Thu.Jun 25, 2020

US Now Accuses Assange of Conspiring With Hacking Groups

Data Breach Today

Superseding Indictment Expands Scope of Case, But Doesn't Add Charges The U.S Department of Justice unsealed a superseding indictment against WikiLeaks founder Julian Assange that expands the scope of the government's case against him. Federal prosecutors now allege that Assange conspired with the Anonymous and LulzSec groups to obtain classified information to publish

New Charges, Sentencing in Satori IoT Botnet Conspiracy

Krebs on Security

The U.S. Justice Department today criminally charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced today to drug treatment and 18 months community confinement for his admitted role in the botnet conspiracy.

IoT 149
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Breach Notification Delay: A Step-by-Step Timeline

Data Breach Today

Senior Care Facility Operator Describes Investigation Why are some breach notifications delayed for months? This week, a company that operates senior care facilities in North Carolina and South Carolina issued a statement offering a step-by-step explanation

166
166

Akamai mitigated the largest ever PPS DDoS attack

Security Affairs

Akamai announced to have mitigated a record distributed denial-of-service (DDoS) attack that hit a European bank. Akamai revealed that a bank in Europe was hit by a massive distributed denial-of-service (DDoS) attack that peaked a record 809 million packets per second (PPS). “On June 21, 2020, Akamai mitigated the largest packet per second (PPS) distributed denial-of-service (DDoS) attack ever recorded on the Akamai platform.

Cloud 82

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Hacker Group Stole $200 Million From Cryptocurrency Exchanges

Data Breach Today

Researchers: 'CryptoCore' Group Used Spear-Phishing Emails to Lure Victims A hacking group dubbed CryptoCore has stolen more than $200 million in virtual currency from several cryptocurrency exchanges over the past two years, the security firm ClearSky Cyber Security reports

More Trending

European Bank Targeted in Massive Packet-Based DDoS Attack

Data Breach Today

Akamai Describes Unusual Approach Taken in This Incident A massive DDoS attack generating 809 million packets per second was recently directed against a large European bank, according to the security firm Akamai, which describes in a new report the unusual approach the attackers took

The Difference Between Technical Architecture and Enterprise Architecture

erwin

The most straightforward way to convey the difference between technical architecture and enterprise architecture (EA) is by looking at the scope and focus of each. As the name suggests, technical architects are more concerned with the technicalities and the specifics of a particular technology than with technology’s place in the enterprise. That’s not to say that they operate without the enterprise’s overall strategy in mind.

Another Record-Breaking DDoS Attack Signals Shift in Criminal Methods

Dark Reading

Malicious botnet sources explode in new attacks that push boundaries in terms of volume and duration

77

Reopened pubs and cafes to collect customers’ personal details

IT Governance

England’s coronavirus lockdown will all but end on 4 July, with the government allowing pubs, restaurants, cinemas, museums and hotels to reopen. The decision comes after steady progress in mitigating the spread of COVID-19 and the partial reopening of other sectors over the previous six weeks. But it doesn’t exactly signal a return to business as usual, as heavy restrictions will still be in place.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Vulnerabilities Declining in Open Source, But Slow Patching Still a Problem

Dark Reading

Even as more code is produced, indirect dependencies continue to undermine security

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

Maze ransomware operators claims to have breached the South Korean multinational electronics company LG Electronics. Researchers at Cyble discovered a data leak of LG Electronics published by Maze ransomware operators. “As part of our regular darkweb monitoring, our researchers came across the data leak of LG Electronics been published by the Maze ransomware operators. Just after the WorldNet Telecommunications, the LG electronics fall as a victim of the Maze ransomware operators.”

'GoldenSpy' Malware Hidden in Tax Software Spies on Companies Doing Business in China

Dark Reading

Advanced persistent threat (APT) campaign aims to steal intelligence secrets from foreign companies operating in China

72

Analyzing IoT Security Best Practices

Schneier on Security

New research: " Best Practices for IoT Security: What Does That Even Mean? " by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices.

IoT 70

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

A new botnet, tracked as Lucifer, appeared in the threat landscape, it leverages close to a dozen exploits to hack Windows systems. A new botnet tracked as Lucifer appeared in the threat landscape, it leverages a dozen exploits for high and critical severity flaws affecting Windows systems. Upon infecting a system the bot turns it into a cryptomining client and could use it to launch distributed denial-of-service (DDoS) attacks.

Lucifer Malware Aims to Become Broad Platform for Attacks

Dark Reading

The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems

68

WikiLeaks founder Julian Assange faces superseding indictment for conspiring with LulzSec hackers

Security Affairs

WikiLeaks founder Julian Assange attempted to recruit hackers at conferences in Europe and Asia who could have stolen info for his anti-secrecy site, states DoJ. US Department of Justice claims Julian Assange tried to recruit hackers at conferences in Europe and Asia to steal classified information on his behalf and that could have been published on his anti-secrecy website. According to the authorities, one of the hackers was an FBI informant.

7 Tips for Effective Deception

Dark Reading

The right decoys can frustrate attackers and help detect threats more quickly

68

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

BARC names IBM a market leader in integrated planning & analytics

IBM Big Data Hub

The Business Application Research Center ( BARC ) is an independent company and guarantees neutrality towards all software vendors

Criminals Turn to IM Platforms to Avoid Law Enforcement Scrutiny

Dark Reading

Researchers from IntSights observed a sharp increase in the use of popular instant messaging apps over the past year among threat groups

64

Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs

Threatpost

Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more. Vulnerabilities gamers GPU display driver high severity flaw Nvidia nvidia fix nvidia flaw patch Security Security Vulnerabilities vGPU Windows

Contact Tracing & Threat Intel: Broken Tools & Processes

Dark Reading

How epidemiology can solve the people problem in security

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Office 365 Users Targeted By ‘Coronavirus Employee Training’ Phish

Threatpost

Threat actors shift focus from COVID-19 to employee coronavirus training and current events like Black Lives Matter as cyber-attacks continue to rise. Malware Web Security black lives matter coronavirus COVID-19 cyber-attacks email employees lockdown malware Phishing Spam threat actors training TrickBot

Better Collaboration Between Security & Development

Dark Reading

Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline

IT 57

UK: New COVID-19 rules for the hospitality industry on collecting visitor contact information : Data protection considerations

DLA Piper Privacy Matters

Andrew Dyson, Alexa Smith. The hospitality industry has been hard hit by COVID-19. Measures introduced this week by the UK government to ease restrictions for the sector come with a condition – if you open a pub, restaurant or other hospitality venue for business you must keep a record of patrons who visit and be ready to help with the national test and trace effort.

GDPR 50

How Thousands of Misplaced Emails Took Over This Engineer's Inbox

WIRED Threat Level

Kenton Varda gets dozens of messages a day from Spanish-speakers around the world, all thanks to a Gmail address he registered 16 years ago. Security Security / Security News

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

French Council of State Upholds €50m CNIL Fine against Google

Data Matters

On June 19, 2020, the French Conseil d’État (“ Council of State ”) issued a decision upholding the €50 Million fine imposed against Google LLC by the French Supervisory Authority (the “ CNIL ”). On January 21, 2019, the French CNIL had issued a fine against Google’s U.S. headquarters for failure to comply with the EU General Data Protection Regulation’s (“ GDPR ”) fundamental principles of transparency and legitimacy.

IT 69

What’s new in OpenText Media Management Cloud Edition (CE) 20.2

OpenText Information Management

All organizations are faced with increasing demands for images and video for marketing and operational purposes. Managing higher volumes, larger file sizes, more diverse formats, new content providers and proliferating distribution channels requires robust and efficient processes. The need for a highly capable and versatile Digital Asset Management platform has never been greater. But in … The post What’s new in OpenText Media Management Cloud Edition (CE) 20.2

Interview: Streamlining the student experience with Jamf and AppConfig

Jamf

This interview with Matt Green, is an Apple System Administrator at Lubbock-Cooper ISD, outlines his use of a powerful yet rarely-discussed feature of MDM: Managed App Configuration. We sat down with Matt to discuss the apps that are helping in this time of distance learning, and the power that AppConfig brings to admins

MDM 67