August, 2022

Cyber Resiliency Isn't Just About Technology, It's About People

Dark Reading

To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel

Microsoft Patches 'DogWalk' Zero-Day in August Patch Tuesday

Data Breach Today

Monthly Dump Includes Patches for 141 Flaws, Including 17 'Critical' Fixes More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge.

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

The Last Watchdog

After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms. Related: The crucial role of ‘Digital Trust’ After numerous delays and course changes, the Matter protocol, is set to roll out this fall, in time for the 2022 holiday shopping season.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

PoC exploit code for critical Realtek RCE flaw released online

Security Affairs

Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online.

IoT 114

More Trending

Google Chrome Zero-Day Found Exploited in the Wild

Dark Reading

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation

Vendor Ransomware Breach Affects 942,000 Patients

Data Breach Today

Incident Is Among Latest Fallout From Attacks on Healthcare Sector Entities A New York-based practice management vendor has notified 28 healthcare entity clients and more than 942,000 of their patients that sensitive information was compromised in a ransomware attack in April.

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms.

Black Hat Fireside Chat: Deploying ‘AI’ as a weapon to win the ‘attack surface management’ war

The Last Watchdog

Short-handed cybersecurity teams face a daunting challenge. Related: ‘ASM’ is cybersecurity’s new centerpiece. In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives. In short, attack surface management has become the main tent pole of cybersecurity.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies.

You Need a Password Manager. Here Are the Best Ones

WIRED Threat Level

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers. Security Gear Gear / Buying Guides Security / Security Advice

The Time Is Now for IoT Security Standards

Dark Reading

Industry standards would provide predictable and understandable IoT security frameworks

IoT 114

Hospitals in U.S., France Dealing With Cyber Extortionists

Data Breach Today

Texas Hospital Still Being Pressured, While French Hospital Responds to Ransomware A Texas-based hospital is apparently still contending with pressure to pay an extortion group that claims to have stolen patient data months ago, while a French medical center responds to a weekend attack and demands to pay a $10 million ransom.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.

Black Hat Fireside Chat: Doing deep-dive API security — as software gets developed and deployed

The Last Watchdog

APIs have come to embody the yin and yang of our digital lives. Related: Biden moves to protect water facilities. Without application programming interface, all the cool digital services we take for granted would not be possible. But it’s also true that the way software developers and companies have deployed APIs has contributed greatly to the exponential expansion of the cyber-attack surface.

Google blocked the largest Layer 7 DDoS reported to date

Security Affairs

Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google announced to have blocked the largest ever HTTPs DDoS attack that hit one of its Cloud Armor customers.

Cloud 113

Lost in Translation? New Cryptomining Malware Attacks Based in Turkey Cause Suspicion

KnowBe4

Researchers at Check Point warn that attackers based in Turkey are distributing cryptomining malware via free software distribution websites, including Softpedia and uptodown. The malicious apps appear to be legitimate, but have malware packaged within them. Malware Cryptomining

108
108

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Cisco Confirms Data Breach, Hacked Files Leaked

Dark Reading

Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification

How Criminals Are Weaponizing Leaked Ransomware Data

Data Breach Today

Accenture's Robert Boyce Advises Firms to Update Monitoring and Approval Processes Accenture analyzed the top 20 most active ransomware leak sites to see how threat actors are posting sensitive corporate information and making the data easy to search and exploit.

Class Action Targets Experian Over Account Security

Krebs on Security

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts.

GUEST ESSAY: How to secure ‘Digital Twins’ to optimize asset use, while reducing exposures

The Last Watchdog

Our technological world is advancing at dizzying speeds. Related: The coming of a ‘bio digital twin” Over the last decade, we have seen the introduction of 4G and 5G telecommunication service, the iPad, Instagram, and the introduction, acceptance, and adoption of cloud services from Microsoft, Google, and Amazon, as well as cloud computing.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

A study on malicious plugins in WordPress Marketplaces

Security Affairs

A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites.

CMS 110

[HEADS UP] Highly Sophisticated Job Offer Scam

KnowBe4

If you've been approached by recruiters on LinkedIn for a potential job opportunity, you may want to pay attention to this recent scam. Social Engineering

108
108

CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit

Dark Reading

The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice

Ransomware Leak Sites Attract More Attacks

Data Breach Today

Victims Often Attacked Simultaneously by Multiple Ransomware Groups Cybercriminals monitor leak sites for newly listed ransomware victims in a bid to try their own hand at dropping encryption malware, says Sophos.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

When Efforts to Contain a Data Breach Backfire

Krebs on Security

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm.

GUEST ESSAY: How to detect if a remote job applicant is legit — or a ‘Deepfake’ candidate

The Last Watchdog

Technology provides opportunities to positively impact the world and improve lives. Related: Why facial recognition ought to be regulated. It also delivers new ways to commit crimes and fraud. The U.S. Federal Bureau of Investigation (FBI) issued a public warning in June 2022 about a new kind of fraud involving remote work and deepfakes. The making of Deepfakes. The world is on track to see around 50% of workers transition to sustained, full-time telecommuting.

Three campaigns delivering multiple malware, including ModernLoader and XMRig miner

Security Affairs

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners.