Fri.Sep 23, 2022

Ransomware’s Future: A Lucrative Money Spinner

Data Breach Today

Intel 471’s Michael DeBolt Says Anti-Ransomware Actions Will Take Time What is the future of ransomware, and is it going to continue with the same intensity of the last few years?

Software Supply Chain Security Guidance for Developers

eSecurity Planet

Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery ( CI/CD ) compromises, or basic web exploitation of outdated dependencies , there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom , and exfiltrate critical data.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ransomware’s Future: A Continuing Money Spinner

Data Breach Today

Intel 471’s Michael DeBolt Says Anti-Ransomware Actions Will Take Time What is the future of ransomware, and is it going to continue with the same intensity of the last few years?

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Schneier on Security

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.”

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Australian Telco Optus Investigates Scope of Large Breach

Data Breach Today

Optus CEO Apologizes and Says Incident Under ‘Criminal Investigation’ A criminal investigation is under way into a breach at Optus, Australia’s second-largest telecommunications company. Optus’s CEO says the company will notify those affected. It’s unknown so far who perpetrated the attack.

More Trending

Portuguese Airliner Vows Defiance Against Extortion Hackers

Data Breach Today

Ragnar Locker Leak Site Publishes Data of 1.5 Million Customers The chief executive of Portugal's state-owned airline said she will not negotiate with hackers even as the Ragnar Locker ransomware-as-a-service group posted online the data of 1.5 million customers. "We

Phishing Campaign Targets GitHub Users

KnowBe4

GitHub has issued an alert warning of a phishing campaign targeting users by impersonating the popular DevOps tool CircleCI, BleepingComputer reports.

Malwarebytes Gets $100M Weeks After Laying Off 14% of Staff

Data Breach Today

Vector Capital Funds to Boost Attack Surface Software, MSP and Partner Channels Private equity firm Vector Capital invested $100 million in Malwarebytes a month after the antivirus stalwart laid off 125 employees to focus on smaller customers.

Researchers Uncover Mysterious 'Metador' Cyber-Espionage Group

Dark Reading

Researchers from SentinelLabs laid out what they know about the attackers and implored the researcher community for help in learning more about the shadowy group

85

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

Capital One Moves Past 2019 Hacking Incident

Data Breach Today

The Office of the Comptroller of the Currency Lifts Reporting Requirement Credit card giant Capital One is moving past its 2019 hacking incident as federal regulators stop requiring quarterly updates on efforts to improve cybersecurity and a federal judge signs off on a $190 million settlement in a proposed class action lawsuit.

Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11

Dark Reading

With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference

Sweepstakes Spam Hackers Used Microsoft Infrastructure

Data Breach Today

Hackers Wanted Spam to Come From Legitimate Exchange Accounts Hackers behind a campaign of deceptive sweepstakes spam hacked their way into Azure cloud accounts that lacked multifactor authentication and obtained admin privileges for Exchange servers.

Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps

Dark Reading

Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions

82

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

HHS HC3 Warns Health Sector of Monkeypox Phishing Schemes

Data Breach Today

Malicious npm Package Poses as Tailwind Tool

Dark Reading

Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows.exe that can run PowerShell scripts

ISMG Editors: How a Teen's Hack of Uber Adds to MFA Crisis

Data Breach Today

CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit

Dark Reading

The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government

Risk 81

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

It's 2022. Do You Know Where Your Old Hard Drives Are?

Data Breach Today

The latest edition of the ISMG Security Report discusses financial giant Morgan Stanley's failure to invest in proper hard drive destruction oversight, the future of ransomware and the gangs that have attacked organizations in recent years, and the methods required to secure new payments systems

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking

Dark Reading

Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte

80

Hacks Spotlight PHI Risks For Ambulance Cos., Vendors

Data Breach Today

Two Breaches Affected a Total of Nearly 400,000 Patients Recent hacking incidents involving an emergency medical transport company and a firm that provides billing services to ambulance companies underscore how protected health information is subject to risk and oversight alike before a patient even steps into a hospital.

Risk 130

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

For years, the U.S. Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. However, after minimal corporate adoption of stronger cybersecurity, the SEC has drafted rules to require more formal cybersecurity reporting and disclosure.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

[New Feature] Managing Your Risk and Compliance Tasks Just Got Easier with KCM’s Jira Integration

KnowBe4

We’re thrilled to announce that Atlassian Jira integration support is now available with KnowBe4’s KCM GRC platform. KnowBe4 Compliance

Developer Leaks LockBit 3.0 Ransomware-Builder Code

Dark Reading

Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well

Records Management Professionals Group surpasses 12,000 members on LinkedIn

IG Guru

Check out the group here. IG News Records Management LinkedIn Records Management Group

Neglecting Open Source Developers Puts the Internet at Risk

Dark Reading

From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks

Risk 71

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Slack and Teams’ Lax App Security Raises Alarms

WIRED Threat Level

New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools. Security Security / Cyberattacks and Hacks Security / Security News

CircleCI, GitHub Users Targeted in Phishing Campaign

Dark Reading

Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials

Anonymous claims to have hacked the website of the Russian Ministry of Defense

Security Affairs

The popular collective Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked data of 305,925 people.