Thu.Dec 02, 2021

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

The Last Watchdog

Ransomware attacks have reached a record high this year, with nearly 250 attacks recorded to date and months to go. As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools and tactics to encrypt and exfiltrate data. Related: Kaseya breach worsens supply chain worries.

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Krebs on Security

In January 2021, technology vendor Ubiquiti Inc. NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

7 Key Takeaways from the IRMS Conference 2021

Preservica

A Software Bug Let Hackers Drain $31M From a Crypto Service

WIRED Threat Level

An attacker exploited a vulnerability in MonoX Finance's smart contract to inflate the price of its digital token and then cash out. Security Security / Cyberattacks and Hacks

IT 105

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

CISA adds Zoho, Apache, Qualcomm, Mikrotik flaws to the list of actively exploited issues

Security Affairs

CISA urges to address vulnerabilities Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software.

More Trending

NginRAT – A stealth malware targets e-store hiding on Nginx servers

Security Affairs

Threat actors are targeting e-stores with remote access malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions.

Smart Contract Bug Results in $31 Million Loss

Schneier on Security

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another.

Breaking the Black Mirror and Other Lessons From Day of Shecurity

Dark Reading

Diversity brings more varied solutions to major challenges in cybersecurity, just as it does in every other industry

Russian internet watchdog Roskomnadzor bans six more VPN services

Security Affairs

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Facebook Will Force More At-Risk Accounts to Use Two-Factor

WIRED Threat Level

The platform joins Google and others in requiring stronger protections for its most vulnerable users. Security Security / Security News

Risk 97

Europol arrested 1800 money mules as part of an anti-money-laundering operation

Security Affairs

Europol identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7. Europol has identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7.

Top 5 Reasons to Get 'SASE' With Security

Dark Reading

Proactively updating and integrating technology, and ensuring tight collaboration between IT and security … it's simple, right? Well, not always – especially for organizations with limited resources

IT 91

Fortinet vs Palo Alto Networks: Top NGFWs Compared

eSecurity Planet

A next-generation firewall (NGFW) is an important component of network security and represents the third generation of firewall technology.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Ransomware, Carding, and Initial Access Brokers: Group-IB Presents Report on Trending Crimes

Dark Reading

Report explores cybercrime developments from the second half of 2020 through the first half of 2021

Nation-State Attackers Use RTF Injection to Easily Spread Malware

eSecurity Planet

Hacking groups linked to Russia, China and India are leveraging a novel attack technique that makes it easier for them to spread malware , steal data and evade detection, according to a report this week by security firm Proofpoint.

Planned Parenthood LA Breach Compromises 400,000 Patients' Data

Dark Reading

The breach, which compromised data such as insurance details and prescription information, took place between Oct. 9 and Oct.

Are You Exposed to Security Vulnerabilities with Your Use of Open-Source Ports on z/OS?

Rocket Software

Over the past couple of years, increased Zowe adoption and the push to integrate the mainframe into platform-neutral DevOps pipelines have resulted in greater use of Unix System Services (USS).

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

Threatpost

Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. Breach Malware

Access 105

What is Modern Authentication and Its Role in Achieving Zero Trust Security?

Thales Cloud Protection & Licensing

What is Modern Authentication and Its Role in Achieving Zero Trust Security? madhav. Thu, 12/02/2021 - 08:36. The evolving business and technology landscape and the need for secure, yet convenient, ways of logging into applications are driving the quest for more effective authentication.

Cloud 104

Calling all InfoCon Presenters!

IG Guru

Be a part of the action by presenting your skills and best practices to the finest in the RIM/IG profession at ARMA International’s InfoCon 2022. Start your application today! The post Calling all InfoCon Presenters! appeared first on IG GURU. ARMA IG News Information Governance Sponsored InfoCon

Darktrace Reports 30% More Ransomware Attacks Targeting Organizations During the Holiday Period

Dark Reading

Researchers also observed a 70% average increase in attempted ransomware attacks

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

AT&T Takes Steps to Mitigate Botnet Found Inside Its Network 

Threatpost

AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem. Cloud Security Critical Infrastructure Malware Mobile Security

IT 96

Remote Browser Isolation Stars in Content Protection Role

Dark Reading

The entertainment industry has long had to deal with the challenge of protecting their high-value content and intellectual property. Enter remote browser isolation (RBI

67

Planned Parenthood Breach Opens Patients to Follow-On Attacks

Threatpost

Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information. Breach Privacy

When Will a Cloud Infrastructure Heavyweight Launch a SASE?

Dark Reading

There's been a veritable gold rush of security vendors getting into secure access service edge. Now will any of the major IaaS vendors enter the market? Rik Turner makes the case

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Document Review in a Remote World

eDiscovery Daily

COVID-19 has transformed the document review process. Traditionally, document review was conducted in person by experts at review centers. As COVID-19 rates increased, fears for individual health and safety mandated the transition to remote review.

The Eighth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Now Available

Data Matters

Improve Cybersecurity in Education with Jamf

Jamf on EdTech

Learn why cybersecurity in schools is crucial for student success, and how to strengthen your defenses against the threat of lost learning time and data breaches