Tue.Jun 21, 2022

Securing Digital Payments in the Future

Data Breach Today

Mastercard's Nick Coleman Discusses 'Threatcasting' and Real-Time Payments Ten years from now, "the ability to transact on a global basis will continue," says Nick Coleman, CSO, real-time payments at MasterCard, who adds, "Maybe my car will buy stuff for me."

Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally

The Last Watchdog

It’s stunning that the ransomware plague persists. Related: ‘SASE’ blends connectivity and security. Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos’ State of Ransomware survey shows victims routinely paying $1 million ransoms. In response, Cato Networks today introduced network-based ransomware protection for the Cato SASE Cloud.

Cloud 139
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Siemens Patches Vulnerabilities in Network Management System

Data Breach Today

15 Flaws Can Be Exploited for DoS and RCE Attacks, Credential Leaks Siemens is advising its SINEC NMS customers to update to version V1.0 SP2 or newer in order to prevent exploitation of vulnerabilities that could allow remote execution of malicious code.

7 Ways to Avoid Worst-Case Cyber Scenarios

Dark Reading

In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data

IT 114

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Lawsuit: Facebook Is Collecting Patient Data of 'Millions'

Data Breach Today

Class Action Alleges Meta Pixel Code Tracks Websites, Patient Portal Interactions A proposed federal class action lawsuit alleges that Facebook is unlawfully collecting "millions" of individuals' information from the websites and patient portals of "hundreds" of medical providers without the knowledge and consent of patients.

More Trending

Grab Denies Cyberattack Claim by Malaysia's DragonForce

Data Breach Today

Firm Says 'Leaked Data' Gleaned From Third-Party Vendor, No Grab Systems Affected Indian hyperlocal logistics provider Grab says it wasn't hacked by a Malaysian hacktivist group. DragonForce Malaysia posted last Saturday on Twitter and Telegram the purported details of Grab delivery personnel.

Why Financial Institutions Must Double Down on Open Source Investments

Dark Reading

Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation

Paying Ransomware Actors: ‘It’s a Business Decision’

Data Breach Today

Analyst Paul Furtado and CISO Daniel Smith Advise to Stay Impartial Having to decide whether to pay a ransom to cybercriminals is a decision no one wants to make.

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

VPNs Persist Despite Zero-Trust Fervor

Dark Reading

Most organizations still rely on virtual private networks for secure remote access

Access 103

FBI Warns of Fraudsters on LinkedIn

KnowBe4

The US FBI has warned that scammers on LinkedIn are a “significant threat,” CNBC reports. Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento field offices, told CNBC in an interview that cryptocurrency scams have been particularly widespread recently.

98

56 Vulnerabilities Discovered in OT Products From 10 Different Vendors

Dark Reading

Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness

The Importance of Data Governance and Compliance

IT Governance

Data governance and regulatory compliance go hand in hand. Organisations need robust governance practices if they are to stay on top of their legal requirements, while those obligations are designed to help them operate more effectively.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead

Dark Reading

Experts tell teams to prepare for more regulation, platform consolidation, management scrutiny, and attackers with the ability to claim human casualties

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Security Affairs

Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain.

The Power and Pitfalls of AI for US Intelligence

WIRED Threat Level

Artificial intelligence use is booming, but it's not the secret weapon you might imagine.

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex

Dark Reading

After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft

88

New ToddyCat APT targets high-profile entities in Europe and Asia

Security Affairs

Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020.

China-Linked ToddyCat APT Pioneers Novel Spyware

Dark Reading

ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says

KnowBe4 June 2022 Perspective

KnowBe4

Information Security is mission-critical today. The global risk situation is higher than ever. Your employees are still your largest attack vector. New-school security awareness training is a -must-have- layer in your security stack. Compared to the risk, the subscription is a complete no-brainer.

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

An IT security certification can provide a key boost for your career, but with so many different certifications available (and so many organizations more than happy to take your money for training and testing), it’s important to make sure that the time and investment are well spent.

Open Source Software Security Begins to Mature

Dark Reading

Only about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks, but those that do exhibit better security

CyberheistNews Vol 12 #25 [Heads Up] Facebook Phishing Scam Steals Millions of Credentials

KnowBe4

Cybercrime KnowBe4

Linux Foundation Announces Open Programmable Infrastructure Project to Drive Open Standards for New Class of Cloud Native Infrastructure

Dark Reading

Data Processing and Infrastructure Processing Units – DPU and IPU – are changing the way enterprises deploy and manage compute resources across their networks

Cloud 80

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

5 Testing Best Practices for IBM i DevOps

Rocket Software

Implementing DevOps continuous integration/continuous delivery (CI/CD) testing into multi-code, multi-system and multi-endpoint environments—like IBM® i—presents unique and complex challenges.

BRATA Android Malware Evolves Into an APT

Dark Reading

The BRATA Android banking Trojan is evolving into a persistent threat with a new phishing technique and event-logging capabilities

Microsoft 365 Research Highlights Cloud Vulnerabilities

eSecurity Planet

In a sequence that suggests cloud services may be more vulnerable than many think, Proofpoint researchers have demonstrated how hackers could take over Microsoft 365 accounts to ransom files stored on SharePoint and OneDrive.

Cloud 72