March, 2021

CISA Releases CHIRP, a Tool to Detect SolarWinds Malicious Activity

Security Affairs

US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments.

Cloud 113

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Microsoft's Dream of Decentralized IDs Enters the Real World

WIRED Threat Level

The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service. Security Security / Privacy

IT 113

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

On Jan. 11, Ubiquiti Inc. NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

Cloud 286

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Ryuk Ransomware Updated With 'Worm-Like Capabilities'

Data Breach Today

Prolific Ransomware Can 'Spread Automatically' Inside Networks, CERT-FR Warns Prolific Ryuk ransomware has a new trick up its sleeve. "A

More Trending

Manufacturing Firms Learn Cybersecurity the Hard Way

Dark Reading

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Troy Hunt

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened.

Mining 113

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom.

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Why Does EternalBlue-Targeting WannaCry Remain at Large?

Data Breach Today

The Most Widely Successful Wormable Malware Becomes Almost a Permanent Hangover' Nearly four years after the WannaCry ransomware hit the world, targeting the EternalBlue vulnerability in Microsoft SMB version 1, security firms say the malware continues to be a top threat detected in the wild by endpoint security products.

MY TAKE: Apple users show strong support for Tim Cook’s privacy war against Mark Zuckerberger

The Last Watchdog

Like a couple of WWE arch rivals, Apple’s Tim Cook and Facebook’s Mark Zuckerberg have squared off against each other in a donnybrook over consumer privacy. Cook initially body slammed Zuckerberg — when Apple issued new privacy policies aimed at giving U.S. consumers a smidgen more control over their personal data while online. Related: Raising kids who care about their privacy.

Illegal Content and the Blockchain

Schneier on Security

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless.

How to Tell Which Emails Quietly Track You

WIRED Threat Level

Your emails know more about you than you might think, like when you open them or when you forward them to others. But you can reclaim your privacy. Security Security / Security Advice Security / Privacy

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

OVH data centers suffered a fire, many popular sites are offline

Security Affairs

OVH, the largest hosting provider in Europe, has suffered a terrible fire that destroyed the data centers located in Strasbourg. OVH, one of the largest hosting providers in the world, has suffered a terrible fire that destroyed its data centers located in Strasbourg.

Access 114

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked.

Beer-Brewer Molson Coors Reports On-Going Cyber Incident

Data Breach Today

Multiple Systems Impacted, Including Production and Shipping Capabilities The Molson Coors Beverage Company reported Thursday it is in the process of countering a cybersecurity incident that has caused system outages throughout the brewer's manufacturing process.

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

The Last Watchdog

Basic research, also called pure research, is aimed at advancing scientific theories unfettered by commercial interests. Related: The case for infusing ethics into Artifical Intelligence. Basic research is the foundational theorizing and testing scientists pursue in order to advance their understanding of a phenomenon in the natural world, and, increasingly, in the digital realm.

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

National Security Risks of Late-Stage Capitalism

Schneier on Security

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds.

Risk 114

Netflix's Password-Sharing Crackdown Has a Silver Lining

WIRED Threat Level

The streaming service is making account owners enter two-factor codes in a limited test. That's … actually not so bad. Security Security / Security News

The fire in the OVH datacenter also impacted APTs and cybercrime groups

Security Affairs

The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs.

Risk 113

A Basic Timeline of the Exchange Mass-Hack

Krebs on Security

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion.

IT 275

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

Ransomware Attack's Economic Impact: $67 Million

Data Breach Today

Universal Health Services' Financial Statement Spells Out the Effects In an eye-opening look at the cost burden of a ransomware attack, Universal Health Services reports that an incident last September had a $67 million economic impact - citing, for example, the need to divert patients to competing facilities for urgent care.

GUEST ESSAY: Remote workforce exposures exacerbate cybersecurity challenges in 2021

The Last Watchdog

The start of 2021 brings forth a cyber security crossroads. Many people are in the process of shifting back into office operations while balancing the potential risks and benefits of remote work. Related: Breaches spike during pandemic. For some malicious hackers and IT experts, this could represent an opening.

New Malware Hidden in Apple IDE Targets macOS Developers

Dark Reading

XcodeSpy is latest example of growing attacks on software supply chain

113
113

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

WIRED Threat Level

A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught. Security Security / Cyberattacks and Hacks

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Experts found three new 15-year-old bugs in a Linux kernel module

Security Affairs

Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems.

Risk 113

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else.

Accellion Attack Involved Extensive Reverse Engineering

Data Breach Today

Sophisticated Attackers Took the Time to Master a 20-Year-Old Product, FireEye Says Using a nearly 20-year-old file-transfer product: What could go wrong?

239
239