Thu.Dec 02, 2021

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

The Last Watchdog

Ransomware attacks have reached a record high this year, with nearly 250 attacks recorded to date and months to go. As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools and tactics to encrypt and exfiltrate data. Related: Kaseya breach worsens supply chain worries.

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Krebs on Security

In January 2021, technology vendor Ubiquiti Inc. NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials.

Cloud 208
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Breaking the Black Mirror and Other Lessons From Day of Shecurity

Dark Reading

Diversity brings more varied solutions to major challenges in cybersecurity, just as it does in every other industry

CISA adds Zoho, Apache, Qualcomm, Mikrotik flaws to the list of actively exploited issues

Security Affairs

CISA urges to address vulnerabilities Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software.

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Key Characteristics of Malicious Domains: Report

Dark Reading

Newer top-level domains and certain hosting providers are frequent sources of malicious content, while newly registered domains and free SSL certificates are not any more likely than average to be risky, new research shows

112
112

More Trending

Top 5 Reasons to Get 'SASE' With Security

Dark Reading

Proactively updating and integrating technology, and ensuring tight collaboration between IT and security … it's simple, right? Well, not always – especially for organizations with limited resources

IT 105

Russian internet watchdog Roskomnadzor bans six more VPN services

Security Affairs

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services.

Ransomware, Carding, and Initial Access Brokers: Group-IB Presents Report on Trending Crimes

Dark Reading

Report explores cybercrime developments from the second half of 2020 through the first half of 2021

Access 105

Europol arrested 1800 money mules as part of an anti-money-laundering operation

Security Affairs

Europol identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7. Europol has identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7.

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Smart Contract Bug Results in $31 Million Loss

Schneier on Security

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another.

A Software Bug Let Hackers Drain $31M From a Crypto Service

WIRED Threat Level

An attacker exploited a vulnerability in MonoX Finance's smart contract to inflate the price of its digital token and then cash out. Security Security / Cyberattacks and Hacks

IT 96

Remote Browser Isolation Stars in Content Protection Role

Dark Reading

The entertainment industry has long had to deal with the challenge of protecting their high-value content and intellectual property. Enter remote browser isolation (RBI

91

Facebook Will Force More At-Risk Accounts to Use Two-Factor

WIRED Threat Level

The platform joins Google and others in requiring stronger protections for its most vulnerable users. Security Security / Security News

Risk 88

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Planned Parenthood LA Breach Compromises 400,000 Patients' Data

Dark Reading

The breach, which compromised data such as insurance details and prescription information, took place between Oct. 9 and Oct.

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

Threatpost

Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. Breach Malware

Access 112

Darktrace Reports 30% More Ransomware Attacks Targeting Organizations During the Holiday Period

Dark Reading

Researchers also observed a 70% average increase in attempted ransomware attacks

7 Key Takeaways from the IRMS Conference 2021

Preservica

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Fortinet vs Palo Alto Networks: Top NGFWs Compared

eSecurity Planet

A next-generation firewall (NGFW) is an important component of network security and represents the third generation of firewall technology.

AT&T Takes Steps to Mitigate Botnet Found Inside Its Network 

Threatpost

AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem. Cloud Security Critical Infrastructure Malware Mobile Security

IT 110

When Will a Cloud Infrastructure Heavyweight Launch a SASE?

Dark Reading

There's been a veritable gold rush of security vendors getting into secure access service edge. Now will any of the major IaaS vendors enter the market? Rik Turner makes the case

Planned Parenthood Breach Opens Patients to Follow-On Attacks

Threatpost

Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information. Breach Privacy

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Develop 'Foursight' — Keep Your Post-COVID Transformation on Track

Dark Reading

For IT organizations, the global health crisis didn't make meeting current and future compliance obligations easier. Here are four content protection focus areas that help the enterprise maintain compliance today, and stay on course for future digital transformation

Nation-State Attackers Use RTF Injection to Easily Spread Malware

eSecurity Planet

Hacking groups linked to Russia, China and India are leveraging a novel attack technique that makes it easier for them to spread malware , steal data and evade detection, according to a report this week by security firm Proofpoint.

Are You Exposed to Security Vulnerabilities with Your Use of Open-Source Ports on z/OS?

Rocket Software

Over the past couple of years, increased Zowe adoption and the push to integrate the mainframe into platform-neutral DevOps pipelines have resulted in greater use of Unix System Services (USS).

What is Modern Authentication and Its Role in Achieving Zero Trust Security?

Thales Cloud Protection & Licensing

What is Modern Authentication and Its Role in Achieving Zero Trust Security? madhav. Thu, 12/02/2021 - 08:36. The evolving business and technology landscape and the need for secure, yet convenient, ways of logging into applications are driving the quest for more effective authentication.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Calling all InfoCon Presenters!

IG Guru

Be a part of the action by presenting your skills and best practices to the finest in the RIM/IG profession at ARMA International’s InfoCon 2022. Start your application today! The post Calling all InfoCon Presenters! appeared first on IG GURU. ARMA IG News Information Governance Sponsored InfoCon

The Eighth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Now Available

Data Matters

Document Review in a Remote World

eDiscovery Daily

COVID-19 has transformed the document review process. Traditionally, document review was conducted in person by experts at review centers. As COVID-19 rates increased, fears for individual health and safety mandated the transition to remote review.