Fri.Sep 10, 2021

The Cost of Cloud Compromise and Shadow IT

Data Breach Today

Cloud 277

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack.

IoT 190
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

United Nations Says Intruders Breached Its Systems

Data Breach Today

Threat Actors Offered Credentials for UN's ERP Software; NATO Hit as Well The United Nations says on Thursday that its networks were accessed by intruders earlier this year, which lead to follow-on intrusions. Cybercrime analysts say they warned the agency when access credentials to a U.N.

IT 232

ProtonMail Now Keeps IP Logs

Schneier on Security

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.” ” Uncategorized anonymity courts data collection data protection e-mail privacy

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

HHS on Information Blocking Rule Enforcement: Stay Tuned

Data Breach Today

Final Rule on Penalties for Violators of Regs Expected This Month - Or Is It?

IT 222

More Trending

SolarWinds Attack Spurring Additional Federal Investigations

Data Breach Today

Lawmakers Want Answers On DOJ Breach; SEC Reportedly Probing Companies Nine months after discover of the attack that targeted SolarWinds and clients of its network monitoring tool, the incident continues to spur investigations into what happened.

IT 216

Microsoft fixes Azurescape flaw in Azure Container Instances

Security Affairs

Microsoft has fixed the Azurescape issue, a flaw in Azure Container Instances that allows to take over containers of other platform users.

MS Warns Users of Flaw in Azure Container Instances

Data Breach Today

Users Able to Access Other Users’ Information in ACI Service Microsoft has disclosed details of a vulnerability that researchers at Palo Alto Networks have named “Azurescape” because the attacks start from a container escape technique.

Access 210

Palo Alto Enters Small Business, Remote and Home Markets with Okyo

eSecurity Planet

Palo Alto Networks (PANW) is bringing its enterprise-class security to small business and home markets with Okyo , a Wi-Fi 6 hardware device announced today.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

United Nations Says Attackers Breached Its Systems

Data Breach Today

Brokers With Ransomware Ties Advertised Access to UN ERP and Also NATO Systems The United Nations says its networks were accessed by attackers earlier this year, leading to follow-on intrusions.

IT 205

Grayfly APT uses recently discovered Sidewalk backdoor

Security Affairs

Security researchers from Broadcom’s Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation. Experts from Broadcom’s Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation.

Ransomware: Hot or Not? Here's Attackers' Ideal Target

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the most sought-after type of victim for ransomware-wielding attackers. Also featured: fighting extortion schemes and stress management tips

Stolen Credentials Led to Data Theft at United Nations

Threatpost

Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks. Breach Hacks

Access 104

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Department of Commerce Establishes AI Advisory Committee

Data Breach Today

Seeks Top-Level Experts to Guide Privacy, Data Security Policies The U.S.

WhatsApp Fixes Its Biggest Encryption Loophole

WIRED Threat Level

The ubiquitous messaging service will add end-to-end encryption to backups, keeping your chats safe no matter whose cloud they're stored in. Security Security / Privacy

ISMG Editors' Panel: Ransomware Affiliates Seek New Gangs

Data Breach Today

Editors Also Discuss Why Terrorists Don't Lean Into Cyber In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how ransomware affiliates change operators and why terrorists aren't launching massive cyberattacks

5 Steps For Securing Your Remote Work Space

Threatpost

With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home. Here are five recommendations for securing your home office.

Risk 102

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

Transforming an Organization's Security Culture

Data Breach Today

CISO Bobby Ford on Building a New Cybersecurity Operating Model Bobby Ford of Hewlett Packard Enterprise says that too often when an organization engages with security, it happens in an ad hoc way.

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. For many organizations, the idea of storing data or running applications on infrastructure that they do not manage directly seems inherently insecure.

Cloud 69

Ukrainian Extradited to US Faces Credential Theft Charges

Data Breach Today

DOJ: Suspect Allegedly Used Botnet to Launch Brute Force Attacks A Ukrainian national was extradited from Poland to the U.S. this week and now faces charges of conspiracy, trafficking in unauthorized access devices and trafficking in computer passwords, according to the Justice Department

Top Steps for Ransomware Recovery and Preparation

Threatpost

Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Ransomware Stopper: Mandatory Ransom Payment Disclosure

Data Breach Today

Why Requiring Victims to Reveal Payments Would Help Blunt Criminal Business Model "Silence is gold." So says ransomware operator Ragnar Locker, as it attempts to compel victims to pay its ransom demand without ever telling anyone - especially not police.

Yandex Pummeled by Potent Meris DDoS Botnet

Threatpost

Record-breaking distributed denial of service attack targets Russia’s version of Google - Yandex. IoT Vulnerabilities Web Security

IoT 97

Information Governance community mourns the loss of Andy Sokol

IG Guru

Earlier today, i-SIGMA posted an announcement on their Facebook page that CopyScan and Scan School founder passed away unexpectedly earlier this week. In Memoriam: Andy Sokol It is with great sadness that the association announces the passing of Andrew Sokol, CSDS.

Preparing for Ransomware: Are Backups Enough?

eSecurity Planet

In a year where ransomware has raised the alert levels everywhere, the go-to answer from many is redundancy through offline, remote backups – but are they enough? Backups are a critical component of any enterprise cybersecurity posture, but they are not an airtight strategy.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

The Ultimate Online Privacy Guide for Journalists via WizCase

IG Guru

Check out the article here. The post The Ultimate Online Privacy Guide for Journalists via WizCase appeared first on IG GURU. Business Cyber Security IG News information privacy information security Privacy Risk News Information Governance Journalists Security WizCase

MyRepublic Data Breach Raises Data-Protection Questions

Threatpost

The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say. Breach Cloud Security Hacks

Sidley Privacy and Cybersecurity Roundtable

Data Matters

Please join Sidley’s Privacy and Cybersecurity Group for a two-part discussion with UK government officials with a focus on data transfer and innovation. UK Data Protection and Data Transfers – New Directions. In this Chatham House discussion, our panelists will cover: Data Transfers to the U.S.