Thu.Sep 22, 2022

Morgan Stanley's Hard Drive Destruction Investment Failure

Data Breach Today

$35 Million Fine From Securities and Exchange Commission Covers 5 Years of Mishaps Financial services giant Morgan Stanley will pay a $35 million fine to settle U.S.

A New Linux Tool Aims to Guard Against Supply Chain Attacks

WIRED Threat Level

Security firm Chainguard has created a simple, open-source way for organizations to defend the cloud against some of the most insidious attacks. Security Security / Cyberattacks and Hacks Security / National Security Security / Security News

Cloud 77
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Australian Telco Optus Warns of 'Significant' Data Breach

Data Breach Today

Current and Former Customers' Contact Details Exposed, But No Financial Information Australian telecommunications giant Optus is warning that current and former customers' personal details were exposed, including some driver's license and passport details, but no passwords or financial details, after it suffered a major data breach.

Ransomware: The Latest Chapter

Dark Reading

As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Cyberattack Disrupts Michigan School District for 2nd Day

Data Breach Today

K-12 Educational Sector Is a Target for Ransomware Gangs School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following a cyberattack. Students have been told not to use district-issued Chromebooks.

More Trending

Iranian Hackers Accessed Albania's Network for 14 Months

Data Breach Today

FBI, CISA Detail How Iran Launched Destructive Cyberattack Iranian hackers rambled across the Albanian government's network for 14 months before launching a ransomware and disk wiper attack in July, says the U.S. government.

Access 203

15-Year-Old Python Flaw Slithers into Software Worldwide

Dark Reading

An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559

105
105

Universities Urged to Defend Sensitive Research from Hackers

Data Breach Today

Adversaries Want to Interfere With Research at US Schools. How Can They be Stopped? Cyberattacks against universities have forced academia to implement new rules and processes to safeguard sensitive research from adversaries like China, Russia and Iran.

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability.

Mining 100

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

SentinelOne's $100M Venture Capital Fund Seeks Data Startups

Data Breach Today

New S Ventures Fund Takes on CrowdStrike Fund, Backs Armorblox and Noetic Cyber SentinelOne is taking on top rival CrowdStrike in the venture arena, unveiling a $100 million fund to support security and data startups of all sizes.

A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder

Security Affairs

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang.

Medtronic Recalls Certain Insulin Pumps Due to Cyber Flaw

Data Breach Today

Feds Also Warn the Issue Could Affect the Dose of Insulin Delivered to a Patient Federal authorities have issued urgent advisories - and Medtronic a voluntary product recall - about a cybersecurity flaw in some of the company's insulin pumps.

Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards

Dark Reading

The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents

94

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Wintermute CEO Renews Plea for Hacker to Return Stolen Funds

Data Breach Today

Hack Traced to Bug in Wallet Addressing Tool Whoever stole $160 million from Wintermute, the cryptocurrency trading firm's CEO, Evgeny Gaevoy, would like the money back, minus 10% that's on the house.

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache.

Public Water Systems at Cybersecurity Risk, Lawmakers Hear

Data Breach Today

Municipal Water Systems Installing Networked Control Systems Public water systems in the United States will continue connecting control systems to the internet despite the risks, members of the House Homeland Security Committee heard today.

Risk 130

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

eSecurity Planet

During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Security Practices Are Improving, But Cybercriminals Are Keeping Up

KnowBe4

A survey by GetApp has found that the number of organizations using phishing simulations has risen from 30% in 2019 to 70% in 2022.

Hackers Paralyze 911 Operations in Suffolk County, NY

Dark Reading

Reduced to pen, paper, and phones, 911 operators ask NYPD for backup in handling emergency calls

Paper 88

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Security Affairs

More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability. More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago.

Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist

Dark Reading

The decentralized finance (DeFi) platform was the victim of an exploit for a partner's vulnerable code — highlighting a challenging cybersecurity environment in the sector

12 Plays to Kickstart Your Recruitment Process

To stay ahead in this race, every recruiter needs a good playbook. In this eBook, we lay out 12 recruiting plays that can automate key steps in your recruitment process, helping you reduce both the cost and the time it takes to hire the best candidates.

Do Not Use Easily Phishable MFA and That Is Most MFA!

KnowBe4

Everyone should use multifactor authentication (MFA) , where they can, to protect valuable information. Everyone! Phishing MFA Cybersecurity Awareness Month

Feds Sound Alarm on Rising OT/ICS Threats From APT Groups

Dark Reading

NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems

Prompt Injection/Extraction Attacks against AI Systems

Schneier on Security

This is an interesting attack I had not previously considered. The variants are interesting , and I think we’re just starting to understand their implications. Uncategorized artificial intelligence cyberattack security engineering

Data Scientists Dial Back Use of Open Source Code Due to Security Worries

Dark Reading

Data scientists, who often choose open source packages without considering security, increasingly face concerns over the unvetted use of those components, new study shows

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Security Data Lakes Emerge to Address SIEM Limitations

eSecurity Planet

Every security team craves clear visibility into the endpoints, networks, containers, applications, and other resources of the organization. Tools such as endpoint detection and response (EDR) and extended detection and response (XDR) send an increasing number of alerts to provide that visibility.

Twitter's Whistleblower Allegations Are a Cautionary Tale for All Businesses

Dark Reading

Businesses need to turn privacy and security into an advantage. Store less data, and live up to customer expectations that their information is protected. Take small steps, be transparent about data management, and chose partners carefully

Hackers stole $160 Million from Crypto market maker Wintermute

Security Affairs

Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute. Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute.