June, 2021

CEO-Level Guide to Prevent Data Hacking Technologies & Incidents

Security Affairs

The current era, where all data is digital, the threats of fraud, breach and data sprawl are more of a reality than ever. In these times, organizations not only take a hit because of the breached data and cyber threats, but also are heavily fined under global privacy regulations.

Risk 100

A View from Inside a Deception

Dark Reading

Pen-testing today's threat deception technology is not for the faint-hearted. Do modern deception tools truly frustrate adversaries, and are they ready for the enterprise SOC

84
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ransomware Evolves as Groups Embrace as-a-Service Models

eSecurity Planet

At first glance, the report this week from cybersecurity software vendor McAfee showing that the incidence of ransomware dropped by half in the first quarter seems like good news to a world that continues to feel the repercussions of the seemingly ubiquitous malware.

UK Cyber Security Council to Tackle Education, Standards

Data Breach Today

Claudia Natanson Describes Vision of U.K.’s s New Self-Regulatory Body U.K. Cyber Security Council is a new self-regulatory body for the profession. It is tasked by the U.K. Government to execute their vision for the U.K.

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

How Cyber Safe is Your Drinking Water Supply?

Krebs on Security

More Trending

What the Pentagon’s New UFO Report Reveals About Humankind

WIRED Threat Level

The document says less about the search for life in the universe, and more about our current cultural climate and distrust of expertise. Science Security Science / Space

New LinkedIn breach exposes data of 700 Million users

Security Affairs

A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users.

Sales 113

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

Troy Hunt

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP).

IT 113

Biden Warns Putin of Cyber Retaliation

Data Breach Today

Wants 16 Critical Infrastructure Entities Off-Limits to Attack At their Geneva summit meeting Wednesday, U.S. President Joe Biden told Russian President Vladimir Putin that if Russia continued to wage cyberattacks against the U.S., it would face retaliation

IT 283

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

Microsoft has blunted the ongoing activities of the Nobelium hacking collective, giving us yet another glimpse of the unceasing barrage of hack attempts business networks must withstand on a daily basis. Related: Reaction to Biden ‘s cybersecurity executive order. Nobelium is the Russian hacking collective best known for pulling off the milestone SolarWinds supply chain hack last December.

Vulnerabilities in Weapons Systems

Schneier on Security

“If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” ” That was Bruce’s response at a conference hosted by U.S.

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability.

Discover the 10 Rules for Managing PostgreSQL

PostgreSQL is one of the most successful open source projects in existence. But each year it becomes harder and harder to get familiarized with the PostgreSQL ecosystem and its new features. Learn 10 rules that will help you perfect your PostgreSQL installation.

Welcoming the Finnish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains.

White House Urges Businesses: Improve Ransomware Defenses

Data Breach Today

Biden Orders Federal Ransomware Task Force to Coordinate Federal Investigations The White House has written to business leaders, urging them to prioritize having robust ransomware defenses in place.

How Does One Get Hired by a Top Cybercrime Gang?

Krebs on Security

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware.

MY TAKE: Massive data breaches persist as agile software development fosters full-stack hacks

The Last Watchdog

Data leaks and data theft are part and parcel of digital commerce, even more so in the era of agile software development. Related: GraphQL APIs stir new exposures. Many of the high-profile breaches making headlines today are the by-product of hackers pounding away at Application Programming Interfaces (APIs) until they find a crease that gets them into the pathways of the data flowing between an individual user and myriad cloud-based resources.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

John McAfee Dies in Spanish Prison After Extradition Order

WIRED Threat Level

The antivirus pioneer and alleged cryptocurrency scammer was 75 years old. Security Security / Security News

Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOS

Security Affairs

Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS.

Weekly Update 246

Troy Hunt

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us.

NATO Endorses Cybersecurity Defense Policy

Data Breach Today

Agreement Comes in Advance of Biden Meeting With Putin on Wednesday The U.S. and its NATO allies endorsed a new cybersecurity defense policy during President Biden's visit this week with member states in Brussels.

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

Access 219

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

The challenge of embracing digital transformation while also quelling the accompanying cyber risks has never been greater for small- and mid-sized businesses. Related: How ‘PAM’ improves authentication. SMBs today face a daunting balancing act. To boost productivity, they must leverage cloud infrastructure and participate in agile software development. But this also opens up a sprawling array of fresh security gaps that threat actors are proactively probing and exploiting.

Hackers Are Erasing Western Digital Hard Drives Remotely

WIRED Threat Level

Amazon acquires Wickr, the Senate holds up CISA, and more of the week’s top security news. Security Security / Security News

Google Patches Chrome zero-day actively exploited

Security Affairs

Google this week addressed 14 vulnerabilities in the Chrome browser, including a zero-day flaw that has been exploited in the wild. Google released security updates to address 14 vulnerabilities in the Chrome browser, including a zero-day issue that has been exploited in the wild.

Access 113

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

TikTok Can Now Collect Biometric Data

Schneier on Security

This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content.

Profiles in Leadership: Mario Demarillas of Exceture

Data Breach Today

CISO Discusses Changing Security Culture in Organizations Mario Demarillas, CISO and head of IT consulting and software engineering at Exceture, in the Philippines, strikes a balance between securing his organization and its business offering in security

How Cyber Sleuths Cracked an ATM Shimmer Gang

Krebs on Security

In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions.