Thu.Feb 18, 2021

Nigerian Gets 10-Year Sentence for BEC Scam

Data Breach Today

Prosecutors: Crime Operation Extorted $11 Million A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice

IT 237

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

White House Preparing 'Executive Action' After SolarWinds Attack

Data Breach Today

Deputy National Security Adviser Anne Neuberger Offers an Update on Investigation In an update on the investigation into the SolarWinds supply chain attack, Deputy National Security Adviser Anne Neuberger said the Biden administration is preparing "executive action" to address security shortcomings that have come to light.

Microsoft Concludes Internal Investigation into Solorigate Breach

Dark Reading

The software giant found no evidence that attackers gained extensive access to services or customer data

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Hackers Target 'Instant Quote' Websites

Data Breach Today

New York Warns of Theft of Consumers' Information Hackers are targeting vulnerabilities in websites offering instant quotes - especially those that provide auto insurance rates - to steal consumers' information, according to an alert from the New York State Department of Financial Services

More Trending

3 North Koreans Indicted for Conspiring to Steal $1.3 Billion

Data Breach Today

Federal Prosecutors Say Hackers Work for Military Intelligence Unit Three North Koreans have been indicted for allegedly taking part in a criminal conspiracy that attempted to steal or extort $1.3 billion in cryptocurrency and cash from banks and other organizations around the world, the U.S.

Data security accountability in an age of regular breaches

Dark Reading

As the number of vendors impacted by supply-chain breaches grows, one constant question remains: where exactly does accountability for data security lie, and what part do end users play in their own data breach protection

Data Breaches: ShinyHunters' Dominance Continues

Data Breach Today

Prolific Cybercrime Group Recently Tied to Breaches of E-Commerce and Dating Sites In 2020, a cybercrime operation known as ShinyHunters breached nearly 50 organizations, security researchers say.

SolarWinds hackers had access to components used by Azure, Intune, and Exchange

Security Affairs

Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Tips on Building a Robust Data Backup Strategy

Data Breach Today

In light of the threat of ransomware attacks, healthcare organizations need to take extra steps to ensure their systems are adequately backed up - and that those backups are protected, says Martin Littmann of Kelsey-Seybold Clinic.

Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

Security Affairs

RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts. RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.

Apple Offers Its Closest Look Yet at iOS and MacOS Security

WIRED Threat Level

In its latest Platform Security Guide, Cupertino raised the curtain on the critical features that protect against hackers. Security Security / Security News

IT 80

CrowdStrike Buys Log Management Startup Humio for $400M

Dark Reading

CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform

IT 79

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Mac Malware Targets Apple’s In-House M1 Processor

Threatpost

A malicious adware-distributing application specifically targets Apple's new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices. Malware Mobile Security

IT 108

How to Run a Successful Penetration Test

Dark Reading

These seven tips will help ensure a penetration test improves your organization's overall security posture

Kia Motors Hit With $20M Ransomware Attack – Report

Threatpost

DoppelPaymer ransomware gang claims credit for Kia’s outage, demands $20 million in double-extortion attack. Hacks Malware Mobile Security

Pro Tip: Say What You Know

Dark Reading

During the immediate period following a breach, it's vital to move fast - but not trip over yourself

IT 79

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

WEIS 2021 Call for Papers

Schneier on Security

The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers. Uncategorized conferences economics of security

Paper 69

Exploit Details Emerge for Unpatched Microsoft Bug

Threatpost

A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes

99

Microsoft Azure Front Door Gets a Security Upgrade

Dark Reading

New SKUs in Standard and Premium preview beef up the security of the content delivery network platform

What is the Value of Records and Information Management?

AIIM

What is the value of Records and Information Management? To help answer that, take a quick mental inventory of all the technologies your organization utilizes that interact in some way with organizational information.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Apple Outlines 2021 Security, Privacy Roadmap

Threatpost

Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap. Malware Privacy Web Security

Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy

Dark Reading

Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies

64

Cybercriminal Enterprise ‘Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance Scams

Threatpost

The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013. Government Hacks Web Security

Virginia Takes Different Tack Than California With Data Privacy Law

Dark Reading

Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps

Threatpost

Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered. Vulnerabilities Web Security

Virginia Data Privacy Law

Schneier on Security

Virginia is about to get a data privacy law , modeled on California’s law. Uncategorized courts data protection laws privacy

How to Run a Successful Penetration Test

Dark Reading

These seven tips will help ensure a penetration test improves your organization's overall security posture