February, 2022

7 Steps to Take Right Now to Prepare for Cyberattacks by Russia

Dark Reading

A lot of the recommended preparation involves measures organizations should have in place already

114
114

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Here are a few important issues that relate to the changes in today’s working environment. Reduce manual processes. Automation can help get rid of manual processes. Every company has a certain employee turnaround, and how they handle it can directly affect their bottom line.

Threat actors leverage Microsoft Teams to spread malware

Security Affairs

Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users , threat actors started using it as an attack vector.

Cyber Security, Change Management and Enterprise Risk Management: Scaling Operations for Growth

Speaker: William Hord, Vice President of Risk Management and Compliance

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

North Korea Hacked Him. So He Took Down Its Internet

WIRED Threat Level

Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands. Security Security / Cyberattacks and Hacks

IT 114

More Trending

Hidden Costs of a Data Breach

Dark Reading

Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security — even human life

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers.

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

The Last Watchdog

One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.

IoT 183

CISA compiled a list of free cybersecurity tools and services

Security Affairs

The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience. The U.S.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

The DOJ’s $3.6B Seizure Shows How Hard It Is to Launder Crypto

WIRED Threat Level

A couple allegedly used a “laundry list” of technical measures to cover their tracks. They didn’t work. Security Security / Security News

IT 109

A New Cybersecurity “Social Contract”

Schneier on Security

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age — one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations for each.

Could Biology Hold the Clue to Better Cybersecurity?

Dark Reading

Sophisticated malware attacks underscore the need for a more dynamic security framework, inspired by biological concepts

Russia Sanctions May Spark Escalating Cyber Conflict

Krebs on Security

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. In effect, my passwords are now “keys” — and I must authenticate across many accounts, multiple times per day, on a variety of device platforms.

Anonymous hit Russian Nuclear Institute and leak stolen data

Security Affairs

Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses.

Russia’s Sandworm Hackers Have Built a Botnet of Firewalls

WIRED Threat Level

Western intelligence services are raising alarms about Cyclops Blink, the latest tool at the notorious group’s disposal. Security Security / Cyberattacks and Hacks

If data is the new oil, ISO 20022 is the new gasoline

IBM Big Data Hub

The phrase ‘data is the new oil’ has been widely used in the last number of years, but in an unrefined state, it has limited use. ISO 20022 is refined and provides the necessary structure to efficiently drive multiple engines in a bank. Background on ISO 20022.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT

Dark Reading

Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks

Red Cross Hack Linked to Iranian Influence Operation?

Krebs on Security

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group.

GUEST ESSAY: Successful tactics threat actors leverage to probe, compromise vulnerable networks

The Last Watchdog

When new vulnerabilities re announced or flaws are discovered in public or “off the shelf” applications, several things happen. News spreads of the risks while attackers and security professionals alike begin searching for potential attack targets for the purpose of exploiting or protecting them. Related: How GraphQLs expanded the attack surface. When Log4Shell first hit the street, we immediately saw attacks against almost every one of our customers.

US and UK details a new Python backdoor used by MuddyWater APT group

Security Affairs

US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Bypassing Apple’s AirTag Security

Schneier on Security

A Berlin-based company has developed an AirTag clone that bypasses Apple’s anti-stalker security systems. Source code for these AirTag clones is available online. So now we have several problems with the system. Apple’s anti-stalker security only works with iPhones.

9 cyber security predictions for 2022

IT Governance

Everybody wants to know what the future holds. Those who are a step ahead of the rest can foresee challenges and avoid falling into pitfalls, or they can spot opportunities and ride to success. This is as true in the cyber security landscape as it is in any other. But predictions are difficult.

Top 5 Interview Questions to Ask DevOps Candidates in 2022

Dark Reading

It's worthwhile to find candidates who have experience with models that embed security into their processes

IRS To Ditch Biometric Requirement for Online Access

Krebs on Security

The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website.

Access 183

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

GUEST ESSAY: Can Apple’s pricey ‘Business Essentials’ truly help SMBs secure their endpoints?

The Last Watchdog

Today’s operating system battleground has long been defined by the warfare between the top three players—Microsoft’s Windows, Google’s Android, and Apple’s iOS. Related: Co ok vs. Zuckerberg on privacy. While each of them has its distinguishing features, Apple’s privacy and security are what makes it the typical enterprise’s pick.

MDM 144

Anonymous hacked the Russian Defense Ministry and is targeting Russian companies

Security Affairs

Anonymous collective has hacked the Russian Defense Ministry and leaked the data of its employees in response to the Ukraine invasion.

AI & ML Cybersecurity: The Latest Battleground for Attackers & Defenders

eSecurity Planet

Machine learning (ML) and artificial intelligence (AI) have emerged as critical tools for dealing with the ever-growing volume and complexity of cybersecurity threats. Machines can recognize patterns to detect malware and unusual activity better than humans and classic software.