Tue.Jun 22, 2021

CISA Shifting Einstein Detection System Deeper Into Networks

Data Breach Today

Move Away From Perimeter Designed to Help Agencies Battle Supply Chain Attacks CISA is moving its Einstein intrusion detection system deeper into federal networks in an effort to better detect supply chain attacks after its failure to detect the espionage campaign that targeted SolarWinds and its customers, including federal agencies.

IT 165

MY TAKE: Equipping SOCs for the long haul – automation, edge security solidify network defenses

The Last Watchdog

Network security is in the throes of a metamorphosis. Advanced technologies and fresh security frameworks are being implemented to deter cyber attacks out at the services edge, where all the action is. Related: Automating security-by-design in SecOps. This means Security Operations Centers are in a transition. SOCs came on the scene some 20 years ago as the focal point for defending on-premises datacenters of large enterprises.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

CISA: Firewall Rules Could Have Blunted SolarWinds Malware

Data Breach Today

Agency Says Blocking Outgoing Connections From Orion Would Have Stopped Malware Federal agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by using recommended firewall configurations, but this step isn't always feasible, the Cybersecurity and Infrastructure Security Agency says.

7 Powerful Cybersecurity Skills the Energy Sector Needs Most

Dark Reading

Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

India Launches Effort to Track, Freeze Cyber Fraud Proceeds

Data Breach Today

Financial Institutions Support Initiative to Target Cybercrime The Indian government has set up the Citizen Financial Cyber Fraud Reporting and Management System to report, track - and ultimately freeze - the proceeds of cyberattack-induced financial theft

More Trending

The Changing Nature of the Insider Threat

Data Breach Today

Joseph Blankenship of Forrester Describes Efforts to Enlist Insiders for Fraud Cybercriminals and nation-states are attempting to recruit insiders at companies around the world to help steal credentials and intellectual property, says Joseph Blankenship, vice president and research director at Forrester, who offers risk mitigation insights.

Risk 143

A ransomware attack disrupted the IT network of the City of Liege

Security Affairs

Belgium city of Liege has suffered today a ransomware attack that has disrupted the IT network of the municipality and its online services. Liege, one of the biggest cities in Belgium, was hit by a ransomware attack that has disrupted the IT network of the municipality and its online services.

A 'Digital Vaccine' for Battling Ransomware Epidemic

Data Breach Today

Tal Kollender of Gytpol suggests a digital response comparable to the vaccine rollout in the physical world is needed to battle against the ransomware epidemic

Apple Will Offer Onion Routing for iCloud/Safari Users

Schneier on Security

At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” ” That’s basically its private version of onion routing , which is what Tor does.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Kroll Data Breach Report: Less-Regulated Industries Targeted

Data Breach Today

The number of data breach notifications jumped 140% in 2020 from the previous year, with a surge in attacks against less-regulated industries, according to Kroll's 2021 Data Breach Outlook. Bryan Lapidus and Heather Williams of Kroll analyze the report's findings

How to Automate a Process: A Handy Guide for the Information Professional

AIIM

The volume, velocity, and variety of information that most organizations need to manage, store, and protect now exceeds their ability to even marginally keep pace manually. This rising tide of information requires thoughtful strategies for automation to leverage its true power.

Using a Medical Device Software Bill of Materials

Data Breach Today

When medical device makers provide a software bill of materials for components contained in their products, it's critical to make that voluminous security information actionable for healthcare customers, says Rob Suarez, CISO at medical device maker Becton Dickinson Co

DroidMorph tool generates Android Malware Clones that

Security Affairs

Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones.

Paper 71

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Kroll Data Breach Report: Unregulated Industries Targeted

Data Breach Today

The number of data breach notifications jumped 140% in 2020 from the previous year, with a surge in attacks against less-regulated industries, according to Kroll's 2021 Data Breach Outlook. Bryan Lapidus and Heather Williams of Kroll analyze the report's findings

All the Ways Amazon Tracks You—and How to Stop It

WIRED Threat Level

The retail empire is obsessed with your data. But is the convenience worth your personal information? Security Security / Security Advice Security / Privacy

Tor Browser 10.0.18 fixes a bug that allows to track users by fingerprinting installed apps

Security Affairs

The Tor Project released Tor Browser 10.0.18 that addresses a flaw that allows sites to track users by fingerprinting the installed apps.

Identity Eclipses Malware Detection at RSAC Startup Competition

Dark Reading

All 10 finalists in the Innovation Sandbox were focused on identity, rather than security's mainstay for the last 20 years: Malware detection

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

MITRE adds D3FEND defensive cybersecurity techniques to ATT&CK Framework

Security Affairs

D3FEND is a new project promoted by MITRE Corporation to add defensive cybersecurity techniques to the ATT&CK Framework. D3FEND is a new project promoted by MITRE Corporation aimed to add a knowledge graph of cybersecurity countermeasures to the ATT&CK Framework.

Chart: Strength in Numbers

Dark Reading

More companies are heeding expert advice to beef up their incident-response teams

66

Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers

Security Affairs

DarkRadiation is a new strain of ransomware implemented in Bash that targets Linux and Docker cloud containers and leverages Telegram for C2.

Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO

Dark Reading

A new report suggests that top management at most companies still don't get security

Risk 60

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE

Security Affairs

Researchers from Adversa devised an attack technique, dubbed ADVERSARIAL OCTOPUS, against Facial Recognition systems. . THE INTENTION BEHIND THIS PROJECT.

Majority of Web Apps in 11 Industries Are Vulnerable All the Time

Dark Reading

Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data

54

BEC Losses Top $1.8B as Tactics Evolve

Threatpost

BEC attacks getting are more dangerous, and smart users are the ones who can stop it. Web Security

IT 75

Micro Focus Consulting. Professional. Service.

Micro Focus

I am Dr. James D. Borderick, and I look after the Competitive Benchmark research for Micro Focus, which I have been doing for over five years. I wish to share some very interesting statistics with our followers regarding satisfaction with Consulting. How do we Measure Consulting?

52

4 AI Hacks to Make Sales Teams More Efficient

Over the last two years, there’s been a 76 percent increase in AI adoption across sales organizations. For sales teams, AI opens up a world of new possibilities, including automating outreach, identifying best-fit buyers, and keeping CRMs flush with fresh data. Read on to learn the four AI hacks sales teams need to improve their performance. Download the eBook today!

Slack Connect Is Where Business Happens—But How Do You Manage the Risks?

Hanzo Learning Center

If your organization uses Slack, you’re already familiar with its benefits: rapid, streamlined internal communications without the hassle of emails. You can set up a meeting with a few quick messages and an internal Zoom integration or share files for collaboration without ever leaving the app.

Hong Kong people use blockchain to preserve evidence of anti-authoritarian struggle via Quebec News Tribune

IG Guru

Check out the link here. The post Hong Kong people use blockchain to preserve evidence of anti-authoritarian struggle via Quebec News Tribune appeared first on IG GURU. Blockchain IG News Storage Hong Kong Quebec News Tribune

Lexmark Printers Open to Arbitrary Code-Execution Zero-Day

Threatpost

“No remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug. Vulnerabilities

72