Thu.Aug 04, 2022

Cisco addressed critical flaws in Small Business VPN routers

Security Affairs

Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers.

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Neuro Practice Tells 363,000 That PHI Was Posted on Dark Web

Data Breach Today

Ransomware Incident Knocked Out Computer Network, Email and Phones An Indiana-based neurology practice is notifying nearly 363,000 individuals that their sensitive information was compromised in a recent ransomware attack - and that some of the data was made available on the dark web.

High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover

Dark Reading

The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Seed Phrase Compromise May Have Caused Solana Wallets Drain

Data Breach Today

No Evidence' That Solana Protocol of Cryptography Compromised Solana identified a common thread in the million-dollar cyberattack on its hot wallets. The exploit might come down to wallet recovery passcodes stored in plaintext on a centralized server.

More Trending

More Mobile Devices, More Problems, Security Survey Finds

Data Breach Today

Verizon Business Finds That Companies Still Struggle to Secure Employee Devices The era of pandemic-induced telework is also the era of higher reliance on mobile devices for sensitive workplace information - meaning we're likewise living in the age of fretful chief information security officers, a new survey concludes.

Cyberattackers Increasingly Target Cloud IAM as a Weak Link

Dark Reading

At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers

Risk 87

Pro-China Disinformation Campaign Traced to PR Firm

Data Breach Today

Positive Energy' Op Targets North America, Europe, the Middle East and Asia Researchers from cybersecurity firm Mandiant say they've discovered a network of inauthentic news sites transmitting Chinese propaganda apparently all under the control of Shanghai Haixun Technology Co.,

Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST

Dark Reading

A month after the algorithms were revealed, some companies have already begun incorporating the future standards into their products and services

87

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

India Government Withdraws Data Protection Bill

Data Breach Today

Unexpected Revocation Comes After Years of Tech Industry Criticism The government of India withdrew a long-anticipated personal data protection bill from Parliament.

SIKE Broken

Schneier on Security

SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken , really badly.

The Ransomware Files, Ep. 10: Dr. Ransomware, Part 2

Data Breach Today

Is a practicing cardiologist living in Venezuela also a ransomware mastermind? prosecutors claim Moises Luis Zagala Gonzalez is a cybercriminal polymath. But Zagala's wife says he is innocent and there's a reason for his predicament. The Ransomware Files" podcast looks at the evidence

New Woody RAT used in attacks aimed at Russian entities

Security Affairs

An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Iranian Group Likely Behind Albanian Government Attack

Data Breach Today

Group Published Ransomware Execution Video on Website A cyberattack that temporarily paralyzed Albania's pivot to digital government likely came from Iranian hackers.

The Myth of Protection Online — and What Comes Next

Dark Reading

It's a myth that consuming and processing alerts qualifies as security. Today's technology allows better detection and prevention, rather than accepting the low bar for protection set by ingrained incident response reactions

Ransomware: What We Know and What We Don't Know

Data Breach Today

This edition of the ISMG Security Report analyzes the latest ransomware trends from the European Union Agency for Cybersecurity, findings from the first-ever Cyber Safety Review Board on the Log4j incident, and how security and privacy leaders are harmonizing new U.S. privacy laws

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

Dark Reading

In the last month, "Pl0xP" cloned several GitHub repositories, adding malicious code to the forks that would attempt to infect developer systems and steal sensitive files that included software keys

80

LinkedIn Continues its Reign as the Most-Impersonated Brand in Phishing Attacks

KnowBe4

As cybercriminals look for novel and effective ways to gain entrance to a victim network, LinkedIn is proving to be fruitful enough to keep the attention of phishing scammers. Phishing

Massive China-Linked Disinformation Campaign Taps PR Firm for Help

Dark Reading

A global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US

Hackers stole $200 million from the Nomad crypto bridge

Security Affairs

The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its funds. Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad.

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Ping Identity to Go Private After $2.8B Acquisition

Dark Reading

The identity-services company is being acquired by Thoma Bravo software investment for cash, before being delisted

73

Ransomware Attack Downtime Costs in the U.S. Rise to Nearly $160 Billion

KnowBe4

New data based on tracked, publicly-confirmed ransomware attacks shows that downtime – and the associated cost – is increasing at an alarming rate as nearly half of attacks see a ransom paid. Ransomware

IT Governance Podcast Episode 5: Facebook, Twitter, VW, Digital Protection and Information Bill

IT Governance

This week, we discuss a malware campaign targeting Facebook Business users, a breach apparently affecting 5.4 million Twitter users, a €1.1 million GDPR fine for Volkswagen, the new Digital Protection and Information Bill, and why it’s so important to maintain your cyber security through a recession.

GDPR 71

Data Protection on the Blockchain: PDPC (Singapore) Weighs in via Odia Kagan on LinkedIn

IG Guru

Check out the post here. Blockchain Compliance IG News Privacy Risk News Singapore Personal Data Protection Commission (PDPC) publishes guide on data protectionblockchain

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Open Redirects Exploited for Phishing

KnowBe4

Attackers are exploiting open redirects to distribute links to credential-harvesting sites, according to Roger Kay at INKY. The attackers are exploiting vulnerable American Express and Snapchat domains to launch the attacks.

India: Government withdraws long-awaited Personal Data Protection Bill

DLA Piper Privacy Matters

On 3 August, the Indian Central Government withdrew the Personal Data Protection Bill, 2019 ( PDP Bill ). The PDP Bill, which has drawn criticism from both privacy advocates and industry stakeholders, was first published in 2018 and was to be India’s first law on the protection of personal data.

How Email Security Is Evolving

Dark Reading

Securing email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have increased and become more sophisticated