Mon.Nov 22, 2021

10 Stocking Stuffers for Security Geeks

Dark Reading

Check out our list of gifts with a big impact for hackers and other techie security professionals

Arrest in ‘Ransom Your Employer’ Email Scheme

Krebs on Security

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Why the 'Basement Hacker' Stereotype Is Wrong — and Dangerous

Dark Reading

It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both

Risk 101

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

New Memento ransomware uses password-protected WinRAR archives to block access to the files

Security Affairs

Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious approach to block access to victims’ files.

More Trending

Bug Bounties Surge as Firms Compete for Talent

Dark Reading

Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers

IT 98

Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities

WIRED Threat Level

The surprisingly sophisticated attack is “actively spreading” throughout the industry. Security Security / Cyberattacks and Hacks

Is it OK to Take Your CEO Offline to Protect the Network?

Dark Reading

Are you asking the right questions when developing your incident response playbook? What security tasks are you willing to automate

New GoDaddy data breach impacted 1.2 million customers

Security Affairs

GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts. GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment.

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

GoDaddy Breach Exposes SSL Keys of Managed WordPress Hosting Customers

Dark Reading

The incident, which affected 1.2 million users, raises concerns about domain impersonation attacks and other malicious activities

87

US govt warns critical infrastructure of ransomware attacks during holidays

Security Affairs

US CISA and the FBI issued a joint alert to warn critical infrastructure partners and public/private organizations of ransomware attacks during holidays.

Don't Help Cybercriminals Dash With Your Customers' Cash This Black Friday

Dark Reading

Each security step, no matter how small, can have great impact in detecting and deterring cyber theft

Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

Security Affairs

Iranian airline Mahan Air was hit by a cyberattack on Sunday morning, the “Hooshyarane Vatan” hacker group claimed responsibility for the attack. Iranian private airline Mahan Air has foiled a cyber attack over the weekend, Iranian state media reported.

IT 80

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

The US government just launched a big push to fill cybersecurity jobs, with salaries to match via ZDNet

IG Guru

Cybersecurity workers could get paid as much as the vice president. The post The US government just launched a big push to fill cybersecurity jobs, with salaries to match via ZDNet appeared first on IG GURU.

Federal Bank Regulators Require Notifications For Material Cybersecurity Incidents

Data Matters

On November 18, 2021, a group of federal bank regulators announced a final rule requiring banks to notify their primary federal regulator of any “significant computer-security incidents.”

Utah Imaging Associates data breach impacts 583,643 patients

Security Affairs

Utah-based radiology medical center Utah Imaging Associates discloses a data breach that impacted 583,643 former and current patients. Utah Imaging Associates (UIA) discloses a security breach, on September 4, 2021 the company claims to have detected and blocked a cyber attack.

GoDaddy’s Latest Breach Affects 1.2M Customers

Threatpost

The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins. Breach Privacy Web Security

LinkedIn + ZoomInfo Recruiter: Better Data for Better Candidates

Check out our latest ebook for a guide to the in-depth, wide-ranging candidate and company data offered by ZoomInfo Recruiter — and make your next round of candidate searches faster, more efficient, and ultimately more successful.

CISA Urges Critical Infrastructure to Be Alert for Holiday Threats

Dark Reading

CISA and the FBI share steps organizations should take to better protect against security threats during holidays and weekends

MITRE Expands Security Testing to Services, Deception Tools & More

eSecurity Planet

MITRE is moving beyond its well-regarded endpoint security evaluations and will soon be testing other security services and products.

Top 3 Black Friday scams to avoid in 2021

IT Governance

Amid the mad dash for bargains and inevitable stories of shop-floor brawls, Black Friday brings with it a spike in cyber security threats – and it’s easy to see why. Despite being an American import, Black Friday is hugely popular in the UK.

Pentagon Partners With GreyNoise to Investigate Internet Scans

Dark Reading

With a new 5-year $30 million contract, GreyNoise Intelligence will assist multiple teams across the Department of Defense plans in a defensive capacity

67

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches

Threatpost

Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season. InfoSec Insider Web Security

What’s new in OpenText Extended ECM Platform CE 21.4

OpenText Information Management

OpenText™ Extended ECM manages the content that powers today’s top organizations, connecting information with people and systems that need it most.

ECM 60

Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws

Threatpost

Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters. Vulnerabilities Web Security

The ISO 20022 Countdown Begins: How Should You Prepare?

OpenText Information Management

ISO 20022 is one of the hottest topics in the financial industry but what is it, what are the benefits and challenges, and how should you take action?

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover

Threatpost

CloudLinux's security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug. Vulnerabilities Web Security

Introducing OpenText Digital Evidence Center

OpenText Information Management

Imagine this. You’re a large police force for a major metropolitan city. You investigate thousands of cases a year. In these investigations, officers and investigators collect mountains of evidence.

Meet Team Hanzo: Julia Vitti, A Dynamo With A Thirst For Knowledge & A Helping Spirit

Hanzo Learning Center

This month I have the pleasure of introducing you to Julia Vitti, Hanzo’s newest account executive. She's a veritable dynamo with boundless energy and brings her special mix of humor, thirst for knowledge, and listening ear to every activity to help clients succeed. What is your role at Hanzo?