May, 2021

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast.

US and UK Issue Joint Alert on Russian Cyber Activity

Data Breach Today

SVR's TTPs and General Tradecraft Detailed U.S. and U.K.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Critical Infrastructure Protection: Physical and Cyber Security Both Matter

eSecurity Planet

Oil and gas companies have two key areas of concern when addressing cybersecurity, especially in their unmanned remote facilities.

GUEST ESSAY: 3 sure steps to replace legacy network security systems — in a measured way

The Last Watchdog

Keeping up with the pace of technology, information, and the evolving threat landscape is a challenge for all enterprises. Related: DHS launches 60-day cybersecurity sprints. To make matters more difficult, implementing new security software and processes to address these issues is another big hurdle, often causing disruption—and not the good kind.

Cloud 163

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

The Full Story of the Stunning RSA Hack Can Finally Be Told

WIRED Threat Level

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened. Backchannel Security Security / Cyberattacks and Hacks

More Trending

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills.

Iran Devises Way to Convert Oil to Bitcoin

Data Breach Today

CVE-2020-15782 flaw in Siemens PLCs allows remote hack

Security Affairs

Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated attacker to hack the devices.

Access 113

Last Watchdog podcast: Unwrapping ‘resilience’ guidance discussed at RSA Conference 2021

The Last Watchdog

Resilience was the theme of RSA Conference 2021 which took place virtually last week. Related: Web attacks spike 62 percent in 2020. I’ve been covering this cybersecurity gathering since 2004 and each year cybersecurity materially advances. By the same token, the difficulties of defending modern IT systems has redoubled as organizations try to balance security and productivity. The outside pressures are indeed as daunting as ever.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

The Colonial Pipeline Hack Is a New Extreme for Ransomware

WIRED Threat Level

An attack has crippled the company’s operations—and cut off a large portion of the East Coast’s fuel supply—in an ominous development for critical infrastructure. Security Security / Cyberattacks and Hacks

Cyber Insurance Firms Start Tapping Out as Ransomware Continues to Rise

Dark Reading

A global insurance carrier refuses to write new ransomware policies in France, while insurers rewrite policies. Are we heading toward a day when ransomware incidents become uninsurable

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns.

SolarWinds Attackers Return With Fresh Phishing Campaign

Data Breach Today

Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft. This new campaign compromised a marketing firm used by the U.S.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

Security Affairs

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites.

Access 113

RSAC insights: How the ‘CIEM’ framework is helping companies manage permissions glut

The Last Watchdog

A permissions glut is giving rise to an explosion of new exposures in modern business networks. Related: Securing digital identities. Companies are adopting multi-cloud and hybrid cloud infrastructures and relying on wide-open app development like never before. In doing so, permissions to make myriad software connections are proliferating. Taken together these man-to-machine and machine-to-machine connections result in cool new digital services.

Cloud 157

Ransomware’s Dangerous New Trick: Double-Encrypting Your Data

WIRED Threat Level

Even when you pay for a decryption key, your files may still be locked up by another strain of malware. Security Security / Security News

A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm

Dark Reading

Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Try This One Weird Trick Russian Hackers Hate

Krebs on Security

Malspam Campaign Uses Hancitor to Download Cuba Ransomware

Data Breach Today

Attackers have Co-Opted Malware For Data Exfiltration and Ransom, Group-IB Finds Attackers have co-opted the Hancitor malware downloader and recently used it to deliver Cuba ransomware as part of an email spam campaign for data exfiltration and ransom extortion, a new report by security firm Group-IB finds.

M1RACLES, the unpatchable bug that impacts new Apple M1 chips

Security Affairs

A security expert has discovered a vulnerability in Apple M1 chips, dubbed M1RACLES, that cannot be fixed. Software engineer Hector Martin from Asahi Linux has discovered a vulnerability in the new Apple M1 chips, tracked as CVE-2021-30747, that was named M1RACLES.

Access 112

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

The Last Watchdog

A greater good has come from Capital One’s public pillaging over losing credit application records for 100 million bank customers. Related: How credential stuffing fuels account takeovers.

Cloud 142

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Then a Hacker Began Posting Patients’ Deepest Secrets Online

WIRED Threat Level

A family-run psychotherapy startup grew into a health care giant. It was a huge success—until the data breach and the anonymous ransom notes sent to clients. Backchannel Security Security / Cyberattacks and Hacks

Colonial Pipeline, Darkside and Models

Adam Shostack

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it. I did want to talk about one small aspect, which is the way responders talk about Darkside. Blog posts from Sophos and Mandiant seem really useful!

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents.

Buer Dropper Malware Updated Using Rust

Data Breach Today

Proofpoint: New Code Makes 'RustyBuer' Version Harder to Detect Attackers are using a freshly updated variant of the Buer first-stage malware loader rewritten in the Rust programming language to help evade detection, Proofpoint reports

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

A malware attack hit the Alaska Health Department

Security Affairs

The Alaska health department website was forced offline by a malware attack, officials are investigating the incident. The website of the Alaska health department was forced offline this week by a malware attack.

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

The Last Watchdog

By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be. Related: DHS launches 60-day cybersecurity sprints.

A Wrench and a Screwdriver: Critical Infrastructure's Last, Best Lines of Defense?

Dark Reading

Critical infrastructure's cybersecurity problems are complex, deep-rooted, and daunting. Addressing them won't be easy.but it isn't impossible