Wed.Jul 21, 2021

Serial Swatter Who Caused Death Gets Five Years in Prison

Krebs on Security

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.

UPMC to Settle Breach Lawsuit for $2.7 Million

Data Breach Today

2014 Hacking Incident Affected 66,000 Employees A proposed $2.7 million settlement has been reached in a lawsuit filed against the University of Pittsburgh Medical Center in the wake of a 2014 data breach that exposed tens of thousands of employees' personal information and resulted in tax fraud

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

Most of us, by now, take electronic signatures for granted. Related: Why PKI will endure as the Internet’s secure core. Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations.

Senators Introduce Federal Breach Notification Bill

Data Breach Today

Measure Requires Reporting Certain Cyber Incidents to CISA Within 24 Hours of Discovery A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

More Trending

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

Threatpost

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. Malware Web Security

Incident Response: Why Persistence Is Vital

Data Breach Today

Attorney Marcus Christian Describes Pitfalls to Avoid Marcus Christian, a former executive assistant U.S. attorney, implores businesses to not immediately abandon their incident response plans once it appears a suspected incident is resolved

IT 144

MacOS Being Picked Apart by $49 XLoader Data Stealer

Threatpost

Cheap, easy & prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. Malware Web Security

IT 99

Cybereason, Rapid7 and Sysdig Announce Acqusitions

Data Breach Today

Deals Focus on Bolstering Security Capabilities Cybereason and Rapid7 made acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal.

Report Identifies Vulnerabilities Popular on Criminal Forums

Data Breach Today

Cognyte Identifies Top 6 Flaws, Including One That's 17 Years Old Researchers at Cognyte have identified the six common vulnerabilities and exposures - or CVEs - that were most frequently discussed by apparent cyberattackers on dark web forums between Jan. 1, 2020 and March 1, 2021.

135
135

Thousands of Humana customers have their medical data leaked online by threat actors

Security Affairs

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum.

Microsoft Announces Takedown of Domains Used for BEC Schemes

Data Breach Today

Company Says West African Group Used Homoglyph Techniques to Trick Victims Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks

135
135

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

France ANSSI agency warns of APT31 campaign against French organizations

Security Affairs

French cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group.

NIST Publishes 'Critical Software' Security Guidance

Data Breach Today

Plus, White House Says MFA, Encryption to Be Widely Deployed in Federal Networks New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code.

TicketClub Italy Database Offered in Dark Web

Security Affairs

A database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums. TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases.

Sales 58

World Leaders Included on Alleged Spyware Targeting List

Data Breach Today

NSO Group Refutes Alleged Targeting List - But How Does It Know Customers' Targets? Can NSO Group and other commercial spyware vendors survive the latest revelations into how their tools get used?

IT 132

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

XLoader, a $49 spyware that could target both Windows and macOS devices

Security Affairs

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware.

Sales 58

Venmo Gets More Private—but It's Still Not Fully Safe

WIRED Threat Level

Eliminating the global feed is a good step. But until the platform offers privacy by default, it remains a liability for many of its users. Security Security / Privacy

IT 53

The Best Tools for Secure Online Privacy

IG Guru

Since the emergence of the COVID 19 pandemic, most businesses and individuals have embraced remote working. However, with more people working from home, the issue of online privacy has taken precedence.

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Threatpost

Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers. Cloud Security Malware Vulnerabilities

Cloud 66

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

CIPL Publishes White Paper on How the Legitimate Interest Ground for Processing Enables Responsible Data Use and Innovation

Hunton Privacy

On July 2, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published a white paper on How the Legitimate Interest Ground for Processing for Processing Enables Responsible Data Use and Innovation (the “Paper”).

Paper 61

7 Best Programming Languages To Use In Developing A Blockchain Software

Cllax

When you hear Bitcoin or cryptocurrency being discussed, more often than not the word “blockchain” is tossed around the conversation. Blockchain is a type of database that is different from.

French Launch NSO Probe After Macron Believed Spyware Target

Threatpost

Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware. Government Malware Mobile Security

IT 57

The importance of data quality in Financial Services

Collibra

Financial services are highly regulated and maintain a strong focus on compliance and risk management. Constantly monitoring data and also reporting it to the regulatory authority is their top priority.

4 AI Hacks to Make Sales Teams More Efficient

Over the last two years, there’s been a 76 percent increase in AI adoption across sales organizations. For sales teams, AI opens up a world of new possibilities, including automating outreach, identifying best-fit buyers, and keeping CRMs flush with fresh data. Read on to learn the four AI hacks sales teams need to improve their performance. Download the eBook today!

Tracking Malware and Ransomware Domains in 2021

Threatpost

Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news. Sponsored Web Security

Global Privacy Control Opt-Out of “Sale” – A Technical and Legal Viewpoint

Data Protection Report

According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”).

Sales 52

Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say

Threatpost

Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change. Government Hacks Malware Vulnerabilities