Mon.Jul 19, 2021

Health Data Breach Trends: A Mid-Year Report

Data Breach Today

Ransomware Attacks, Vendor Incidents Continue to Dominate Ransomware attacks and breaches of vendors continue to account for the biggest health data breaches added to the official federal tally so far this year

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

China's Cyberattacks: Sizing Up International Response

Data Breach Today

Cybereason's Sam Curry Shares Insights on the Latest Developments The U.S

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack

Dark Reading

Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Spyware Exposé Highlights Suspected Apple Zero-Day Flaws

Data Breach Today

Zero Click' Exploits Suspected in NSO Group Pegasus Spyware Attacks, Amnesty Says A new exposé tracking how spyware has been used to target journalists and human rights advocates suggests attackers have been exploiting zero-day flaws in Apple applications and devices.

More Trending

Advisory Describes Chinese Attackers' Tactics

Data Breach Today

Report Offers Risk Mitigation Advice, Stressing Prompt Patching Three federal agencies released a 31-page Joint Cybersecurity Advisory Monday that describes 50 tactics, techniques and procedures that Chinese state-sponsored cyberattackers are using to target organizations in the U.S.

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

Security Affairs

A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant, Saudi Aramco.

Sales 110

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Data Breach Today

All Aligned With China's Ministry of State Security The U.S.

Candiru: Another Cyberweapons Arms Manufacturer

Schneier on Security

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report : Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Leak of 50,000 Contact Details Tied to Spyware Targeting

Data Breach Today

Pegasus Project' Says List Used to Coordinate Attacks Using NSO Group's Spyware A leak of 50,000 telephone numbers and email addresses led to the "Pegasus Project," a global media consortium's research effort that discovered how Pegasus spyware developed by NSO Group is being used in the wild

Experts disclose critical flaws in Advantech router monitoring tool

Security Affairs

Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed by industrial and IoT firm Advantech.

IoT 108

US: Chinese Government Waged Microsoft Exchange Attacks

Data Breach Today

China's Ministry of State Security Also Accused of Carrying Out Ransomware Attacks The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations.

Experts show how to bypass Windows Hello feature to login on Windows 10 PCs

Security Affairs

Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

7 Ways AI and ML Are Helping and Hurting Cybersecurity

Dark Reading

In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S.

How China's Hacking Entered a Reckless New Phase

WIRED Threat Level

The country's hackers have gotten far more aggressive since 2015, when the Ministry of State Security largely took over the country’s cyberespionage. Security Security / National Security

WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE

Security Affairs

A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote code execution.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

US Accuses China of Using Criminal Hackers in Cyber Espionage Operations

Dark Reading

DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others

86

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware.

New StopRansomware.gov website – The U.S. Government’s One-Stop Location to Stop Ransomware

IG Guru

Original release date: July 15, 2021 The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.

Wifi Security & Public Networks

Record Nations

It’s no secret that wifi has changed the way many companies are able to do business, but wifi security is something that should be more of a focus. Wifi is by no means a new technology. However, the pandemic has had many corporations reevaluating the secure nature of public and private networks.

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

NSO Group Spyware Used On Journalists & Activists Worldwide

Dark Reading

An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world

79

Unpatched iPhone Bug Allows Remote Device Takeover

Threatpost

A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected. Mobile Security Vulnerabilities

Risk 111

How Gaming Attack Data Aids Defenders Across Industries

Dark Reading

Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data

68

What’s Next for REvil’s Victims? 

Threatpost

Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil's servers went up in smoke. Hacks Malware Podcasts Web Security

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

CIPL President Bojana Bellamy Named to POLITICO’s Tech 28

Hunton Privacy

Hunton Andrews Kurth LLP is pleased to announce that POLITICO has named Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy among its Tech 28, the news organization’s inaugural list of top “rulemakers, rulebreakers and visionaries” shaping the future of technology in Europe and beyond.

Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections

Threatpost

The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians -- possible targets of iPhone and Android hacking. Government Malware Mobile Security

Breaking Down the Threat of Going All-In With Microsoft Security

Dark Reading

Limit risk by dividing responsibility for infrastructure, tools, and security

Risk 45