Fri.Apr 02, 2021

Ubiquiti Acknowledges Extortion Attempt

Data Breach Today

Company Called Out by Whistleblower for Attack Response Internet of things vendor Ubiquiti revealed in a security notice that an attacker had attempted to extort money from the company following a December 2020 cyber incident - a fact not mentioned in the company's earlier notice about the attack

Myanmar’s Internet Shutdown Is an Act of ‘Vast Self-Harm’

WIRED Threat Level

On Friday the military junta shut off connectivity across the country. There’s no sign of when it will return. Security Security / Security News

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Kansas Man Faces Federal Charges Over Water Treatment Hack

Data Breach Today

DOJ: Wyatt Travnichek Allegedly Accessed Cleaning and Disinfecting System A Kansas man faces federal charges for allegedly accessing the network of a local water treatment facility and tampering with the systems that control the cleaning and disinfecting procedures, according to the Justice Department.

Access 202

Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools

Security Affairs

Ransomware gang demanded a $40,000,000 ransom to the Broward County Public Schools district, Florida. It is just the last attack of a long string against the sector. Ransomware operators continue to target organizations worldwide and school districts particularly exposed to these malicious campaigns.

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Synthetic Identity Fraud: How to Define and Detect

Data Breach Today

Greg Woolf of FiVerity Discusses a Federal Reserve Initiative to Better Define the Crime Synthetic identity fraud is a pervasive yet ill-defined crime – hard to define as well as to detect.

191
191

More Trending

Booking.Com's GDPR Fine Should Serve as 'Wake-Up Call'

Data Breach Today

Dutch Authorities Found Company Waited Over 20 Days to Issue Breach Notification The 475,000 euro fine levied against Booking.com by Dutch privacy authorities should serve as a "wake-up call" for other companies when it comes to GDPR, some experts say.

GDPR 189

Man indicted for tampering with public water system in Kansas

Security Affairs

The United States Department of Justice (DoJ) charged a Kansas man, for accessing and tampering with a public water system. The United States Department of Justice charged Wyatt A.

Agency Issues 2nd Alert for Instant Quote Website Schemes

Data Breach Today

NY Officials: Fraudsters Continue to Probe Sites for Security Weaknesses New York state officials are warning insurance and financial firms that fraudsters continue to probe for security weaknesses in websites offering instant quotes, as a way to target consumers' data.

Hackers Demand $40M in Ransom From Florida School District

Dark Reading

District officials say they have no intention of paying the ransom

80

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Vendor Breach Involved PHI Exposure on GitHub

Data Breach Today

Several Healthcare Entities Issue Notices to Patients About Incident Several healthcare entities are reporting health data breaches in the wake of an incident involving a vendor's employee who uploaded files containing patient data to the public-facing, open-source software development hosting website GitHub. How can entities avoid such mishaps?

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

FBI and CISA published a joint alert to warn of advanced persistent threat (APT) groups targeting Fortinet FortiOS to access networks of multiple organizations.

Non-Fungible Tokens: Of Course They're Attracting Scammers

Data Breach Today

Ownership of Digital Assets Selling for Large Amounts of Bitcoin? Cue Fraudster Love Anyone wanting to invent a system designed to stoke widespread abuse by fraudsters would be hard-pressed to best the non-fungible token.

IT 186

Inside the Ransomware Campaigns Targeting Exchange Servers

Dark Reading

Security experts discuss the ransomware campaigns taking aim at Microsoft Exchange Server vulnerabilities patched last month

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

The Case for Central Bank Digital Currencies

Data Breach Today

Karen Hsu of AppDome Discusses the Motivation and Concerns for CBDCs Many governments are exploring Central Bank Digital Currencies to reduce costs and expand digital inclusion. Karen Hsu of AppDome discusses the opportunities and challenges for minting digital money

Call of Duty Cheats Expose Gamers to Malware, Takeover

Threatpost

Activision is warning that cyberattackers are disguising malware -- a remote-access trojan (RAT) -- in cheat programs. Malware Web Security

Access 109

North Korean Group Targets Security Researchers - Again

Data Breach Today

Google: Attackers Leverage Social Media Accounts A North Korean government-backed threat group that was detected targeting security researchers in January is once again staging a campaign against them using advanced social engineering techniques, Google reports

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

Security Affairs

Unpatched vulnerabilities in QNAP small office/home office (SOHO) network-attached storage (NAS) devices could be exploited by remote attackers to remotely execute arbitrary code.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Analysis: Fat Face's Awkward Breach Notification

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of retailer Fat Face’s awkward "strictly private and confidential" data breach notification. Also featured: Discussions on the ethics of buying leaked data and the rise of central bank digital currencies

Retail 168

From PowerShell to Payload: An Analysis of Weaponized Malware

Threatpost

John Hammond, security researcher with Huntress, takes a deep-dive into a malware's technical and coding aspects. InfoSec Insider Malware

Water Supply Hacks Are a Serious Threat—and Only Getting Worse

WIRED Threat Level

An ex-employee allegedly tampered with a Kansas water system. It was too easy, and it's happening too often. Security Security / Security News

IT 73

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

Threatpost

Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon. Government Vulnerabilities

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

The CNIL’s key priorities for upcoming dawn-raids in 2021

DLA Piper Privacy Matters

Every year, the French supervisory authority (the “ CNIL ”) publishes its key priorities for upcoming dawn-raids. In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies. W ebsites cybersecurity.

Airlift Express Fixes Vulnerabilities in Its E-commerce Store

Security Affairs

PrivacySavvy experts discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals.

FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities

Dark Reading

A joint advisory warns admins of the likelihood of APT groups exploiting three vulnerabilities in the Fortinet FortiOS

69

TIM’s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product

Security Affairs

Researchers from TIM’s Red Team Research discovered five new vulnerabilities affecting the CA eHealth Performance Manager product. Researchers from TIM’s Red Team Research led by Massimiliano Brolli, discovered 5 new vulnerabilities affecting the CA eHealth Performance Manager product.

B2B 68

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Malware Hidden in Call of Duty Cheating Software

Schneier on Security

News article : Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” ” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.) While the report doesn’t mention which forum they were posted on (that certainly would’ve been helpful), it does say that these offerings have popped up a number of times.

IT 68

DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5

Security Affairs

The DHS CISA has issued a supplemental directive that requires all federal agencies to identify vulnerable Microsoft Exchange servers in their infrastructure within five days.

Seeing stones: pandemic reveals Palantir's troubling reach in Europe

The Guardian Data Protection

Covid has given Peter Thiel’s secretive US tech company new opportunities to operate in Europe in ways some campaigners find worrying The 24 March, 2020 will be remembered by some for the news that Prince Charles tested positive for Covid and was isolating in Scotland.