Tue.Aug 02, 2022

Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk

Dark Reading

To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control

Risk 72

Aetna Reports 326,000 Affected by Mailing Vendor Hack

Data Breach Today

Insurer Says OneTouchPoint Was a Subcontractor Health insurer Aetna ACE reported to federal regulators a health data breach affecting nearly 326,000 individuals tied to an apparent ransomware incident involving OneTouchPoint, a subcontractor that provides printing and mailing services to one of the insurer's vendors.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet.

Big Clinic Breach Tied to Vendor's 2021 Ransomware Attack

Data Breach Today

Florida Urgent Care Center Says Incident Involved Billing Vendor PracticeMax A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's ransomware attack in May 2021.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

VMware fixed critical authentication bypass vulnerability

Security Affairs

VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products.

More Trending

New Linux Malware Surges, Surpassing Android

eSecurity Planet

Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system.

Netskope Expands Into Cloud Networking With Infiot Purchase

Data Breach Today

Acquisition to Offer Netskope Customers the Entire SASE Stack in One Place With its acquisition of Infiot, Netskope now carries both the networking and security technology needed to build a Secure Access Service Edge architecture following.

Cloud 195

Massive New Phishing Campaign Targets Microsoft Email Service Users

Dark Reading

The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection

New York Nabs $30M From Robinhood Crypto in Regulatory Fine

Data Breach Today

Trading Platform Had Poor Cybersecurity and Anti-Money Laundering Controls Cryptocurrency trading platform Robinhood Crypto will pay $30 million to the state of New York after an investigation revealed deficiencies in its cybersecurity and anti-money laundering programs.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware

Dark Reading

Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal

90

Crypto Bridge Nomad Loses $190M in Free-For-All Attack

Data Breach Today

Attacker Exploited Bug Introduced During 'Routine Upgrade' Attackers drained crypto assets worth nearly $200 million on Monday from cross-chain bridge Nomad, a "security-first cross-chain messaging protocol."

Surveillance of Your Car

Schneier on Security

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it.

Sales 89

Gootkit AaaS malware is still active and uses updated tactics

Security Affairs

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

5 Steps to Becoming Secure by Design in the Face of Evolving Cyber Threats

Dark Reading

From adopting zero-trust security models to dynamic environments to operating under an "assumed breach" mentality, here are ways IT departments can reduce vulnerabilities as they move deliberately to become more secure

IT 83

LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender?

Security Affairs

An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0

Microsoft Intros New Attack Surface Management, Threat Intel Tools

Dark Reading

Microsoft says the new tools will give security teams an attacker's-eye view of their systems and supercharge their investigation and remediation efforts

Security and Gender: The Gaps Are Not Where You Expect

KnowBe4

The 2022 KnowBe4 Women’s Day Survey interviewed more than 200 women from across the technology industry in South Africa to find out more about how they perceive the industry, the gender gap and discrimination.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Thousands of Mobile Apps Leaking Twitter API Keys

Dark Reading

New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year

IoT 80

Austria investigates DSIRF firm for allegedly developing Subzero spyware 

Security Affairs

Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies.

Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps

Dark Reading

With over 323 million users of dating apps worldwide, study finds location spoofing is a threat to user trust and safety

77

Cyber Insurance Expected to Continue to Rise as Sophistication and Cost of Ransomware Attacks Increase

KnowBe4

New data about the state of cyber insurance shows that given the current loss ratios by insurers – and the reasons behind those losses – will result in higher premiums for the foreseeable future. Ransomware

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Large Language AI Models Have Real Security Benefits

Dark Reading

Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities such as explaining malware and quickly classifying websites, researchers find

11 health providers settle HIPAA right of access failures with feds via SC Media

IG Guru

Check out the post here. Breach Business Compliance HIPAA Risk News Fines

Universities Put Email Users at Cyber Risk

Threatpost

DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails. Vulnerabilities Web Security

Risk 97

Four Reasons Why Dynamic Capture Technology used in Conjunction with APIs Supercharges Your SaaS Collection Process

Hanzo Learning Center

Ediscovery and compliance are no longer reactive endeavors. Organizations must be proactive in order to mitigate legal and regulatory risk, and waiting for the perfect API for all of your data sources isn’t a sustainable option.

Risk 67

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

T-Mobile Store Owner Made $25M Using Stolen Employee Credentials

Dark Reading

Now-convicted phone dealer reset locked and blocked phones on various mobile networks

67

TSA Transitions To Results-Based Approach in Revised Pipeline Cybersecurity Directive In Response to Industry Feedback

Data Protection Report

The Transportation Security Administration (“TSA”) announced on July 21, 2022 that it is transitioning to a less prescriptive and more result-based approach in its revised emergency cybersecurity directive for critical gas and liquid pipeline companies.

Experian Customer “Impersonation” Account Takeover Uncovered by KrebsOnSecurity

KnowBe4

After a few notifications of a potential problem with Experian by his readership, Brian Krebs and team checked out Experian’s account signup process and found some disturbing news. Security Awareness Training Cybersecurity