data left out in the open in the public cloud — for one and all to access. Related: How stolen data gets leveraged in full-stack attacks. This latest high-profile example of security sloppiness was uncovered by a team of white hat hackers led by Ata Hakçil.

Access 133
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Researchers Describe Windows 11 Preview Scam

Data Breach Today

Malware Distributed Using Fake Windows Installer Although Microsoft is slated to release the Windows 11 operating system in December, it's already available for a pre-release preview.

IT 247

LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk

eSecurity Planet

The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new areas of cyber attacks, targeting both Linux and Microsoft systems and expanding its geographical reach, according to security researchers with Microsoft.

Mining 112

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Pegasus Spyware: World Leaders Demand Israeli Probe

Data Breach Today

More Trending

New Hacking Group Exploits Vulnerabilities in Web Apps

Data Breach Today

Sygnia: 'Praying Mantis' Targets Checkbox Survey Flaws and Others A newly discovered threat group dubbed Praying Mantis is targeting businesses in the U.S by exploiting vulnerabilities in internet-facing web applications to steal credentials and other data, the security firm Sygnia says

Hiding Malware in ML Models

Schneier on Security

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models” Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns.

Paper 109

Congress Urged to Update Federal Laws to Combat Ransomware

Data Breach Today

Senate Judiciary Committee Hears Testimony from DOJ, FBI, CISA Congress needs to update and expand federal laws to combat the surge in ransomware attacks, federal cybersecurity experts told a Senate committee at a Tuesday hearing

A Controversial Tool Calls Out Vulnerabilities Across the Web

WIRED Threat Level

PunkSpider is back, and crawling hundreds of millions of sites for vulnerabilities. Security Security / Security News

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Experts Testify on Pipeline Cybersecurity Measures

Data Breach Today

Senate Briefed Following Colonial Pipeline Attack At a Senate hearing on pipeline cybersecurity, leaders from several federal agencies briefed lawmakers on the roles regulators can play in the aftermath of the Colonial Pipeline attack.

Flaws in Zimbra could allow to takeover webmail server of a targeted organization

Security Affairs

Researchers discovered flaws in Zimbra email collaboration software that could allow attackers to compromise email accounts by sending a malicious email.

M&A Update: Deloitte and Sophos Make Acquisitions

Data Breach Today

Both Firms Buy Two Cybersecurity Companies Brisk M&A activity in the cybersecurity sector continues. Among the latest moves: Deloitte and Sophos each have announced two acquisitions

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Security Affairs

Experts found three new zero-day flaws in the Kaseya Unitrends service and warn users to avoid exposing the service to the Internet. Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service.

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Zimbra Server Bugs Could Lead to Email Plundering

Threatpost

Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. Cloud Security Vulnerabilities Web Security

Cloud 110

Overcoming Information Overload in Human Resources

AIIM

A Look at Information Overload. It’s no secret that organizations today are swamped by information. According to AIIM, organizations expect the amount of information they must manage to increase by 4.5x in the next 18 months.

Paper 72

Apple Patches Actively Exploited Zero-Day in iOS, MacOS

Threatpost

Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system. Vulnerabilities

109
109

Minimize clinical trial delays to bring life-saving therapies to market faster

OpenText Information Management

Life Sciences companies want to get new, affordable and cutting-edge products to market as quickly as possible. The faster products and therapies are introduced, the faster individuals can benefit — and lives can be saved.

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

Threatpost

The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP. Vulnerabilities Web Security

Another One Bites the Dust: Court once again finds data breach forensic report isn’t protected by privilege

Data Protection Report

On July 22, 2021, a federal court in Pennsylvania held that an investigative report created by Kroll (the “Kroll Report”), the defendant’s third party cybersecurity consultant, and related communications were not protected by privilege.

No More Ransom Saves Victims Nearly €1 Over 5 Years

Threatpost

No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich. Web Security

Research firm Omdia releases insightful analysis of the content services sector

OpenText Information Management

The analysts at Omdia (formerly Ovum) have released their latest research and analysis of the content services industry: Omdia Universe: Selecting a Content Services Platform Solution, 2021.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Enhanced Focus on Digital Asset Intermediaries by SEC, Congress, and State Securities Regulators

Data Matters

Given the substantial growth in digital asset investments this year, intermediaries offering trading and lending services are now the target of regulatory and enforcement focus that we expect will continue in the coming months and years.

How law firms can fast-track business development and win more business

OpenText Information Management

To win new client pitches and be invited to the next stage in request for proposal (RFP) bids, legal teams thrive on finding, analyzing, and organizing specific, strategic knowledge from their experts, case experience and business IP.

Compliance With Data Privacy Laws: Are You Prepared for Data Requests That Implicate Slack?

Hanzo Learning Center

In the last few years, data privacy laws and regulations have been big news. Much of the coverage—including one of our recent blog posts —concerned website compliance.

GDPR 52

Governments get cloud confident — and strategic

OpenText Information Management

Adoption hasn’t happened overnight, but the cloud is earning its keep among government agencies, slowly but surely.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Getting the Most Out of Your State Records Retention Schedule, Part III: RSINs

The Texas Record

Records Series Item Numbers (RSINs) are the unique string of characters that TSLAC uses to identify each series on the State Records Retention Schedule (RRS) and its supplement, the University Records Retention Schedule (URRS).

Location, Location, Location. Why Asset Tracking is Hot Property

OpenText Information Management

It’s good to start your blog with an eye-catching statistic: The North American auto industry loses over $750 million in lost pallets alone. That’s just the pallets. What about the things that were on the pallets?

IT 56

Spotting Hackers at the Pace of XDR – From Alerts to Incidents

The Security Ledger

Extended Detection and Response (XDR) technology is gaining traction within enterprises. But how can organizations handle the increased volume of alerts XDR systems produce?