Mon.Jun 20, 2022

The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive

Dark Reading

Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box

Cyberattack Blamed for Setting Off Rocket Sirens in Israel

Data Breach Today

Sirens Ring in Jerusalem, Eilat; System Used to Warn Citizens About Missile Attacks Iranian hackers may be responsible for rocket sirens sounding for almost an hour in two Israeli cities on Sunday night.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety. Cyber anxiety can indeed be paralyzing, but new software solutions have the potential to become game-changers for IT departments.

Cloudflare One Brings Email Security, DLP, CASB Together

Data Breach Today

Cloudflare's Zero Trust Platform Offers More Robust Threat Intel, Network Discovery Cloudflare sees opportunity in the growth of zero trust and is integrating recent email and cloud security acquisitions with native data security and network discovery capabilities. "I

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

The Last Watchdog

Specialization continues to advance apace in the cybercriminal ecosystem. Related: How cybercriminals leverage digital transformation. Initial access brokers, or IABs , are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered and widely exploited in Windows servers deployed globally in enterprise networks.

Access 159

More Trending

Feds Take Down Russian 'RSOCKS' Botnet

Dark Reading

RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic

111
111

The Ransomware Files, Episode 8: Travelex

Data Breach Today

Ransomware struck global currency exchange and remittance company Travelex on New Year's Eve 2019. Don Gibson was a security architect at Travelex. His name became publicly linked with the Travelex incident, and the attention was completely undesired.

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28.

Bill Would Ban Brokers From Selling Health, Location Data

Data Breach Today

Warren's Proposals Seek to Protect Consumers' Sensitive Information Worries among Democratic lawmakers that the U.S. Supreme Court will overturn a key abortion ruling have led Sen. Elizabeth Warren, D-Mass.,

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

DDoS Attacks Delay Putin Speech at Russian Economic Forum

Dark Reading

A Kremlin spokesman said that the St. Petersburg International Economic Forum accreditation and admissions systems were shut down by a DDoS attack

100
100

The Ghost of Internet Explorer Will Haunt the Web for Years

WIRED Threat Level

Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks. Security Security / Cyberattacks and Hacks

Risk 93

Capital One Attacker Exploited Misconfigured AWS Databases

Dark Reading

After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty

99

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild

Security Affairs

Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

Dark Reading

Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage

Risk 97

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy.

Enterprise-class integration to power Oracle Netsuite order-to-cash processes

OpenText Information Management

Businesses of all sizes struggle with integration – as organizations grow so does the sprawl of internal systems and external partners and cloud applications that must all be seamlessly integrated in order to achieve business efficiency.

B2B 82

Cisco will not address critical RCE in end-of-life Small Business RV routers

Security Affairs

Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers. Cisco will not release updates to address the CVE-2022-20825 RCE flaw in end-of-life Small Business RV routers and encourage upgrading to newer models.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Name That Toon: Cuter Than a June Bug

Dark Reading

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card

80

Over 2000 Social Engineering Scammers Arrested in Multi-Country Crackdown on Fraud, BEC, and Money Laundering

KnowBe4

Thousands of members of cybercriminal groups were arrested in a sting that lasted 2 months and involved coordinated efforts of the law enforcement departments of 76 countries. Social Engineering Cybercrime

79

Security Lessons From Protecting Live Events

Dark Reading

Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always

142 Million Customer Records From MGM Resorts Leaked for Free Download

KnowBe4

The availability of such a massive number of records at no cost to any cybercriminal interested is a recipe for countless phishing campaigns using the data itself as a means of establishing scam credibility. Phishing

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Hartzbleed: A New Side-Channel Attack

Schneier on Security

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard.

Vishing Attacks Increase 550% Over Last Year as the Financial Sector Continues to be a Primary Target

KnowBe4

Cybercriminals are continuing to bypass the use of malware in favor of response-based and credential-centric social engineering attacks, according to new data from Agari and PhishLabs. Social Engineering vishing

78

Episode 239: Power shifts from Russia to China in the Cyber Underground

The Security Ledger

Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixGill talks to host Paul Roberts about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities.

New PDF-Based Phishing Attack Demonstrates that Office Docs Aren’t Passé – They are Just Obfuscated!

KnowBe4

Security researchers have discovered a cunning PDF-based phishing attack that leverages social engineering and PDF prompt specifics to trick users into opening malicious Office docs. Social Engineering Phishing

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Security Affairs newsletter Round 370 by Pierluigi Paganini

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Less Than 40% of Asia-Pacific Organizations Are Confident to Stop Cyber Threats as 83% Experience At Least One Ransomware Attack a Year

KnowBe4

With exactly half of cybersecurity incidents caused by organizations having an outdated security posture, the ability to stop breaches involves some re-investment in measures that really work. Cybercrime Ransomware

Hertzbleed: A New Side-Channel Attack

Schneier on Security

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard.