Tue.Jan 19, 2021

Privacy Fines: Total GDPR Sanctions Reach $331 Million

Data Breach Today

But Across Europe, Total Fines and Breach Reports Continue to Vary Widely by Country Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper.

GDPR 231

New Charges Derail COVID Release for Hacker Who Aided ISIS

Krebs on Security

A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

'Raindrop' Is Latest Malware Tied to SolarWinds Hack

Data Breach Today

Researchers: Backdoor Is Fourth Malware Variant Used During Attacks Symantec Threat Intelligence says it's uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed "Raindrop" that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.

IT 216

Raindrop, a fourth malware employed in SolarWinds attacks

Security Affairs

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

OpenWRT Project Community Investigating Data Breach

Data Breach Today

More Trending

Police Arrest Suspect in Pelosi Laptop Theft

Data Breach Today

Tipster Alleges Woman Planned to Pass Laptop to Russian Friend Police have arrested Riley June Williams of Pennsylvania, who a tipster alleges stole a laptop or hard drive belonging to House Speaker Nancy Pelosi.

166
166

Vulnerabilities in Popular DNS Software Allow Poisoning

Dark Reading

Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack

99

Microsoft Taking Additional Steps to Address Zerologon Flaw

Data Breach Today

Company Will Enforce Domain Controller Settings to Block Connections Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server.

IT 166

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

British Airways GDPR Lawsuit: The Potential Impact

Data Breach Today

A Substantial Settlement Could Build Data Security Momentum British Airways could face a substantial compensation payout as a result of an ongoing group lawsuit over its 2018 data breach, the first of its kind under GDPR.

GDPR 160

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts.

FBI Warns of Increase in Vishing Attacks

Data Breach Today

Hackers Attempt to Collect VPN Credentials The FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote and at-home workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks

Injecting a Backdoor into SolarWinds Orion

Schneier on Security

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points. SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product.

IT 94

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw

Dark Reading

Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update

Malwarebytes ‘s email systems hacked by SolarWinds attackers

Security Affairs

Cyber security firm Malwarebytes announced that threat actor behind the SolarWinds attack also breached its network last year. Malwarebytes revealed today that SolarWinds hackers also breached its systems and gained access to its email.

4 Intriguing Email Attacks Detected by AI in 2020

Dark Reading

Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor. Sponsored

The SolarWinds Hackers Used Tactics Other Groups Will Copy

WIRED Threat Level

The supply chain threat was just the beginning. Security Security / Cyberattacks and Hacks

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

The Most Pressing Concerns Facing CISOs Today

Dark Reading

Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Threatpost

Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution. Vulnerabilities

111
111

A Security Practitioner's Guide to Encrypted DNS

Dark Reading

Best practices for a shifting visibility landscape

Linux Devices Under Attack by New FreakOut Malware

Threatpost

The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks. Malware

105
105

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics

Dark Reading

Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack

76

Rob Joyce to Take Over as NSA Cybersecurity Director

Threatpost

Joyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration. Government Hacks Malware

DLA Piper GDPR fines and data breach survey: January 2021

DLA Piper Privacy Matters

This year has been extraordinary in many different ways. The third annual DLA Piper GDPR fines and data breach survey which we launched today reflects how the current circumstances have affected the privacy landscape across the 31 European countries surveyed.

Attackers Steal E-Mails, Info from OpenWrt Forum

Threatpost

Users of the Linux-based open-source firmware—which include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn. Hacks

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

The AIIM Conference 2021 - Now Boarding Info Pros

AIIM

We're so excited to announce that registration for The AIIM Conference 2021 for records and information professionals is now live! This year, join us as we "Go Big, and Stay Home!" That's right, this year's event will be virtual and delivered to a screen near you.

SolarWinds Malware Arsenal Widens with Raindrop

Threatpost

The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks. Malware

81

New Terminal Emulator Brings Innovation to Users of Mission-Critical Systems

Rocket Software

The past year has dramatically shifted how businesses operate, moving many to full-time remote or hybrid work environments. Unfortunately, the speed at which this change took place meant that many businesses were unprepared, relying on systems that weren’t optimized for a new work environment. .