Fri.Apr 16, 2021

US Pulls Back Curtain on Russian Cyber Operations

Data Breach Today

Foreign Intelligence Service's Techniques, Partners Revealed While the Biden administration is betting that the latest round of sanctions aimed at Russia and its economy will help deter the country's cyber operations, several U.S.

IT 257

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Krebs on Security

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal , a service that scans submitted files against more than five dozen antivirus and security products.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Unscripted: 3 Security Leaders Dissect Today's Top Trends

Data Breach Today

Critical RCE can allow attackers to compromise Juniper Networks devices

Security Affairs

Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Houston Rockets Investigate Ransomware Attack

Data Breach Today

Babuk Ransomware Gang Reportedly Posted Exfiltrated Team Data The NBA's Houston Rockets reported on Wednesday that the organization was recently hit with a ransomware attack for which the Babuk cyber gang has taken responsibility.

More Trending

ISMG Editors’ Panel: The Facebook Breach and More

Data Breach Today

Discussion Also Tackles Fraud Trends, Weak Passwords Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve

6 out of 11 EU agencies running Solarwinds Orion software were hacked

Security Affairs

SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed.

Attack on Codecov Affects Customers

Data Breach Today

Company Warns Clients' Information May Have Been Exfiltrated Codecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers' information.

Access 187

NSA Discloses Vulnerabilities in Microsoft Exchange

Schneier on Security

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday , there are four in Microsoft Exchange that were disclosed by the NSA. Uncategorized disclosure Microsoft NSA patching vulnerabilities

98

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

A Holistic Approach to Cybersecurity and Compliance

Data Breach Today

In a joint interview, Mike Ferris and Mike Brooks of Abacode, a managed cybersecurity and compliance provider, discuss how the MCCP model helps businesses implement a holistic, framework-based cybersecurity program that provides continuous security and compliance

Russia-linked APT SVR actively targets these 5 flaws

Security Affairs

The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The U.S.

Ireland’s Privacy Watchdog Launches GDPR Probe of Facebook

Data Breach Today

Data Protection Commission Sees Likely Violations in Wake of Latest Mega-Breach Ireland's privacy regulator has launched an investigation into Facebook after personal information for 533 million of the social network's users appeared for sale online.

GDPR 183

How the Biden Administration Can Make Digital Identity a Reality

Dark Reading

A digital identity framework is the answer to the US government's cybersecurity dilemma

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Live Webinar | Software Security: Prescriptive vs. Descriptive

Data Breach Today

Effective software security means enabling the development team with the tools and training it needs to fix what they find. Join this session to find out best practices in remediating software vulnerabilities in smart ways

Mirai code re-use in Gafgyt

Security Affairs

Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “ Gafgyt ,”some of them re-used Mirai code. .

IoT 92

Does FBI Exchange Remediation Action Set a Precedent?

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent.

Updating your data protection documentation following Brexit

IT Governance

The UK data protection landscape is a lot more complex following Brexit. Many organisations are now subject to both the EU GDPR (General Data Protection Regulation) and the UK GDPR (General Data Protection).

GDPR 89

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Pandemic Drives Greater Need for Endpoint Security

Dark Reading

Endpoint security has changed. Can your security plan keep up

Cybersecurity Experts to Follow on Twitter

Schneier on Security

Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” ” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. (If

Security Gaps in IoT Access Control Threaten Devices and Users

Dark Reading

Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users

Cloud 78

BazarLoader Malware Abuses Slack, BaseCamp Clouds

Threatpost

Two cyberattack campaigns are making the rounds using unique social-engineering techniques. Malware Web Security

Cloud 109

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Data Governance Maturity and Tracking Progress

erwin

Data governance is best defined as the strategic, ongoing and collaborative processes involved in managing data’s access, availability, usability, quality and security in line with established internal policies and relevant data regulations.

NSA: 5 Security Bugs Under Active Nation-State Cyberattack

Threatpost

Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more. Government Malware Vulnerabilities

National Archive facing huge backlog via The Daily Standard

IG Guru

Davidson, who represents Ohio's 8th District, and U.S. Deborah Ross, D-North Carolina, and Mike Bost, R-Illinois, this week wrote a letter to President Joe Biden and Archivist of the United States David Ferriero.

iOS Kids Game Morphs into Underground Crypto Casino

Threatpost

A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality. Mobile Security

IT 104

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Episode 211: Scrapin’ ain’t Hackin’. Or is it?

The Security Ledger

Is scraping the same as hacking or just an example of “zealous” use of a social media platform? And if it isn’t considered hacking…should it be? As more and more online platforms open their doors to API-based access, do we need more rules and oversight of how APIs are used to prevent wanton abuse?

Mandiant Front Lines: How to Tackle Exchange Exploits

Threatpost

Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections. InfoSec Insider Malware Vulnerabilities

82

EDPB cautiously welcomes UK adequacy finding

Data Protection Report

Yesterday, the European Data Protection Board (EDPB) published its opinion on the European Commission’s draft Decision that the UK ensures an adequate level of protection for personal data (the Opinion).