December, 2020

Microsoft Finds Backdoor, CISA Warns of New Attack Vectors

Data Breach Today

Devastating Scope of Hacking Campaign Expands Microsoft says on Thursday it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies.

We Have a National Cybersecurity Emergency -- Here's How We Can Respond

Dark Reading

Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Hide Software Skimmer in Social Media Sharing Icons

Security Affairs

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks.

Migrating Oracle to PostgreSQL

Considering migrating away from Oracle? Learn why PostgreSQL is the right move.

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

The Last Watchdog

One legacy of the ongoing global pandemic is that companies now realize that a secured and well-supported remote workforce is possible. Recently, the University of Illinois and the Harvard Business School conducted a study, and 16% of companies reported switching their employees to work at home from offices at least twice a week. Related: SASE translates into secure connectivity.

Access 163

More Trending

US Treasury Suffers 'Significant' SolarWinds Breach

Data Breach Today

Dozens of Email Accounts' Compromised by Attackers, Says Senior Democratic Senator An ongoing investigation at the U.S.

Access 276

Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code

Dark Reading

Malicious SolarWinds Orion backdoor installed in Microsoft's network led to the attackers viewing some of its source code

Access 114

New Golang-based Crypto worm infects Windows and Linux servers

Security Affairs

Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers.

SolarWinds Hack Could Affect 18K Customers

Krebs on Security

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday.

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

NEW TECH: Will ‘Secure Access Service Edge’ — SASE — Be the Answer to Secure Connectivity?

The Last Watchdog

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. We began the new millennium with on-premises data centers supporting servers and desktops that a technician in sneakers could service. Connectivity was relatively uncomplicated. And given a tangible network perimeter, cybersecurity evolved following the moat-and-wall principle.

Russia's SolarWinds Hack Is a Historic Mess

WIRED Threat Level

All the most important stories about the biggest hack in years. Security Security / Security News

Ransomware Attacks Hitting Vulnerable MySQL Servers

Data Breach Today

Researchers: Attackers Also Selling Access to Over 250,000 Stolen Databases Hackers are targeting thousands of vulnerable MySQL servers around the world, using ransomware to exfiltrate data from organizations and then demanding payment, according to Guardicore Labs.

20 for 2020: The Edge's Top Articles of the Year

Dark Reading

Variety is the spice of life, and it's also the perfect analogy for the article topics that resonated most with Edge readers this past year

IT 114

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

SolarWinds hackers gained access to Microsoft source code

Security Affairs

The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products.

Access 114

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets.

Russia’s SolarWinds Attack

Schneier on Security

Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world.

No One Knows How Deep Russia's Hacking Rampage Goes

WIRED Threat Level

A supply chain attack against IT company SolarWinds has exposed as many as 18,000 companies to Cozy Bear's attacks. Security Security / Cyberattacks and Hacks

IT 114

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Hacked: US Commerce and Treasury Departments

Data Breach Today

Fellow Victim FireEye Traces Breaches to Trojanized SolarWinds Software Updates The U.S. Commerce Department confirmed on Sunday it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck.

The Coolest Hacks of 2020

Dark Reading

Despite a pandemic and possibly the worst cyberattack campaign ever waged against the US, the year still had some bright spots when it came to "good" and creative hacks

IT 114

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Security Affairs

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor.

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Krebs on Security

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned.

Open Source is Quickly—and Rightfully— Becoming Enterprise’s First Choice

Open source is not just a community, it’s a movement. And while its popularity has, of course, existed for decades, its accelerating growth in today’s enterprise is unmistakable. Find out why enterprises are going all-in on their open source strategy.

Brexit Deal Mandates Old Insecure Crypto Algorithms

Schneier on Security

In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information.

In 'The Mandalorian,' Stormtroopers Have Finally Discovered Tactics

WIRED Threat Level

Imperial troops have finally figured out how to do more than charge straight ahead. Security Security / Security News

Analysis: The Impact of SolarWinds Hack

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of what we know so far about the impact of the SolarWinds supply chain hack and how to respond

How to Build Cyber Resilience in a Dangerous Atmosphere

Dark Reading

Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

VMware and Cisco also impacted by the SolarWinds hack

Security Affairs

The IT giants VMware and Cisco revealed they were impacted by the recently disclosed SolarWinds supply chain attack. VMware and Cisco confirmed to have been both impacted by the recent SolarWinds hack.

Access 114

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days.

US Schools Are Buying Cell Phone Unlocking Systems

Schneier on Security

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology.