The Last Watchdog

OCTOBER 28, 2021

Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “ 51% attacks ” resulting in the theft of over $30 million worth of cryptocurrency to date. Related: Wildland restores control of data to individuals. However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.

Blockchain 203

Blockchain Mining Security IT 203

Data Breach Today

OCTOBER 28, 2021

Incident Is Among Latest Involving Healthcare Supply Chain Vendors A ransomware attack on a medical practice management services firm that included the theft of files containing patient information is among the latest security incidents involving similar third-party vendors.

Ransomware 300

Ransomware Security 300

Krebs on Security

OCTOBER 28, 2021

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, sh

Phishing 241

Phishing Information Security Security IT 241

Data Breach Today

OCTOBER 28, 2021

Group Uses MATA Framework to Target Defense Orgs, Researchers Say North Korean advanced persistent threat group Lazarus - aka Hidden Cobra - is developing supply chain attack capabilities using its multiplatform malware framework, MATA, for cyberespionage goals, according to researchers from Kaspersky.

IT 281

IT 281

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Schneier on Security

OCTOBER 28, 2021

Microsoft is reporting that the same attacker that was behind the SolarWinds breach — the Russian SVR, which Microsoft is calling Nobelium — is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.

Cloud 125

Cloud Access IT 125

Security Affairs

OCTOBER 28, 2021

German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the REvil ransomware gang. REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds of organizations worldwide. On July 2, the gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers, it asked $70 million worth of Bitcoin for decrypting all impacted systems.

Ransomware 138

Ransomware Authentication Cloud Access 138

Data Breach Today

OCTOBER 28, 2021

Desorden Group Attacks Thailand's Central Group of Companies The Desorden hacker group, previously known for its exploits against computer giant Acer and a Singaporean employment agency, has now targeted Thai luxury hotel chain Centara Hotels & Resorts. The group claims to have stolen 400GB of data from the hotel chain's network.

IT 278

IT 278

Security Affairs

OCTOBER 28, 2021

Microsoft finds a flaw in macOS, dubbed Shrootless ( CVE-2021-30892 ), that can allow attackers to bypass System Integrity Protection (SIP). Microsoft discovered a vulnerability in macOS, dubbed Shrootless ( CVE-2021-30892 ), that can allow attackers to bypass System Integrity Protection (SIP) and perform malicious activities, such as gaining root privileges and installing rootkits on vulnerable devices.

Security 129

Security IT Information Security 129

eSecurity Planet

OCTOBER 28, 2021

Many large enterprises struggle to stay on top of serious cyber threats like ransomware. For a small business, the challenge can seem overwhelming. Between the growing threats and a shortage of cybersecurity talent to defend against them, many businesses have turned to managed security service providers (MSSPs) for help, with services like managed SIEMs , managed firewalls and managed detection and response (MDR).

Security 113

Security Cybersecurity Ransomware Analytics 113

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

OCTOBER 28, 2021

A vulnerability in the popular the OptinMonster plugin allows unauthorized API access and sensitive information disclosure. A high-severity vulnerability (CVE-2021-39341) in The OptinMonster plugin can allow unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. The flaw was discovered by Wordfence researcher Chloe Chamberland on September 28, 2021, and the development team behind the plugin addressed it on October 7, 2021.

Access 125

Access Authentication Security IT 125

Data Matters

OCTOBER 28, 2021

On October 19, 2021, Sidley partner Alan Raul engaged in a fireside chat with Julie Brill, Corporate Vice President, Chief Privacy Officer, and Deputy General Counsel of Microsoft at the Reuters Events’ Legal Leaders 2021 Conference. The discussion covered topics such as how organizations can be equipped to comply with data regulations, preparing for a new wave of privacy and data protection regulations, and perspectives on global data protection regulation abroad and in the U.S.

Privacy 87

Privacy 87

Security Affairs

OCTOBER 28, 2021

AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu , with rooting capabilities that is distributed on Google Play and prominent third-party stores (i.e. Amazon Appstore and the Samsung Galaxy Store).

Access 110

Access Phishing Authentication IT 110

The Security Ledger

OCTOBER 28, 2021

In this Spotlight edition of the podcast, we’re joined by Curtis Simpson, the Chief Information Security Officer at Armis. Curtis and I discuss the growing cyber risks posed by Internet of Things devices within enterprise networks. IoT and OT (operation technology) deployments are growing and pose challenges to organizations that are still. Read the whole entry. » Click the icon below to listen.

IoT 98

IoT Risk IT Information Security 98

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

Sales

Threatpost

OCTOBER 28, 2021

German investigators have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang.

Ransomware 104

Ransomware Security 104

eSecurity Planet

OCTOBER 28, 2021

Buyers looking for an endpoint security solution often compare CrowdStrike and Symantec, and while both vendors made our top endpoint detection and response (EDR) product list , they’re very different security products that will likely appeal to buyers with different goals in mind. Here’s a look at both EDR products, how they compare, and their ideal use cases.

Marketing 97

Marketing Security Cybersecurity IT 97

Security Affairs

OCTOBER 28, 2021

ESET researchers discovered a previously undescribed loader for Windows binaries, tracked as Wslink, that runs as a server and executes modules in memory. ESET researchers discovered Wslink , a previously undescribed loader for Windows binaries that, unlike similar loaders, runs as a server and executes modules in memory. The name Wslink comes from one of its DLLs.

Encryption 109

Encryption Libraries Communications Security 109

Threatpost

OCTOBER 28, 2021

Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It's time for everyone to strengthen the kill chain.

Security 101

Security IT IoT 101

Advertisement

There’s no getting around it: selecting the right foundational data-layer components is crucial for long-term application success. That’s why we developed this white paper to give you insights into four key open-source technologies – Apache Cassandra®, Apache Kafka®, Apache Spark™, and OpenSearch® – and how to leverage them for lasting success. Discover everything you’ll want to know about scalable, data-layer technologies: Learn when to choose these technologies and when to avoid them Explore h

Paper

Dark Reading

OCTOBER 28, 2021

Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack.

Ransomware 115

Ransomware IT 115

Threatpost

OCTOBER 28, 2021

Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site. .

Ransomware 93

Ransomware IT Security 93

Security Affairs

OCTOBER 28, 2021

Threat actors have stolen $130 million worth of cryptocurrency assets from the Cream Finance decentralized finance (DeFi) platform. C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises earnings to users who are passively holding ETH or wBTC. Threat actors have stolen $130 million worth of cryptocurrency assets from the decentralized finance (DeFi) platform.

Blockchain 99

Blockchain Financial Services Marketing Access 99

Dark Reading

OCTOBER 28, 2021

This tactic - used to distribute REvil ransomware and the SolarMarker backdoor - is part of a broader increase in such attacks in recent months, researchers say.

Ransomware 97

Ransomware 97

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

IT

Rocket Software

OCTOBER 28, 2021

The White House has proclaimed October Cybersecurity Awareness Month, promoting efforts by the Cybersecurity and Infrastructure Security Agency (CISA) to encourage the public to be “Cyber Smart” and stay safe online. As stories of malicious cyber actors, such as ransomware attacks, continue to make headlines and disrupt businesses across industries, the importance of cybersecurity cannot be overstated. .

Authentication 84

Authentication Cybersecurity Passwords Access 84

Dark Reading

OCTOBER 28, 2021

Organizations can better prepare themselves and their customers for these attacks with some strategies to identify threats before they become a widespread issue.

Ransomware 89

Ransomware Security 89

IG Guru

OCTOBER 28, 2021

The AIEF issues Peer Review Journal Volume 1 covering: Potential Risks that US Businesses Face with Collection and Retention of Employee Medical Data throughout the COVID-19 Pandemic “Never Waste a Crisis”: A Holistic Approach to Privacy, Transparency and Secrecy for Records Resilience The Importance of AI and Semantic Approaches to Information Retrieval for COVID-19 Literature […].

Education 83

Education Privacy Risk Records Management 83

Dark Reading

OCTOBER 28, 2021

As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy.

Cybersecurity 113

Cybersecurity IT 113

Advertisement

Entity Resolution Sometimes referred to as data matching or fuzzy matching, entity resolution, is critical for data quality, analytics, graph visualization and AI. Learn what entity resolution is, why it matters, how it works and its benefits. Advanced entity resolution using AI is crucial because it efficiently and easily solves many of today’s data quality and analytics problems.

IT

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Trick or Treat: The Choice is Yours with Multifactor Authentication. divya. Fri, 10/29/2021 - 05:29. Whether you want the ‘trick’ of a malevolent threat actor infiltrating your network by exploiting a compromised password or the ‘treat’ from the peace of mind associated with multifactor authentication, the choice is yours. Multifactor authentication requires users to take an extra step to verify who they are by providing two or more distinct categories of evidence.

Authentication 71

Authentication Passwords Cloud Data breaches 71

Dark Reading

OCTOBER 28, 2021

It's hard enough to fill a cybersecurity position given the talent shortage. But you may be making it harder with a poor job description that turns off would-be candidates.

Cybersecurity 108

Cybersecurity IT 108

OpenText Information Management

OCTOBER 28, 2021

In 2020, five years worth of digital adoption for citizens and businesses happened in about eight weeks. Government agencies worldwide were able to pivot to 100% digital services in a matter of days, a level of public-sector agility and innovation never seen before. As we emerge from the pandemic, how do governments build upon this … The post The ‘low code revolution’ is improving service delivery in Public Sector appeared first on OpenText Blogs.

Government 69

Government Cloud 69