Mon.Jul 19, 2021

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups.

China's Cyberattacks: Sizing Up International Response

Data Breach Today

Cybereason's Sam Curry Shares Insights on the Latest Developments The U.S

IT 178
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

7 Ways AI and ML Are Helping and Hurting Cybersecurity

Dark Reading

In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm

Health Data Breach Trends: A Mid-Year Report

Data Breach Today

Ransomware Attacks, Vendor Incidents Continue to Dominate Ransomware attacks and breaches of vendors continue to account for the biggest health data breaches added to the official federal tally so far this year

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

Security Affairs

A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant, Saudi Aramco.

Sales 79

More Trending

How China's Hacking Entered a Reckless New Phase

WIRED Threat Level

The country's hackers have gotten far more aggressive since 2015, when the Ministry of State Security largely took over the country’s cyberespionage. Security Security / National Security

Advisory Describes Chinese Attackers' Tactics

Data Breach Today

Report Offers Risk Mitigation Advice, Stressing Prompt Patching Three federal agencies released a 31-page Joint Cybersecurity Advisory Monday that describes 50 tactics, techniques and procedures that Chinese state-sponsored cyberattackers are using to target organizations in the U.S.

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack

Dark Reading

Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Data Breach Today

All Aligned With China's Ministry of State Security The U.S.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Experts disclose critical flaws in Advantech router monitoring tool

Security Affairs

Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed by industrial and IoT firm Advantech.

IoT 69

Leak of 50,000 Contact Details Tied to Spyware Targeting

Data Breach Today

Pegasus Project' Says List Used to Coordinate Attacks Using NSO Group's Spyware A leak of 50,000 telephone numbers and email addresses led to the "Pegasus Project," a global media consortium's research effort that discovered how Pegasus spyware developed by NSO Group is being used in the wild

138
138

WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE

Security Affairs

A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote code execution.

US: Chinese Government Waged Microsoft Exchange Attacks

Data Breach Today

China's Ministry of State Security Also Accused of Carrying Out Ransomware Attacks The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations.

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware.

When Ransomware Comes to (Your) Town

Dark Reading

While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships

Experts show how to bypass Windows Hello feature to login on Windows 10 PCs

Security Affairs

Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism.

Candiru: Another Cyberweapons Arms Manufacturer

Schneier on Security

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report : Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments.

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S.

Unpatched iPhone Bug Allows Remote Device Takeover

Threatpost

A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected. Mobile Security Vulnerabilities

Risk 80

The American Music Fairness Act (AMFA): A Better and Fairer Solution for Performers than Just Seeking “National Treatment”

Hugh Stephens Blog

From the title of this draft legislation, introduced into the US House of Representatives in late June, you can surmise that something is unfair about music in America.

52

Wifi Security & Public Networks

Record Nations

It’s no secret that wifi has changed the way many companies are able to do business, but wifi security is something that should be more of a focus. Wifi is by no means a new technology. However, the pandemic has had many corporations reevaluating the secure nature of public and private networks.

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

New StopRansomware.gov website – The U.S. Government’s One-Stop Location to Stop Ransomware

IG Guru

Original release date: July 15, 2021 The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.

US Accuses China of Using Criminal Hackers in Cyber Espionage Operations

Dark Reading

DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others

49

CIPL President Bojana Bellamy Named to POLITICO’s Tech 28

Hunton Privacy

Hunton Andrews Kurth LLP is pleased to announce that POLITICO has named Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy among its Tech 28, the news organization’s inaugural list of top “rulemakers, rulebreakers and visionaries” shaping the future of technology in Europe and beyond.

What’s Next for REvil’s Victims? 

Threatpost

Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil's servers went up in smoke. Hacks Malware Podcasts Web Security

4 AI Hacks to Make Sales Teams More Efficient

Over the last two years, there’s been a 76 percent increase in AI adoption across sales organizations. For sales teams, AI opens up a world of new possibilities, including automating outreach, identifying best-fit buyers, and keeping CRMs flush with fresh data. Read on to learn the four AI hacks sales teams need to improve their performance. Download the eBook today!

NSO Group Spyware Used On Journalists & Activists Worldwide

Dark Reading

An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world

43

Ruthless Attackers Target Florida Condo Collapse Victims

Threatpost

Hackers are stealing the identities of those lost in the condo-collapse tragedy. Privacy Web Security

How Gaming Attack Data Aids Defenders Across Industries

Dark Reading

Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data

42