Fri.Apr 30, 2021

GitHub Leaks: Lessons Learned

Data Breach Today

Experts Offer Advice on Avoiding Patient Data Exposure Recent incidents involving inadvertent exposure of patient data on GitHub, a software development platform, point to the need to ensure that data loss prevention tools are implemented, all available security controls are leveraged and employees are made aware of the risks involved.

Risk 222

7 Modern-Day Cybersecurity Realities

Dark Reading

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

CISA: 5 Agencies Using Pulse Secure VPNs Possibly Breached

Data Breach Today

Suspicious Activity Detected; Investigation Continues CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official.

Ransomware Task Force Publishes Framework to Fight Global Threat

Dark Reading

An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

BIND 9: DNS Server Software Has Flaws

Data Breach Today

Users Urged to Take Immediate Mitigation Action The developer of Berkeley Internet Name Domain, or BIND 9, an open-source implementation of domain name systems, is advising users to mitigate three vulnerabilities that attackers could remotely exploit to cause systems to crash or become inaccessible

189
189

More Trending

Ransomware Gang Exploits SonicWall Zero-Day Flaw

Data Breach Today

FireEye: Attacks Happened Before Patch Issued for VPN Vulnerability A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor. A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy.

Babuk to Close Ransomware Operation After DC Police Attack

Data Breach Today

Gang Will Provide Malware Code to Other Attackers Rather Than Release Decryptor The Babuk ransomware gang says it will no longer launch attacks but instead will make its malware source code available for other attackers to use. The gang took credit for recent attacks against the Washington, D.C.

MITRE Adds MacOS, More Data Types to ATT&CK Framework

Dark Reading

Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure

Cloud 99

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

ISMG Editors’ Panel: Cyber Extortion and More

Data Breach Today

Discussion Tackles Ransomware and Fraud Issues Four editors at Information Security Media Group discuss timely issues, including how the zero-day attacks against Accellion File Transfer Appliance users have rewritten the rules of the cyber extortion game and former federal CIO Gregory Touhill taking on an important new role.

Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds

Dark Reading

Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows

Analysis: 'Cybersecurity Call to Arms'

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of British spy chief Jeremy Flemming’s "cybersecurity call to arms." Also featured: Insights on COVID-19 business continuity planning; the wisdom of the late Dan Kaminsky

UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed

Security Affairs

UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix.

IT 95

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Serious MacOS Vulnerability Patched

Schneier on Security

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through.

Portuguese CNPD suspends transfers of Census 2021 data to the U.S.

DLA Piper Privacy Matters

New Threat Group Carrying Out Aggressive Ransomware Campaign

Dark Reading

UNC2447 observed targeting now-patched vulnerability in SonicWall VPN

Microsoft warns of BadAlloc flaws in OT, IoT devices

Security Affairs

Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them.

IoT 82

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Deadline to file comments to the HIPAA NPRM is fast approaching

DLA Piper Privacy Matters

Authors: Emily Maus and Anna Spencer. HIPAA covered entities and business associates should finalize their comments soon, before the comment period for the 2020 Health Insurance Portability and Accountability Act (HIPAA) Notice of Proposed Rulemaking ( NPRM ) closes on May 6.

Microsoft Warns 25 Critical Vulnerabilities in IoT, Industrial Devices

Threatpost

Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. IoT Vulnerabilities

IoT 109

Post-Pandemic Enterprise Architecture Priorities

erwin

Before the COVID-19 pandemic, many enterprise architects were focused on standardization.

Cloud 69

Is the SolarWinds Hack Really a Seismic Shift?

Threatpost

Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack's legacy and ramifications for security professionals. Government Hacks InfoSec Insider Malware

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

Security Affairs

UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day.

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

Threatpost

The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”. Hacks Malware

IT 94

Recruitment: Finding Genuine Talent in an Artificial World

Information Governance Perspectives

Employers need to be able to ask specific questions, drill-down, and recover the root causes of problems and fill those gaps. We do not minimize skill sets by any stretch, but we have also learned that the ‘intangible’ side of the equation gives both sides a better shot at a long-term fit.

64

PortDoor Espionage Malware Takes Aim at Russian Defense Sector

Threatpost

The stealthy backdoor is likely being used by Chinese APTs, researchers said. Malware

92

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

The Ticking Time Bomb in Every Company's Code

Dark Reading

Developers must weigh the benefits and risks of using third-party code in Web apps

Risk 64

Second Circuit sets standing threshold for data-breach class actions

DLA Piper Privacy Matters

Authors: Keara M. Gordon , Isabelle Ord , Jeff DeGroot , and Haley Torrey. This week, the Second Circuit in McMorris v. Carlos Lopez & Assocs., LLC , No.

Google's Grand Plan to Eradicate Cookies Is Crumbling

WIRED Threat Level

Regulators in the EU and competitors have raised concerns about the company's proposals to rewrite the rules of online advertising. Security Security / Privacy