March, 2022

Reports: Russian IPs Scanning US Energy Firms, Others

Data Breach Today

Bulletin Reportedly Issued Just Days Before Biden Warned of Cyber Activity Just days before U.S. President Joe Biden warned that intelligence is pointing toward potential Russian cyberattacks against the U.S.,

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

Researchers are tracking a number of open-source “ protestware ” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Few consumers read privacy policies — tools can now do this for them

The Last Watchdog

When was the last time you read an online privacy policy in its entirety? Perhaps, never? Yet our world has moved online. We have on average 67 applications on our mobile phones, seven social media accounts and more than 120 online accounts. But these accounts are not all about networking and games. Related: What happened to privacy in 2021. COVID crisis has forced us to work remotely. Our children now take classes online.

6 Reasons Not to Pay Ransomware Attackers

Dark Reading

Paying a ransom might appear to be the best option, but it comes with its own costs

The Top 5 Business Outcomes Companies Can Achieve From Monitoring Consolidation

In this eBook, learn what the top five business outcomes are that organizations see when leveraging Datadog's end-to-end monitoring tool.

Conti Leaks Reveal the Ransomware Group's Links to Russia

WIRED Threat Level

Members of the Conti ransomware group may act in Russia’s interest, but their links to the FSB and Cozy Bear hackers appear ad hoc. Security Security / Cyberattacks and Hacks

More Trending

Free Cybersecurity Tools Offered to Hospitals and Utilities

Data Breach Today

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia.

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration. Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software.

Mobile App Developers Leave Behind 2,100 Open Databases

Dark Reading

A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period

114
114

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Defensible Disposition Program: Article One—Let’s get down to Basics

ARMA International

For as long as there has been communication and work, there has been a means of documenting and tracking it. Sales receipts, pay stubs, tax documents, letters, memoranda, and beyond all have value at one time or another.

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Original post at [link].

Ukraine's 'IT Army' Call-Up: Don't Try This at Home

Data Breach Today

Despite Russian Aggression, Distributed Denial-of-Service Attacks Remain Illegal With Ukraine having called on the world to join its "IT Army" and help it hack Russia and ally Belarus, what could possibly go wrong?

IT 270

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

GUEST ESSAY: Marshaling automated cybersecurity tools to defend automated attacks

The Last Watchdog

Cybersecurity tools evolve towards leveraging machine learning (ML) and artificial intelligence (AI) at ever deeper levels, and that’s of course a good thing. However, we often see results that feel cookie cutter and counter-productive, raising the question: can AI really do as good of a job as a human? Related: Business logic hacks plague websites. The larger question: Can cybersecurity be truly automated? The answer is yes, but perhaps not exactly in the ways the industry currently envisions.

Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks

Dark Reading

The maintainer of a widely used npm module served up an unwelcome surprise for developers

Risk 114

Hackers Find a New Way to Deliver Devastating DDoS Attacks

WIRED Threat Level

Cybercriminals are exploiting a fleet of more than 100,000 misconfigured servers to knock websites offline. Security Security / Cyberattacks and Hacks

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Security Affairs

Anonymous and its affiliates continue to target Russia and Belarus, it is also targeting the Russian disinformation machine.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Sanctions Halt Rewards for Bug Hunters in Belarus, Russia

Data Breach Today

Researcher in Belarus Says Bug Bounty Through HackerOne Is Sole Income Sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers signed up with bug bounty platforms, which can no longer legally make payments.

A Closer Look at the LAPSUS$ Data Extortion Group

Krebs on Security

Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$ , a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid.

GUEST ESSAY: The case for acknowledging — and bridging — the security gap between IT vs OT

The Last Watchdog

My many years working with companies dealing with significant disruptions in the cybersecurity space has taught me a lot. The more I learn, the more I understand the inherent vulnerabilities facing organizations across the world. Related: Biden cybersecurity order makes an impact. The convergence of information technology (IT) and operational technology (OT) is a double-edged sword for critical infrastructure sectors – despite all its benefits, IT/OT convergence is not without its risks.

More Than 70% of SOC Analysts Experiencing Burnout

Dark Reading

Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Hacking Alexa through Alexa’s Speech

Schneier on Security

An Alexa can respond to voice commands it issues. This can be exploited : The attack works by using the device’s speaker to issue voice commands.

A Developer Altered Open Source Software to Wipe Files in Russia

WIRED Threat Level

The author of a popular application pushed out an update containing malicious code in an effort to sabotage computers in the country. Security Security / Security News

US Indicts Russian Behind Popular Carding Marketplace

Data Breach Today

FBI Puts Russian Carder on the Most Wanted List of Cybercriminals The U.S. Department of Justice has indicted a 23-year-old Russian national for operating a cybercriminal marketplace that sold thousands of stolen login credentials, PII and authentication tools, according to U.S.

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

GUEST ESSAY: The case for leveraging hardware to shore up security — via a co-processor

The Last Watchdog

Cybersecurity has never felt more porous. You are no doubt aware of the grim statistics: •The average cost of a data breach rose year-over-year from $3.86 million to $4.24 million in 2021, according to IBM. The majority of cyberattacks result in damages of $500,000 or more, Cisco says. •A A sobering analysis by Cybersecurity Ventures forecasts that the global cost of ransomware attacks will reach $265 billion in 2031. • The FBI reports that 3,000-4,000 cyberattacks are counted each day.

Cyberattacks in Ukraine Soon Could Spill Over to Other Countries

Dark Reading

Email-borne attacks out of Russia have already targeted at least a few US and European organizations

114
114

Anonymous continues to support Ukraine against the Russia

Security Affairs

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations.