Wed.May 12, 2021

Colonial Restarts Operations Following Ransomware Attack

Data Breach Today

Company Says It Will Take Several Days for Supply Chain to Return to Normal Colonial Pipeline on Wednesday announced that the company had restarted its operations following a ransomware attack last week.

RSAC insights: How the ‘CIEM’ framework is helping companies manage permissions glut

The Last Watchdog

A permissions glut is giving rise to an explosion of new exposures in modern business networks. Related: Securing digital identities. Companies are adopting multi-cloud and hybrid cloud infrastructures and relying on wide-open app development like never before. In doing so, permissions to make myriad software connections are proliferating. Taken together these man-to-machine and machine-to-machine connections result in cool new digital services.

Cloud 135
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Biden Signs Sweeping Executive Order on Cybersecurity

Data Breach Today

RSAC insights: Sophos report dissects how improved tools, tactics stop ransomware attack

The Last Watchdog

A new report from Sophos dissects how hackers spent two weeks roaming far-and-wide through the modern network of a large enterprise getting into a prime position to carry out what could’ve been a devasting ransomware attack. Related: DHS embarks on 60-day cybersecurity sprints. This detailed intelligence about a ProxyLogon-enabled attack highlights how criminal intruders are blending automation and human programming skills to great effect.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Colonial Pipeline Attack: “All Monsters Are Human”

Data Breach Today

Cybereason's Sam Curry on DarkSide and New Breed of Ransomware Attack In April, Cybereason published a blog detailing its research into the DarkSide ransomware strain that infected Colonial Pipeline this past week.

More Trending

Rise of DarkSide: Ransomware Victims Have Been Surging

Data Breach Today

Crime Syndicate's Big Game Hunting and Advanced Extortion Risk Becoming Commonplace For anyone wondering how the Russian-speaking, ransomware-wielding DarkSide crime syndicate was able to disrupt a major U.S. fuel pipeline, a more pertinent question might be: Why didn’t it happen sooner

Researchers Unearth 167 Fake iOS & Android Trading Apps

Dark Reading

The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations

108
108

Did Data Leak Discovery Reveal a Ransomware Incident?

Data Breach Today

Researcher Says Exposed Database Contained Ransom Demand Message An unsecured database of medical information on military veterans contained evidence of a potential incident, the security researcher who discovered the data leak says

Cybersecurity: What Is Truly Essential?

Dark Reading

In an effort to protect their organizations, security professionals can overdo it. The result often works against them

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

APT Group Using Backdoor for Espionage

Data Breach Today

Kaspersky Describes 'Operation TunnelSnake' That Appears to Have China Connection An ongoing advanced persistent threat campaign dubbed "Operation TunnelSnake" has been using a Windows rootkit named Moriya to deploy a passive backdoor to spy on victims, the security firm Kaspersky reports

FragAttacks vulnerabilities expose all WiFi devices to hack

Security Affairs

Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years.

Colonial Pipeline Attack Leads to Calls for Cyber Regs

Data Breach Today

Lawmakers, Others Say Ransomware Attack Demonstrates Need for Enhanced Security The ransomware attack against Colonial Pipeline, which has disrupted the flow of gasoline and other petroleum products throughout the eastern U.S.

TeaBot Android banking Trojan targets banks in Europe

Security Affairs

Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Babuk Ransomware Gang Posts More DC Metro Police Data

Data Breach Today

Babuk Has Threatened to Release More MPD Info The Babuk ransomware gang has reignited its feud with the Washington, D.C. Metropolitan Police Department by posting what it says is an additional 22GB of stolen data and what it claims is a transcript of the failed ransom negotiations

MITRE Protection Tests Shed New Light on Endpoint Security

eSecurity Planet

MITRE added a new wrinkle to its latest endpoint detection and response (EDR) evaluations, a test of endpoint security products’ ability to stop an adversarial attack.

Microsoft Patches 4 More Exchange Flaws

Data Breach Today

Patch Tuesday Update: These Vulnerabilities Not Yet Exploited in Wild Microsoft issued patches Tuesday for four more vulnerabilities in on-premises versions of the Exchange Server corporate email platform, one of which is a zero-day flaw

154
154

Why You Should Be Prepared to Pay a Ransom

Dark Reading

Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

NSA and ODNI analyze potential risks to 5G networks

Security Affairs

Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering. The U.S.

Risk 81

The Long Road to Rebuilding Trust after 'Golden SAML'-Like Attacks

Dark Reading

Eradicating 'privileged intruders' from the network in the aftermath of an attack poses major challenges, experts say

88

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices

Threatpost

Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they're in range. Cloud Security IoT Mobile Security Vulnerabilities Web Security

IoT 112

66% of CISOs Feel Unprepared for Cyberattacks

Dark Reading

More than half of CISOs surveyed are more concerned about a cyberattack in 2021 than in 2020, researchers report

87

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Microsoft Patch Tuesday for May 2021 fix 4 critical flaws

Security Affairs

Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities, four are rated as Critical.

Putting The Spotlight on DarkSide

Dark Reading

Incident responders share insight on the DarkSide ransomware group connected to the recent Colonial Pipeline ransomware attack

Researchers Flag e-Voting Security Flaws

Threatpost

Paper ballots and source-code transparency are recommended to improve election security. Cloud Security Critical Infrastructure Hacks Vulnerabilities Web Security

Paper 108

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities

Security Affairs

Thousands of public-facing devices can be accessed anywhere in the world, from the US to Russia, from London to Johannesburg. Our research shows that large and small manufacturers are identifiable, with Aastra-Mitel topping the list.

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales

Threatpost

A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required. Mobile Security Newsmaker Interviews Privacy Web Security

Sales 106

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers.

GDPR 72

Gig Workers Being Paid $500 for Payroll Passwords

Threatpost

Argyle is paying workers to help hack payroll providers, researchers suspect. Breach Cloud Security Privacy Web Security