Wed.Apr 07, 2021

Why Didn't Government Detect SolarWinds Attack?

Data Breach Today

Senators Want to Know Why DHS' Einstein System Did Not Discover the Incident Two senators are pressing the Department of Homeland Security to explain why its Einstein system failed to detect the SolarWinds supply chain breach that affected agencies as well as corporations

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

The Last Watchdog

Passwordless authentication as a default parameter can’t arrive too soon. Related: Top execs call for facial recognition to be regulated. The good news is that passwordless technologies are not only ready for prime time, they appear to be gaining traction in ways that suggest we’re on the cusp of a period of wide-scale adoption. That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Attackers Target Unpatched SAP Applications

Data Breach Today

Exploits Could Lead to System Hijacking, Data Theft, Ransomware Attacks Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report.

Signal Adds Cryptocurrency Support

Schneier on Security

According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.”

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

OnDemand Webinar | Measuring Risk in Self-Service: Data Analysis on Real IVR Traffic

Data Breach Today

Risk 217

More Trending

In Wake of Breaches, Accellion Faces at Least 14 Lawsuits

Data Breach Today

Will the Lawsuits Seeking Class-Action Status Be Consolidated? At least 14 lawsuits seeking class-action status have been filed against Accellion in the wake of breaches of the vendor's 20-year-old File Transfer Appliance. A motion to consolidate the cases has also been filed

213
213

Did 4 Major Ransomware Groups Truly Form a Cartel?

Dark Reading

An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer

An Alternative Approach to Cryptocurrency Security

Data Breach Today

Gideon Samid of BitMint Explains 'Quantum Randomness' Today's cryptocurrencies are based on cryptographic standards that eventually could be broken via quantum computing, says Gideon Samid of BitMint, which has developed a virtual currency based instead on the concept of "quantum randomness

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Ziggy Ransomware Gang Offers Victims Ransom Refunds

Data Breach Today

Experts Question Whether the Offer Is Legitimate or a Publicity Stunt The now-defunct Ziggy ransomware gang is reportedly offering to return the ransoms it collected, but some security experts questions whether the offer is legitimate or a publicity stunt

Hackers Are Exploiting Discord Links to Serve Up Malware

WIRED Threat Level

Beware of links from platforms that got big during quarantine. Security Security / Security News

SecOps and DevOps: From Cooperation to Automation

Dark Reading

Omdia Principal Analyst Eric Parizo discusses the major obstacles SecOps organizations face as they seek to build ties with DevOps teams, and offers a programmatic approach to help create a path toward DevSecOps

79

Crossing the Line: When Cyberattacks Become Acts of War

Threatpost

Saryu Nayyar, CEO at Gurucul, discusses the new Cold War and the potential for a cyberattack to prompt military action. Government Hacks InfoSec Insider Malware Web Security

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

5 Ways to Transform Your Phishing Defenses Right Now

Dark Reading

By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk

Twitch Will Act on ‘Serious’ Offenses That Happen Off-Stream

WIRED Threat Level

The new policy holds streamers to account for what happens on other services and in real life. Security Security / Security News

Cring Ransomware Used in Attacks on European Industrial Firms

Dark Reading

Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report

Crooks use Telegram bots and Google Forms to automate phishing

Security Affairs

Crooks increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Rethinking Cyberattack Response: Prevention & Preparedness

Dark Reading

The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price

67

Attackers Blowing Up Discord, Slack with Malware  

Threatpost

One Discord network search turned up 20,000 virus results, researchers found. . Cloud Security Malware Web Security

Cloud 96

Pwn2Own 2021 Day 1 – participants earned more than $500k

Security Affairs

The Pwn2Own 2021 hacking competition has begun and white hat hackers participants earned more than $500000 on the first day. The Pwn2Own 2021 has begun, this year the formula for the popular hacking competition sees the distribution of the participants amongst various locations.

Fortune 500 Security Shows Progress and Pitfalls

Dark Reading

Fortune 500 companies have improved on email security and vulnerability disclosure programs but struggle in asset management and high-risk services

Risk 64

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Man arrested after hired a hitman on the dark web

Security Affairs

A joint operation of Europol and the Italian Postal and Communication Police resulted in the arrest of an Italian national who hired a hitman on the dark web.

Fake Netflix App on Google Play Spreads Malware Via WhatsApp

Threatpost

The wormable malware spread from Android to Android by sending messages offering free Netflix Premium for 60 days. Malware Mobile Security

Voice-Changing Software Found on APT Attackers' Server

Dark Reading

Security researchers believe the presence of Morph Vox Pro could indicate APT-C-23 has new plans for their phishing campaigns

Facebook: Stolen Data Scraped from Platform in 2019

Threatpost

The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators. Privacy Vulnerabilities

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Everything You Need to Know About the Facebook Data Breach via How-to Geek

IG Guru

Check out the article here. The post Everything You Need to Know About the Facebook Data Breach via How-to Geek appeared first on IG GURU. Breach Business Dark Web IG News information privacy information security Risk News Social Media DarkWeb Data Breach Facebook Privacy pwned

Attackers Actively Seeking, Exploiting Vulnerable SAP Applications

Dark Reading

Analysis of threat activity in mission-critical environments prompts CISA advisory urging SAP customers to apply necessary security patches and updates

Digital Health Passports in Europe: Facilitating a Return to the “New Normal” or an Intrusion of Privacy?

Data Matters