Wed.Jun 09, 2021

Not So Fastly: Global Outage Highlights Cloud Challenges

Data Breach Today

Without Resiliency Plans, Cloud Infrastructure Can Become Single Point of Failure Content delivery network Fastly says its global outage on Tuesday was caused by an unanticipated software bug, which it has now patched.

Cloud 172

MY TAKE: Massive data breaches persist as agile software development fosters full-stack hacks

The Last Watchdog

Data leaks and data theft are part and parcel of digital commerce, even more so in the era of agile software development. Related: GraphQL APIs stir new exposures. Many of the high-profile breaches making headlines today are the by-product of hackers pounding away at Application Programming Interfaces (APIs) until they find a crease that gets them into the pathways of the data flowing between an individual user and myriad cloud-based resources.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

House Probes Specifics of Colonial Ransomware Attack

Data Breach Today

CEO Continues to Answer Questions on Paying Ransom and Company Response Colonial Pipeline Co.

Required MFA Is Not Sufficient for Strong Security: Report

Dark Reading

Attackers and red teams find multiple ways to bypass poorly deployed MFA in enterprise environments, underscoring how redundancy and good design are still required

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

APT Group Kimsuky Has New Attack Technique, Researchers Say

Data Breach Today

South Korean Government Reportedly Targeted Using AppleSeed Backdoor Researchers at Malwarebytes have uncovered the latest tactics, techniques, and procedures used by the North Korean threat group Kimsuky, also known as Thallium, Black Banshee and Velvet Chollima, as it continues to launch espionage attacks.

More Trending

Microsoft Patches 6 Vulnerabilities Currently Under Attack

Data Breach Today

None Are Rated Critical, But Analysts Say Patching Each Is Important Microsoft's June Patch Tuesday contained patches for six zero-day vulnerabilities being exploited in the wild, including two flaws detected by Kaspersky that were being exploited by a new threat group named PuzzleMaker

161
161

DarkSide Pwned Colonial With Old VPN Password

Threatpost

Attackers accessed a VPN account that was no longer in use to freeze the company’s network in a ransomware attack whose repercussions are still vibrating. Hacks Malware Web Security

Securing Industrial IoT: It’s All About the Architecture

Data Breach Today

Organizations are connecting to industrial control networks at an increasing pace. The need to connect to the IT environment, cloud applications and remote workers has created a definitive gap by eroding the demilitarized zone.

IoT 142

Hackers hit Spain’s Ministry of Labor and Social Economy

Security Affairs

The Spanish Ministry of Labor and Social Economy (MITES) was hit by a cyberattack and is working to restore impacted services. Spain’s Ministry of Labor and Social Economy (MITES) was hit by a cyberattack on Wednesday and is working to restore impacted services.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Private Equity Firms Acquire ExtraHop in $900 Million Deal

Data Breach Today

ExtraHop's Executive Suite Will Retain Its Roles ExtraHop announced Tuesday it has entered into a definitive agreement to be acquired by the private equity firms Bain Capital Private Equity and Crosspoint Capital Partners for $900 million. The transaction is expected to close in the summer of 2021

IT 142

Google fixes a critical Android RCE flaw in the System component

Security Affairs

Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices, including a Critical RCE (CVE-2021-0507).

IT 72

Carbon Friendly IT – Saving Costs, Increasing Efficiencies and Protecting the Planet

Micro Focus

Technology can play a key role in helping to reduce an organization’s environmental impact. At Micro Focus, our aim is to make sustainable and responsible business part of the way we operate.

IT 71

Information Flows and Democracy

Schneier on Security

Henry Farrell and I published a paper on fixing American democracy: “ Rechanneling Beliefs: How Information Flows Hinder or Help Democracy.”

Paper 67

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

What to Know About Updates to the PCI Secure Software Standard

Dark Reading

New requirements add 50 controls covering five control objectives. Here's a high-level look at each objective

JBS Ransomware attack highlights need for early detection and rapid response

OpenText Information Management

Over the past couple of months cyber-criminals have targeted organizations critical to our supply chain. The most recent of these attacks was against JBS, the largest meat processing company in the world.

Microsoft June 2021 Patch Tuesday addresses 6 zero-days actively exploited

Security Affairs

Microsoft’s June 2021 Patch Tuesday addressed 50 vulnerabilities, including six zero-day issues that are being actively exploited in the wild.

Ransomware Is Not the Problem

Dark Reading

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Crypto-mining campaign targets Kubeflow installs on a large scale

Security Affairs

Microsoft uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine cryptocurrency. Microsoft researchers uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for cryptocurrency.

Hardening the Physical Security Supply Chain to Mitigate the Cyber-Risk

Dark Reading

Nick Smith, Regional Manager at Genetec, details how physical security professionals can improve their resilience to cyberattacks by reviewing the cybersecurity policies of those they work with in the supply chain. This includes everyone from component vendors to installers and engineers

How Can You Protect Critical Infrastructure from Ransomware Attacks

Thales Cloud Protection & Licensing

How Can You Protect Critical Infrastructure from Ransomware Attacks. madhav. Thu, 06/10/2021 - 06:00. Another week, another ransomware attack.

Mysterious Custom Malware Collects Billions of Stolen Data Points

Threatpost

A nameless malware resulted in a huge data heist of files, credentials, cookies and more that researchers found collected into a cloud database. Breach Hacks Malware Web Security

Cloud 83

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

New Security Event @Hack to Take Place in Saudi Arabia

Dark Reading

The Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Tech will launch a multi-day event in Riyadh this November

Seattle mayor’s office scrambling to retrieve months of deleted text messages about CHOP via KIRO7

IG Guru

Check out the article here. The post Seattle mayor’s office scrambling to retrieve months of deleted text messages about CHOP via KIRO7 appeared first on IG GURU. Archives Compliance Information Governance Records Management CHOP Jenny Durkan KIRO7 Seattle Mayor Text Messages

Libryo – a platform for automating legal compliance

Information Matters

The business processes in some sectors are easier to automate than others. Where binary data such as customer information or sales figures are central then automation can be relatively straightforward. Read more.

Sales 52

RSA Spins Off Fraud & Risk Intelligence Unit

Dark Reading

The new company, called Outseer, will continue to focus on payment authentication and fraud detection and analysis

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

The state of responsible AI in 2021

Information Matters

Corinium Intelligence has published the results of a survey of 100 C-level data and analytics leaders focusing on how they are dealing with AI projects in an ethical way. Survey Read more. The post The state of responsible AI in 2021 appeared first on Information Matters. News Update Research

CISA Addresses Rise in Ransomware Threatening OT Assets

Dark Reading

The agency has released guidance in response to a rise of ransomware attacks affecting OT assets and control systems

NHS’ Plans to Share Patient Records with Third Parties

Data Matters

NHS Digital (the national custodian for health and care data in England) in May 2021, announced a new data sharing initiative called the General Practice Data for Planning and Research (GPDPR) service. The launch of the GPDPR could result in the historical medical records of up to 55 million patients in England being shared with third parties.