May, 2021

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast.

US and UK Issue Joint Alert on Russian Cyber Activity

Data Breach Today

SVR's TTPs and General Tradecraft Detailed U.S. and U.K.

212
212
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Critical Infrastructure Protection: Physical and Cyber Security Both Matter

eSecurity Planet

Oil and gas companies have two key areas of concern when addressing cybersecurity, especially in their unmanned remote facilities.

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

The Last Watchdog

A greater good has come from Capital One’s public pillaging over losing credit application records for 100 million bank customers. Related: How credential stuffing fuels account takeovers.

Cloud 176

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Pwned Passwords, Open Source in the.NET Foundation and Working with the FBI

Troy Hunt

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field.

More Trending

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns.

IT 285

Colonial Pipeline Starts Recovery from Ransomware

Data Breach Today

Report: DarkSide Ransomware Gang Infected Fuel Supplier Colonial Pipeline Company has restored smaller pipelines that ship fuels to the U.S. East Coast after a ransomware incident, but its larger ones are still offline as it assesses safety. Citing U.S.

85% of Data Breaches Involve Human Interaction: Verizon DBIR

Dark Reading

Ransomware, phishing, and Web application attacks all increased during a year in which the majority of attacks involved a human element

ROUNDTABLE: Experts react to President Biden’s exec order in the aftermath of Colonial Pipeline hack

The Last Watchdog

As wake up calls go, the Colonial Pipeline ransomware hack was piercing. Related: DHS embarks on 60-day cybersecurity sprints. The attackers shut down the largest fuel pipeline in the U.S., compelling Colonial to pay them 75 bitcoins , worth a cool $5 million.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Welcoming the Swedish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden.

The Bizarro Streaming Site That Hackers Built From Scratch

WIRED Threat Level

BravoMovies isn't real. But it puts in a remarkable amount of effort to convince you that it is. Security Security / Cyberattacks and Hacks

IT 110

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills.

Colonial Pipeline CEO Confirms $4.4 Million Ransom Payment

Data Breach Today

It Was the Right Thing to Do for the Country' Colonial Pipeline Co.'s s CEO, Joseph Blount, said Wednesday that he authorized the payment of a $4.4

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

When AI Becomes the Hacker

Dark Reading

Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

The Last Watchdog

By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be. Related: DHS launches 60-day cybersecurity sprints.

Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

Security Affairs

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites.

Access 114

Ransomware Is Getting Ugly

Schneier on Security

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet.

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents.

Introducing MITRE ATT&CK Defender

Data Breach Today

Rick Gordon of MITRE Engenuity Details New Training, Certification A recent study showed that even though 82% of cybersecurity professionals are familiar with the MITRE ATT&CK framework, only 8% said they used it regularly.

Cloud Security Blind Spots: Where They Are and How to Protect Them

Dark Reading

Security experts discuss oft-neglected areas of cloud security and offer guidance to businesses working to strengthen their security posture

Cloud 112

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

Encryption agility is going to be essential as we move forward with digital transformation. Refer: The vital role of basic research. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. But cryptography historically has been anything but agile; major advances require years, if not decades, of inspired theoretical research.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

PowerShell Is Source of More Than a Third of Critical Security Threats

eSecurity Planet

PowerShell was the source of more than a third of critical threats detected on endpoints in the second half of 2020, according to a Cisco research study released at the RSA Conference today.

Adding a Russian Keyboard to Protect against Ransomware

Schneier on Security

A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed.

Try This One Weird Trick Russian Hackers Hate

Krebs on Security

FBI: DarkSide Ransomware Used in Colonial Pipeline Attack

Data Breach Today

Company Moves Into Remediation Phase; White House Monitoring Incident The FBI and White House confirmed Monday that the DarkSide ransomware variant was used in the Friday attack that caused disruptions at Colonial Pipeline Co., which operates a pipeline that supplies fuel throughout the eastern U.S.

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Colonial Pipeline Cyberattack: What Security Pros Need to Know

Dark Reading

As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers

RSAC insights: Security Compass leverages automation to weave security deeper into SecOps

The Last Watchdog

In a day and age when the prime directive for many organizations is to seek digital agility above all else, cool new apps get conceived, assembled and deployed at breakneck speed. Related: DHS instigates 60-day cybersecurity sprints. Software developers are king of the hill; they are the deeply-committed disciples pursuing wide open, highly dynamic creative processes set forth in the gospels of DevOps and CI/CD.

The Colonial Pipeline Hack Is a New Extreme for Ransomware

WIRED Threat Level

An attack has crippled the company’s operations—and cut off a large portion of the East Coast’s fuel supply—in an ominous development for critical infrastructure. Security Security / Cyberattacks and Hacks