Wed.Apr 28, 2021

Experian API Exposed Credit Scores of Most Americans

Krebs on Security

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned.

FluBot Spyware Spreads Across Europe

Data Breach Today

Proofpoint: Malware's Operators Rebound After Arrests FluBot Android spyware is once again spreading throughout Europe following a temporary dip in activity in March after police arrested four suspects allegedly involved in the campaign, according to researchers at Proofpoint

178
178
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FluBot Malware's Rapid Spread May Soon Hit US Phones

Dark Reading

The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam

111
111

Tips on Enhancing Supply Chain Security

Data Breach Today

NIST, CISA Highlight Key Steps to Take The U.S. Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology have released a report providing insights on how to enhance supply chain security in the wake of the SolarWinds attack

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Data breaches and cyber attacks quarterly review: Q1 2021

IT Governance

Welcome to our first quarterly review of cyber attacks and data breaches. For several years, we’ve produced a monthly list of security incidents , comprised of publicly disclosed breaches from mainstream publications.

More Trending

FBI Works With 'Have I Been Pwned' to Notify Emotet Victims

Dark Reading

Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts

91

'Ghostwriter' Disinformation Campaign Targets NATO Allies

Data Breach Today

155
155

Adobe Open Sources Tool for Anomaly Research

Dark Reading

The One-Stop Anomaly Shop (OSAS) project packages machine-learning algorithms into a Docker container for finding anomalies in security log data

Cybersecurity Leadership: It’s About Cloud Security

Data Breach Today

CEOs and CISOs on Managing Visibility, Accessibility and Risk Almost every organization has adopted cloud computing to some extent, and with this great power comes great responsibility. How are cybersecurity leaders managing visibility, access and risk?

Cloud 155

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

RotaJakiro Linux backdoor has flown under the radar since 2018

Security Affairs

Experts recently uncovered a Linux backdoor, dubbed RotaJakiro , that has flown under the radar for many years while harvest and exfiltrate sensitive information from the victims. .

Is Your Cloud Raining Sensitive Data?

Dark Reading

Learn common Kubernetes vulnerabilities and ways to avoid them

Cloud 70

Google addresses a high severity flaw in V8 engine in Chrome

Security Affairs

Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227 , in the V8 JavaScript engine used by the web browser.

IT 76

Archives: Turning Collective Wisdom into Strength

Information Governance Perspectives

If there’s one thing I admire the most among the younger members of our field, it is their dedication to recognizing the path that is the worthiest… to their colleagues, to the collections, to the world they work and live in.

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Cloud misconfiguration, a major risk for cloud security

Security Affairs

Misconfigured cloud-based databases continue to cause data breaches, millions of database servers are currently exposed across cloud providers. Fugue’s new State of Cloud Security 2020 report reveals that misconfigured cloud-based databases continue to pose a severe security risk to organizations.

Cloud 72

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

Threatpost

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. Malware Vulnerabilities

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years.

Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat

Dark Reading

New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged

65

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

UK rail network Merseyrail hit by ransomware gang

Security Affairs

UK rail network Merseyrail was hit by a cyberattack, ransomware operators breached the corporate email system to disclose the attack to employees and journalists. UK rail network Merseyrail, which operates rail services across Merseyside, announced it was a victim of a cyber attack.

Welcoming the Luxemburg Government CERT to Have I Been Pwned

Troy Hunt

Continuing my efforts to make more breach data available to governments after data breaches impact their domains, I'm very happy to welcome Luxemburg aboard Have I Been Pwned.

74% of Financial Institutions See Spike in COVID-Related Threats

Dark Reading

Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000

64

The Washington Privacy Act fails to pass for the third straight year

DLA Piper Privacy Matters

Click here to view an article about the 2021 Washington Privacy Act legislative developments. DLA Piper follows the evolving state privacy landscape more closely than any other law firm.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Cartoon Caption Winner: Rough Patch?

Dark Reading

And the winner of The Edge's April cartoon caption contest is

61

Portuguese DPA Orders Suspension of U.S. Data Transfers by Agency That Relied on SCCs

Hunton Privacy

On April 27, 2021, the Portuguese Data Protection Authority ( Comissão Nacional de Proteção de Dados , the “CNPD”) ordered the National Institute of Statistics (the “INE”) to suspend, within 12 hours, any international transfers of personal data to the U.S.

Google Chrome V8 Bug Allows Remote Code-Execution

Threatpost

The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities

What’s new in OpenText Core Share and Core Signature

OpenText Information Management

The latest announcement by OpenText of Cloud Editions includes some great updates to both OpenText™ Core Share and OpenText™ Core Signature. Check out the latest updates below. April 2021: What’s new in OpenText Core Share 21.2 and Core Signature 21.2

Cloud 59

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Cybersecurity Becomes A Government Priority

eSecurity Planet

As President Biden addresses the nation in his first State of the Union tonight, expect to hear a minute devoted to cybersecurity. In a year to remember (or forget) for a number of reasons, the U.S. Department of Justice is taking the next step in addressing the rise of ransomware schemes.

Webinar: Analytics, AI and Records Management: The Revolution Will Not Be Televised via ARMA Dallas on May 10th at 12pm Central

IG Guru

REGISTER HERE Change sometimes comes charging in as on a big black dragon, breathing fire and alerting whole communities to its disruptive effect.

Chase Bank Phish Swims Past Exchange Email Protections

Threatpost

Two phishing attacks elude Exchange security protections and spoof real-life account scenarios in an attempt to fool victims. Web Security