Fri.Sep 17, 2021

article thumbnail

Good News: REvil Ransomware Victims Get Free Decryptor

Data Breach Today

Many Files Crypto-Locked Before July 13 Unlockable via Free Bitdefender Decryptor Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

article thumbnail

FTC Clarifies that Five FCRA Rules Apply Only to Motor Vehicle Dealers

Hunton Privacy

On September 13, 2021, the Federal Trade Commission published final revisions to five rules promulgated pursuant to the Fair Credit Reporting Act (“FCRA”), to clarify that the rules apply only to motor vehicle dealers. The final revisions were made to bring the rules in line with the Dodd-Frank Wall Street Reform and Consumer Protection Act. Entities other than motor vehicle dealers are still subject to the Consumer Financial Protection Bureau’s (“CFPB’s”) FCRA counterpart rules and the concurre

Insurance 128
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mirai Botnet Actively Exploiting OMIGOD Flaw

Data Breach Today

Researchers Say OMIGOD Vulnerability Can Give Attackers Root Privileges The Mirai botnet is actively exploiting the known vulnerability CVE-2021-38647, which is part of a quarter of vulnerabilities dubbed OMIGOD, in Microsoft's Azure Linux Open Management Infrastructure framework, according to Kevin Beaumont, head of the security operations center for Arcadia Group.

Security 314
article thumbnail

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

Threatpost

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan.

Security 127
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Nigerian Hacker Connected to Aviation Industry Attacks

Data Breach Today

Researchers: Attacker Sold Pilfered Airline Data on the Darknet Cisco Talos researchers have connected a previously discovered series of aviation industry attacks stretching back more than three years to a Nigeria-based attacker. The attacker sold the stolen information on the darknet, the researchers say.

273
273

More Trending

article thumbnail

OCC's Hsu Addresses Need for Cryptocurrency Oversight

Data Breach Today

Calls for Global Cryptocurrency Regulation Escalate as US Explores Options Amid growing calls for cryptocurrency regulations, the U.S. acting comptroller of the currency has made a definitive statement on safeguarding investors and how cryptocurrency should intersect with traditional financial institutions.

289
289
article thumbnail

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

Threatpost

Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.

article thumbnail

Fraudster Gets 12-Year Sentence for AT&T 'Unlocking' Scheme

Data Breach Today

Man Allegedly Recruited, Trained AT&T Employees to Act as Hackers A dual citizen of Pakistan and Grenada has been sentenced to 12 years in prison for orchestrating a seven-year scheme that unlawfully unlocked nearly 2 million AT&T smartphones, which the carrier says amounted to $200 million in subscriber losses, according to the U.S. DOJ.

221
221
article thumbnail

Zero-Click iMessage Exploit

Schneier on Security

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.

119
119
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Is White House Crackdown on Ransomware Having Any Effect?

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits.

article thumbnail

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Security Affairs

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system.

article thumbnail

Infrastructure, Security, and the Need for Visibility

Dark Reading

Government authorities are increasingly trying to bolster critical infrastructure security. But investments in next-generation solutions won't go far enough without also addressing security and operational fundamentals.

Security 109
article thumbnail

New York City to Require Food Delivery Services to Share Customer Data with Restaurants

Hunton Privacy

On August 29, 2021, a New York City Council bill amending the New York City Administrative Code to address customer data collected by food delivery services from online orders became law after the 30-day period for the mayor to sign or veto lapsed. Effective December 27, 2021, the law will permit restaurants to request customer data from third-party food delivery services and require delivery services to provide, on at least a monthly basis, such customer data until the restaurant “requests to n

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Pay For Software Based On Its Performance

Role Model Software

Pay For Software Based on Its Performance There’s always a way to improve existing processes. Maybe you’ve come to a place where you realize that’s what you need for your engineer-to-order or design-to-order business. Often that means automating your process or adding technology. Unfortunately, “automation” and “technology” usually don’t give an impression of being affordable or low-risk.

IT 98
article thumbnail

Episode 226: The Cyber Consequences Of Our Throw Away Culture

The Security Ledger

We speak with John Shegerian of ERI about his new book: “The Insecurity of Everything” and how our e-waste may be exposing sensitive data to other nations. The post Episode 226: The Cyber Consequences Of Our Throw Away Culture appeared first on The Security Ledger with Paul F. Roberts. Related Stories Episode 224: Engineering Trust In The Cyber Executive Order Episode 222: US Rep.

article thumbnail

Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

WIRED Threat Level

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan.

Security 106
article thumbnail

Weekly Update 261

Troy Hunt

Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids. We'd love questions and topics in advance or just drop in on the day, we're planning it for 18:00 Gold Coast time on Friday 24 which will be 09:00 that morning in London and ridiculous o'clock everywhere in the US.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. . The malware spread through attacks exploiting known vulnerabilities (i.e.

article thumbnail

Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

Threatpost

Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.

article thumbnail

Hackers Alter Cobalt Strike Beacon to Target Linux Environments

eSecurity Planet

A significant part of hacking consists of diverting the function of existing systems and software, and hackers often use legitimate security tools to perform cyber attacks. Pentesting tool Cobalt Strike has been one such target, but what happened recently with a Red Hat Linux version of the Cobalt Strike Beacon is worthy of note. According to cybersecurity researchers, it could be the work of an advanced threat actor.

article thumbnail

How Should the CSO Work With the Chief Privacy Officer?

Dark Reading

The chief security officer needs to be in constant communication with the chief privacy officer about what's working or not working.

Privacy 98
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

Security Affairs

The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD , in the Open Management Infrastructure (OMI) software agent that ex

Risk 80
article thumbnail

IoT 'Nutrition' Labels Aim to Put Security on Display

Dark Reading

NIST has laid the groundwork for an easy-to-understand way to communicate to consumers the security of software and connected devices.

IoT 94
article thumbnail

A New App Helps Iranians Hide Messages in Plain Sight

WIRED Threat Level

Nahoft uses encryption to turn chats into a random jumble of words, and it works even when the internet doesn’t.

article thumbnail

New Report Examines Top Threats Discussed at Black Hat USA

Dark Reading

Supply chain security and vulnerabilities in enterprise software were among the threats most dicussed at this year's show, survey data reveals.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Apple and Google Go Further Than Ever to Appease Russia

WIRED Threat Level

The tech giants have set a troubling new precedent.

Security 106
article thumbnail

International Insider Threat: DoJ Fines US Intel Officials Who Aided UAE

Dark Reading

Three former US intelligence operatives have been fined $1,685,000 for aiding the United Arab Emirates in widespread hacking campaigns.

72
article thumbnail

Making sustainability a differentiator in global trade finance (part 4)

CGI

This CGI blog post discusses making sustainability a differentiator in global trade finance.

78