February, 2021

5 Cloud Trends That Will Reshape IT in 2021

DXC

We rang in 2020 with all the expectations that cloud computing would continue its progression as a massive catalyst for digital transformation throughout the enterprise. What we didn’t expect was a worldwide health crisis that led to a huge jump in cloud usage.

Cloud 107

Bluetooth Overlay Skimmer That Blocks Chip

Krebs on Security

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores.

Retail 228
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Florida City's Water Hack: Poor IT Security Laid Bare

Data Breach Today

Oldsmar Used Windows 7, Shared TeamViewer Password, Didn't Have a Firewall The Florida city that experienced a breach of its water treatment system used now-unsupported Windows 7 machines, shared the same password for remote access and had no firewall.

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

The Last Watchdog

It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. Related: The quickening of cyber warfare. The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Far-Right Platform Gab Has Been Hacked—Including Private Data

WIRED Threat Level

The transparency group DDoSecrets says it will make the 70GB of passwords, private posts, and more available to researchers, journalists, and social scientists. Security Security / Cyberattacks and Hacks

More Trending

Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed

Schneier on Security

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside.

What’s most interesting about the Florida water system hack? That we heard about it at all.

Krebs on Security

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material.

IT 254

Patient Files Dumped on Darknet Site After Hacking Incidents

Data Breach Today

Data Appears to Come From 2 Healthcare Organizations in Florida, Texas The Conti cybercrime gang has reportedly leaked sensitive patient data, as well as employee records, on a darknet site following recent hacker attacks on a two healthcare organizations in Florida and Texas

258
258

SHARED INTEL: Forrester poll – security decision makers report breaches escalated as Covid 19 spread

The Last Watchdog

Human suffering and economic losses weren’t the only two things that escalated with the spread of Covid 19 last year. Related: Can ‘SASE’ help companies secure connectivity? Network breaches also increased steadily and dramatically month-to-month in 2020. This development is delineated in a recent report from technology research firm Forrester.

Access 136

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Hackers Tied to Russia's GRU Targeted the US Grid for Years

WIRED Threat Level

A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos. Security Security / Cyberattacks and Hacks

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

Security Affairs

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ?A

Chinese Supply-Chain Attack on Computer Systems

Schneier on Security

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008.

How $100M in Jobless Claims Went to Inmates

Krebs on Security

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail.

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Nigerian Gets 10-Year Sentence for BEC Scam

Data Breach Today

Prosecutors: Crime Operation Extorted $11 Million A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice

IT 255

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

The Last Watchdog

The cybersecurity operational risks businesses face today are daunting, to say the least. Related: Embedding security into DevOps. Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of. Adopting and nurturing a security culture is vital for all businesses. But where to start?

Cloud 133

China Hijacked an NSA Hacking Tool—and Used It for Years

WIRED Threat Level

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online. Security Security / National Security

IT 114

Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector

Dark Reading

Expect increase in ransomware and 'triple extortion' attacks, Cyber Threat Intelligence League says

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

Hacking Nespresso machines to have unlimited funds to purchase coffee

Security Affairs

Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee.

Checkout Skimmers Powered by Chip Cards

Krebs on Security

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim?

Retail 227

Senators Demand More Coordination in SolarWinds Investigation

Data Breach Today

Warner and Rubio Call for Designation of Leader of Four-Agency Effort Citing a lack of coordination and transparency, U.S.

242
242

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so. In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention. Related: Mock attack help schools prepare for hackers.

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

France Ties Russia's Sandworm to a Multiyear Hacking Spree

WIRED Threat Level

A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon. Security Security / Cyberattacks and Hacks

IT 114

Android App Infects Millions of Devices With a Single Update

Dark Reading

The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update

114
114

COMB breach: 3.2B email and password pairs leaked online

Security Affairs

The Largest compilation of emails and passwords (COMB), more than 3.2 billion login credentials, has been leaked on a popular hacking forum. More than 3.2

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Chinese Attack Tool Gains Gmail Access

Data Breach Today

Campaign Targets Tibetan Organizations Proofpoint reports that Chinese state-sponsored hackers are using a new customized malicious Mozilla Firefox browser extension that facilitates access and control of victims’ Gmail accounts. So far, the hackers are targeting Tibetan organizations

Access 233

Another SolarWinds Orion Hack

Schneier on Security

The Untold History of America’s Zero-Day Market

WIRED Threat Level

The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now. Security Security / National Security