Wed.Jul 21, 2021

Serial Swatter Who Caused Death Gets Five Years in Prison

Krebs on Security

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.

Senators Introduce Federal Breach Notification Bill

Data Breach Today

Measure Requires Reporting Certain Cyber Incidents to CISA Within 24 Hours of Discovery A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

Most of us, by now, take electronic signatures for granted. Related: Why PKI will endure as the Internet’s secure core. Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations.

UPMC to Settle Breach Lawsuit for $2.7 Million

Data Breach Today

2014 Hacking Incident Affected 66,000 Employees A proposed $2.7 million settlement has been reached in a lawsuit filed against the University of Pittsburgh Medical Center in the wake of a 2014 data breach that exposed tens of thousands of employees' personal information and resulted in tax fraud

The Top 5 Business Outcomes Companies Can Achieve From Monitoring Consolidation

In this eBook, learn what the top five business outcomes are that organizations see when leveraging Datadog's end-to-end monitoring tool.

Thousands of Humana customers have their medical data leaked online by threat actors

Security Affairs

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum.

More Trending

France ANSSI agency warns of APT31 campaign against French organizations

Security Affairs

French cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group.

Incident Response: Why Persistence Is Vital

Data Breach Today

Attorney Marcus Christian Describes Pitfalls to Avoid Marcus Christian, a former executive assistant U.S. attorney, implores businesses to not immediately abandon their incident response plans once it appears a suspected incident is resolved

TicketClub Italy Database Offered in Dark Web

Security Affairs

A database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums. TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases.

Sales 92

Cybereason, Rapid7 and Sysdig Announce Acqusitions

Data Breach Today

Deals Focus on Bolstering Security Capabilities Cybereason and Rapid7 made acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

XLoader, a $49 spyware that could target both Windows and macOS devices

Security Affairs

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware.

Sales 89

Microsoft Announces Takedown of Domains Used for BEC Schemes

Data Breach Today

Company Says West African Group Used Homoglyph Techniques to Trick Victims Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal.

Report Identifies Vulnerabilities Popular on Criminal Forums

Data Breach Today

Cognyte Identifies Top 6 Flaws, Including One That's 17 Years Old Researchers at Cognyte have identified the six common vulnerabilities and exposures - or CVEs - that were most frequently discussed by apparent cyberattackers on dark web forums between Jan. 1, 2020 and March 1, 2021.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Venmo Gets More Private—but It's Still Not Fully Safe

WIRED Threat Level

Eliminating the global feed is a good step. But until the platform offers privacy by default, it remains a liability for many of its users. Security Security / Privacy

IT 87

NIST Publishes 'Critical Software' Security Guidance

Data Breach Today

Plus, White House Says MFA, Encryption to Be Widely Deployed in Federal Networks New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code.

The Best Tools for Secure Online Privacy

IG Guru

Since the emergence of the COVID 19 pandemic, most businesses and individuals have embraced remote working. However, with more people working from home, the issue of online privacy has taken precedence.

World Leaders Included on Alleged Spyware Targeting List

Data Breach Today

NSO Group Refutes Alleged Targeting List - But How Does It Know Customers' Targets? Can NSO Group and other commercial spyware vendors survive the latest revelations into how their tools get used?

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

Threatpost

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. Malware Web Security

CIPL Publishes White Paper on How the Legitimate Interest Ground for Processing Enables Responsible Data Use and Innovation

Hunton Privacy

On July 2, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published a white paper on How the Legitimate Interest Ground for Processing for Processing Enables Responsible Data Use and Innovation (the “Paper”).

Paper 95

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Threatpost

Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers. Cloud Security Malware Vulnerabilities

Cloud 97

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Pegasus spyware slipping into mobile devices unnoticed. Time to take mobile security seriously.

Jamf

The Pegasus surveillance software used to target terrorist and criminal threats has been linked to governments using it to target journalists, activists and dissidents.

MacOS Being Picked Apart by $49 XLoader Data Stealer

Threatpost

Cheap, easy & prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. Malware Web Security

IT 96

Global Privacy Control Opt-Out of “Sale” – A Technical and Legal Viewpoint

Data Protection Report

According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”).

Sales 79

Tracking Malware and Ransomware Domains in 2021

Threatpost

Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news. Sponsored Web Security

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

7 Best Programming Languages To Use In Developing A Blockchain Software

Cllax

When you hear Bitcoin or cryptocurrency being discussed, more often than not the word “blockchain” is tossed around the conversation. Blockchain is a type of database that is different from.

French Launch NSO Probe After Macron Believed Spyware Target

Threatpost

Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware. Government Malware Mobile Security

IT 85

The importance of data quality in Financial Services

Collibra

Financial services are highly regulated and maintain a strong focus on compliance and risk management. Constantly monitoring data and also reporting it to the regulatory authority is their top priority.