Tue.Jan 12, 2021

Getting the Most Out of an AI Deployment

Data Breach Today

SWIFT's Guy Sheppard on the Challenges of Using AI to Enhance Security Many companies claim to be successfully using artificial intelligence for security, but the use cases are still not convincing because the technology is incapable of detecting unknown malware, says Guy Sheppard of SWIFT

SolarWinds: What Hit Us Could Hit Others

Krebs on Security

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Vulnerable Database Exposed UN Employees' Data

Data Breach Today

Microsoft Patch Tuesday, January 2021 Edition

Krebs on Security

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

SolarWinds Describes Attackers' 'Malicious Code Injection'

Data Breach Today

Software Vendor's Infrastructure Penetrated by September 2019 Investigators probing the supply-chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network-monitoring security software builds.

More Trending

Parler Content Forcibly Archived by Researchers After Riot

Data Breach Today

Terabytes of Videos, Images and Posts From Conservative Social Media Site Saved Terabytes' worth of posts, images and videos from conservative social media site Parler have been forcibly obtained by security researchers, who have archived the material for investigators in the wake of the violent riot at the U.S. Capitol.

More SolarWinds Attack Details Emerge

Dark Reading

A third piece of malware is uncovered, but there's still plenty of unknowns about the epic attacks purportedly out of Russia

109
109

Massive DarkMarket Underground Marketplace Taken Down

Data Breach Today

International Law Enforcement Effort Leads to Arrest of Alleged Operator A global law enforcement operation has taken down DarkMarket, which Europol describes as the world's largest underground marketplace of illegal goods on the dark web.

Sunspot, the third malware involved in the SolarWinds supply chain attack

Security Affairs

Cybersecurity firm CrowdStrike announced to have discovered a third malware strain, named Sunspot , directly involved in the SolarWinds supply chain attack.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Updated macOS Cryptominer Uses Fresh Evasion Techniques

Data Breach Today

Researchers: OSAMiner Uses Run-Only AppleScripts for Obfuscation Sentinel Labs researchers have identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero. The latest iteration uses new techniques to help prevent detection by security tools

Mining 171

Bitdefender releases free decrypter for Darkside ransomware

Security Affairs

Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. Good news for the victims of the Darkside ransomware , they could recover their files for free using a tool that was released by the security firm Bitdefender.

New Year Kicks Off With Vendor Consolidation

Data Breach Today

5 Data Security Firms Announce Acquisitions The new year has kicked off with a flurry of data security company acquisition activity; five deals have already been announced.

Sophisticated hacking campaign uses Windows and Android zero-days

Security Affairs

Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. The Google Project Zero team has recently launched an initiative aimed at devising new techniques to detect 0-day exploits employed in attacks in the wild.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas

Dark Reading

It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks

Risk 91

Police Took Down DarkMarket, the World’s Largest Darknet Marketplace

Security Affairs

The world’s largest black marketplace on the dark web, DarkMarket, has been taken offline by law enforcement in an international operation. .

United Nations Security Flaw Exposed 100K Staff Records

Dark Reading

Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records

EMA: Some of Pfizer/BioNTech COVID-19 vaccine data was leaked online

Security Affairs

The European Medicines Agency (EMA) revealed that some of the Pfizer/BioNTech COVID-19 vaccine data were stolen from its servers. In December, a cyber attack hit the European Medicines Agency (EMA).

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021

Dark Reading

Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw

84

Ethical Hackers Breach U.N., Access 100,000 Private Records

Threatpost

Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program. Breach Government Hacks

Access 106

How to Boost Executive Buy-In for Security Investments

Dark Reading

Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite

Risk 81

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

Threatpost

The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks. Vulnerabilities

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Security Operations Struggle to Defend Value, Keep Workers

Dark Reading

Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment

Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

Threatpost

A sophisticated threat actor has hijacked email security connections to spy on targets. Hacks Web Security

Cloning Google Titan 2FA keys

Schneier on Security

This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip , which acts as a secure element that stores the cryptographic secrets.

Data Breach at ‘Resident Evil’ Gaming Company Widens

Threatpost

Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers. Breach Hacks Malware Web Security

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Bringing Zero Trust to Secure Remote Access

Dark Reading

Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology

15 leadership certificate programs to boost your career via CIO.com

IG Guru

Check out the article here. Registration required. The post 15 leadership certificate programs to boost your career via CIO.com appeared first on IG GURU. Education Certificates Leadership

A brief guide to cyber security risk assessments

IT Governance

Cyber security risk assessments are essential for organisations to protect themselves from malicious attacks and data breaches. After all, it’s only once you’re aware of the ways you’re vulnerable that you can put appropriate defences in place. But what exactly does a risk assessment do?

Risk 66