March, 2022

Reports: Russian IPs Scanning US Energy Firms, Others

Data Breach Today

Bulletin Reportedly Issued Just Days Before Biden Warned of Cyber Activity Just days before U.S. President Joe Biden warned that intelligence is pointing toward potential Russian cyberattacks against the U.S.,

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

Researchers are tracking a number of open-source “ protestware ” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Few consumers read privacy policies — tools can now do this for them

The Last Watchdog

When was the last time you read an online privacy policy in its entirety? Perhaps, never? Yet our world has moved online. We have on average 67 applications on our mobile phones, seven social media accounts and more than 120 online accounts. But these accounts are not all about networking and games. Related: What happened to privacy in 2021. COVID crisis has forced us to work remotely. Our children now take classes online.

Conti Leaks Reveal the Ransomware Group's Links to Russia

WIRED Threat Level

Members of the Conti ransomware group may act in Russia’s interest, but their links to the FSB and Cozy Bear hackers appear ad hoc. Security Security / Cyberattacks and Hacks

Cyber Security, Change Management and Enterprise Risk Management: Scaling Operations for Growth

Speaker: William Hord, Vice President of Risk Management and Compliance

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

6 Reasons Not to Pay Ransomware Attackers

Dark Reading

Paying a ransom might appear to be the best option, but it comes with its own costs

More Trending

Free Cybersecurity Tools Offered to Hospitals and Utilities

Data Breach Today

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia.

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration. Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software.

Welcoming the Bulgarian Government to Have I Been Pwned

Troy Hunt

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Mobile App Developers Leave Behind 2,100 Open Databases

Dark Reading

A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period

114
114

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Security Affairs

Anonymous and its affiliates continue to target Russia and Belarus, it is also targeting the Russian disinformation machine.

Ukraine's 'IT Army' Call-Up: Don't Try This at Home

Data Breach Today

Despite Russian Aggression, Distributed Denial-of-Service Attacks Remain Illegal With Ukraine having called on the world to join its "IT Army" and help it hack Russia and ally Belarus, what could possibly go wrong?

IT 257

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

GUEST ESSAY: The case for acknowledging — and bridging — the security gap between IT vs OT

The Last Watchdog

My many years working with companies dealing with significant disruptions in the cybersecurity space has taught me a lot. The more I learn, the more I understand the inherent vulnerabilities facing organizations across the world. Related: Biden cybersecurity order makes an impact. The convergence of information technology (IT) and operational technology (OT) is a double-edged sword for critical infrastructure sectors – despite all its benefits, IT/OT convergence is not without its risks.

A Developer Altered Open Source Software to Wipe Files in Russia

WIRED Threat Level

The author of a popular application pushed out an update containing malicious code in an effort to sabotage computers in the country. Security Security / Security News

Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks

Dark Reading

The maintainer of a widely used npm module served up an unwelcome surprise for developers

Risk 114

CISA added 98 domains to the joint alert related to Conti ransomware gang

Security Affairs

The U.S. CISA has updated the alert on Conti ransomware and added 98 domain names used by the criminal gang. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware operations, the agency added 100 domain names used by the group.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Partnership Health Plan of California IT Systems Still Down

Data Breach Today

Nonprofit Managed Care Provider Allegedly Hit by Hive Ransomware An apparent ransomware attack and alleged data theft by the Hive cybercriminal group has left Partnership HealthPlan of California struggling to recover its IT services for more than a week.

A Closer Look at the LAPSUS$ Data Extortion Group

Krebs on Security

Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$ , a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid.

GUEST ESSAY: Marshaling automated cybersecurity tools to defend automated attacks

The Last Watchdog

Cybersecurity tools evolve towards leveraging machine learning (ML) and artificial intelligence (AI) at ever deeper levels, and that’s of course a good thing. However, we often see results that feel cookie cutter and counter-productive, raising the question: can AI really do as good of a job as a human? Related: Business logic hacks plague websites. The larger question: Can cybersecurity be truly automated? The answer is yes, but perhaps not exactly in the ways the industry currently envisions.

Hacking Alexa through Alexa’s Speech

Schneier on Security

An Alexa can respond to voice commands it issues. This can be exploited : The attack works by using the device’s speaker to issue voice commands.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

More Than 70% of SOC Analysts Experiencing Burnout

Dark Reading

Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows

CVE-2022-0778 DoS flaw in OpenSSL was fixed

Security Affairs

OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing.

US Indicts Russian Behind Popular Carding Marketplace

Data Breach Today

FBI Puts Russian Carder on the Most Wanted List of Cybercriminals The U.S. Department of Justice has indicted a 23-year-old Russian national for operating a cybercriminal marketplace that sold thousands of stolen login credentials, PII and authentication tools, according to U.S.

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

GUEST ESSAY: The case for leveraging hardware to shore up security — via a co-processor

The Last Watchdog

Cybersecurity has never felt more porous. You are no doubt aware of the grim statistics: •The average cost of a data breach rose year-over-year from $3.86 million to $4.24 million in 2021, according to IBM. The majority of cyberattacks result in damages of $500,000 or more, Cisco says. •A A sobering analysis by Cybersecurity Ventures forecasts that the global cost of ransomware attacks will reach $265 billion in 2031. • The FBI reports that 3,000-4,000 cyberattacks are counted each day.

Linux Improves Its Random Number Generator

Schneier on Security

In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement. Uncategorized Linux random numbers

Cyberattacks in Ukraine Soon Could Spill Over to Other Countries

Dark Reading

Email-borne attacks out of Russia have already targeted at least a few US and European organizations

114
114