Mon.Jul 26, 2021

Ransomware: Average Ransom Payment Drops to $137,000

Data Breach Today

Fewer Victims Paying Attackers Simply to Delete Stolen Data, Coveware Reports Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware.

PlugwalkJoe Does the Perp Walk

Krebs on Security

Joseph “PlugwalkJoe” O’Connor, in a photo from a paid press release on Sept. 02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Kaseya Says It Did Not Pay Ransom to Obtain Universal Decryptor

Data Breach Today

Software Firm Continues Helping Ransomware Victims to Recover Remote management software company Kaseya said Monday that it obtained a universal decryptor key without paying a ransom to the REvil - aka Sodinokibi - gang that hit the firm with a ransomware attack.

NEW TECH: How the emailing of verified company logos actually stands to fortify cybersecurity

The Last Watchdog

Google’s addition to Gmail of something called Verified Mark Certificates (VMCs) is a very big deal in the arcane world of online marketing. Related: Dangers of weaponized email. This happened rather quietly as Google announced the official launch of VMCs in a blog post on July 12. Henceforth companies will be able to insert their trademarked logos in Gmail’s avatar slot; many marketers can’t wait to distribute email carrying certified logos to billions of inboxes.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

AvosLocker Ransomware Gang Recruiting Affiliates, Partners

Data Breach Today

Malwarebytes: Gang Seeking 'Pentesters' and 'Access Brokers' A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes

More Trending

Hackers Target Kubernetes Using Misconfigured Argo Workflows

Data Breach Today

Threat Actors Deploying Cryptominers A hacking campaign is targeting Kubernetes environments using misconfigured Argo Workflows to deploy cryptominers, a report by security firm Intezer finds

Hiding Malware inside a model of a neural network

Security Affairs

Researchers demonstrated how to hide malware inside an image classifier within a neural network in order to bypass the defense solutions.

Lawsuits Against CaptureRx Pile Up and So Do Victim Counts

Data Breach Today

At Least 3 Lawsuits Filed So Far After Breach Affecting Millions Another lawsuit seeking class action status was filed last week against San Antonio-based NEC Networks - which does business as CaptureRx - in the aftermath of a hacking incident that now appears to have affected several dozen of the vendor's healthcare clients and at least 2.4

235
235

Apple fixes CVE-2021-30807 flaw, the 13th zero-day this year

Security Affairs

Apple released a security update that addresses CVE-2021-30807 flaw in macOS and iOS that may have been actively exploited to deliver malware. Apple addressed a security flaw, tracked as CVE-2021-30807, in macOS and iOS that may have been actively exploited to plant malware on vulnerable devices.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

SASE: Building a Migration Strategy

Data Breach Today

Gartner Report Prompts Discussion of Keys to Success Security experts offer an analysis of Gartner's new strategic road map for SASE adoption that emphasizes the need for a detailed migration plan and offer tips for a successful rollout

No More Ransom helped ransomware victims to save almost €1B

Security Affairs

The No More Ransom initiative celebrates its fifth anniversary, over 6 million victims of ransomware attacks recover their files for free saving almost €1 billion in payments.

Attackers Rely on 'Exotic' Languages for Malware Creation

Data Breach Today

Microsoft publishes mitigations for the PetitPotam attack

Security Affairs

Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes.

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Australia Says Uber 'Interfered' With Users' Privacy

Data Breach Today

Uber Must Tighten Data Handling, Regulator Says Australia's data regulator has found that Uber interfered with the privacy of 1.2 million of its customers as a result of a 2016 global data breach. Uber says it's made improvements to its systems and its internal security policies

Controlling Access to ePHI: For Whose Eyes Only? via the OCR Listserv

IG Guru

Summer 2021 Cybersecurity Newsletter July 14, 2021 A recent report of security incidents and data breaches found that 61% of analyzed data breaches in the healthcare sector were perpetrated by external threat actors and 39% by insiders.[1]

18 Companies to Participate in NIST 'Zero Trust' Project

Data Breach Today

Firms Will Demonstrate Their Architectures to Help Agency Develop Guidance NIST has selected 18 technology companies to demonstrate "zero trust" security architectures as it prepares to draft guidance for use of the model by federal agencies, which the private sector can also follow

Malware Makers Using ‘Exotic’ Programming Languages

Threatpost

Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. Malware Vulnerabilities Web Security

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

What’s new in OpenText Extended ECM Platform CE 21.3

OpenText Information Management

OpenText™ continues to advance our Content Services solutions with the latest release for OpenText™ Extended ECM Platform CE 21.3.

ECM 60

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Threatpost

Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked. Vulnerabilities

What’s new in OpenText Gupta Team Developer 7.4

OpenText Information Management

OpenText™ Gupta Team Developer 7.4 lets developers experience smart and higher-productivity software development through easier loop coding. Many powerful new reporting features transform the reporting experience, and many UX features optimize the user experience.

60

Podcast: IoT Piranhas Are Swarming Industrial Controls

Threatpost

Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. Critical Infrastructure IoT Malware Podcasts Vulnerabilities Web Security

IoT 113

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders.

The True Impact of Ransomware Attacks

Threatpost

Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations.

3 success factors for moving payments to the public cloud

CGI

3 success factors for moving payments to the public cloud. This CGI blog post discusses three success factors for moving payments to the public cloud. dharini.s@cgi.com. Tue, 07/27/2021 - 00:29. 4 min read

Cloud 52

Taking an opportunity

CILIP

Taking an opportunity. When I started this apprenticeship, I made a commitment to put my foot forward in everything new. And here I was taking on a project I would not have considered a year ago. A daunting yet opportunistic prospect; something this apprenticeship has provided abundantly.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Cloud Unified Communications (UC) and The Key Components

Cllax

The world first heard of Unified communications (UC) around the mid-1990s, just when real-time communications combined with messaging. UC increases your productivity by integrating communication systems to improve your business.

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

Threatpost

A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin. Malware News Web Security

A Complete List Of Top 7 Best Online Learning Platforms

Cllax

Online Learning provide a diverse set of courses that could range from being part of a standard, elementary curriculum to highly specialized learning content. Although the content could be directly. The post A Complete List Of Top 7 Best Online Learning Platforms first appeared on Cllax - Top of IT.

IT 26