Fri.Nov 18, 2022

Ransomware-as-a-Service Market Now Highly Specialized

Data Breach Today

Services Include Subscription Models, Bug Bounties and High-Paying Jobs Budding cybercriminals can purchase a large number of specialized services from the ransomware criminal underground, reports cybersecurity firm Sophos.

The Next Generation of Supply Chain Attacks Is Here to Stay

Dark Reading

With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Feds Alert Healthcare, Other Sectors of Growing Hive Threats

Data Breach Today

CISA, FBI and HHS Provide Lists of Latest IoCs and TTPs Identified U.S. federal authorities are warning critical infrastructure sectors including healthcare to be on the lookout for indicators of Hive ransomware.

Vulnerability Patching: How to Prioritize and Apply Patches

eSecurity Planet

Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them.

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Cybersecurity Analysis of the FTX Crypto Heist: Part 1

Data Breach Today

On the heels of the recent FTX financial meltdown came the theft of millions of dollars that left thousands of investors, exchanges and others in the lurch. Hugh Brooks, director of security operations at CertiK, shares how the funds may have been stolen and what happens next

More Trending

ID Agent's Amelia Paro on Why Tech Alone Can't Protect Email

Data Breach Today

The Case for User Education in Stopping Phishing Emails or Social Engineering Scams User education is vital to boosting the detection rate of phishing emails or social engineering scams that could lead to data breaches or ransomware infestations.

FTX Collapse Highlights the Cybersecurity Risks of Crypto

eSecurity Planet

John Jay Ray III is one of the world’s top bankruptcy lawyers. He has worked on cases like Enron and Nortel. But his latest gig appears to be the most challenging. On November 11, he took the helm at FTX, a massive crypto platform, which has plunged into insolvency.

PCI Releases New Payment Standards for Mobile Devices

Data Breach Today

PCI MPoC Expected To Work Alongside Standard for Dedicated Payment Terminals Payment card security group PCI Security Standards Council has a new standard aimed at smoothing the contactless payment experience at retailers by ensuring that a single commercial device can process card data and a PIN.

Retail 130

Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns

Dark Reading

How far can its government — or any government or private company — go to proactively disrupt cyber threats without causing collateral damage

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

Successful Hack of Time-Triggered Ethernet

Schneier on Security

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it : On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees.

Paper 82

Secure Offboarding in the Spotlight as Tech Layoffs Mount

Dark Reading

A secure-by-design culture is needed to develop a comprehensive offboarding and identity management strategy that limits potential for broader compromise in case of unauthorized access

Atlassian fixed 2 critical flaws in Crowd and Bitbucket products

Security Affairs

Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products.

Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War

Dark Reading

As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organizations should read their cyber insurance policies carefully to see what is still covered

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Ongoing supply chain attack targets Python developers with WASP Stealer

Security Affairs

A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting Python developers.

Discover 5 Major Threats to Your Digital Supply Chain and How to Reduce Your Vendor Risk


You’ve heard that vendor dependencies are ripe for malicious abuse and you have read the stories where vendors were used to exploit and infiltrate their customers.

Risk 75

Palo Alto Networks Focuses on Secure Coding with $195M Cider Deal

Dark Reading

PAN plans to add Cider's CI/CD security platform to its Prisma Cloud suite of AppSec tools

Cloud 75

Patch Management Policy: Steps, Benefits and a Free Template

eSecurity Planet

Patching and updating devices can be a hassle and can cause business disruption. Yet, unpatched vulnerabilities provide attackers with open opportunities to cause great damage – with studies showing unpatched vulnerabilities estimated to account for 30-60% of all breaches!

Risk 70

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

Charting the Path to Zero Trust: Where to Begin

Dark Reading

Your journey to zero trust can be perilous if you are using legacy equipment that wasn’t designed for it. Begin the transformation where it makes the most sense for your organization

IT 73

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

Security Affairs

Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022.

County of Tehama, Calif., Identifies and Addresses Data Security Incident

Dark Reading

The county reports unauthorized access to files in its Department of Social Services' systems between Nov. 18, 2021, and April 9.

First Review of A Hacker’s Mind

Schneier on Security

Kirkus reviews A Hacker’s Mind : A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost. Schneier, a professor at Harvard Kennedy School and author of such books as Data and Goliath and Click Here To Kill Everybody , regularly challenges his students to write down the first 100 digits of pi, a nearly impossible task­—but not if they cheat, concerning which he admonishes, “Don’t get caught.”

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

New Startup OpsHelm Tackles Cloud Misconfigurations

Dark Reading

The company emerges from stealth with an automated security remediation product identifies and remediates cloud misconfigurations

Cloud 67

UK ICO Publishes New Guidance and a Tool for Transfer Risk Assessments

Hunton Privacy

On November 17, 2022, the UK data protection regulator, the Information Commissioner’s Office (“ICO”), published updated guidance on international transfers that includes a new section on transfer risk assessments (“TRAs”) and a TRA tool.

Request for Feedback on the Universal Electronic Records Management Requirements

National Archives Records Express

We first released the Universal Electronic Records Management Requirements in August 2017. We released Version 2 in April 2020. These requirements marked the first major milestone in the Federal Electronic Records Modernization Initiative (FERMI).

FTC Announces Six-Month Extension for Compliance with Some Changes to Gramm-Leach-Bliley Safeguards Rule

Hunton Privacy

On November 15, 2022, the Federal Trade Commission announced a six-month extension for companies to comply with certain updated requirements of the Gramm-Leach-Bliley Act’s Safeguards Rule, a set of data security provisions covered financial institutions must implement to protect their customers’ personal information.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Jamf Breakfast Club: Ensuring safe learning outside the classroom


In this installment of our ongoing web series, Richard Anderton of the Arthur Terry Learning Partnership discusses the trust’s 1:1 iPad program and how to help students learn safely outside the confines of school


Announcing Data Quality Pushdown for Snowflake


Announcing an exciting new feature – Data Quality Pushdown for Snowflake. The purpose of this feature is to create a faster and easier time to value for data quality users who are also using cloud databases.

Improve engagement and outcomes with Jamf healthcare solutions


Whether you’re new to Jamf’s healthcare solutions and workflows, or you’re one of our dear friends or partners catching up with us, we want to remind you what Jamf in healthcare is about