March, 2021

CISA Releases CHIRP, a Tool to Detect SolarWinds Malicious Activity

Security Affairs

US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments.

Cloud 112

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Microsoft's Dream of Decentralized IDs Enters the Real World

WIRED Threat Level

The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service. Security Security / Privacy

IT 114

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

On Jan. 11, Ubiquiti Inc. NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

The Top 5 Business Outcomes Companies Can Achieve From Monitoring Consolidation

In this eBook, learn what the top five business outcomes are that organizations see when leveraging Datadog's end-to-end monitoring tool.

Over 400 Cyberattacks at US Public Schools in 2020

Data Breach Today

Experts Say Increase Owes to Lack of Funding, Virtual Learning U.S. public schools faced a record number of cyber incidents in 2020, with over 400 attacks reported.

More Trending

Manufacturing Firms Learn Cybersecurity the Hard Way

Dark Reading

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives.

Facebook's ‘Red Team X’ Hunts Bugs Outside the Social Network

WIRED Threat Level

The internal hacking team has spent the last year looking for vulnerabilities in the products the company uses, which could in turn make the whole internet safer. Security Security / Security News

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Check Point: 50,000 Attempted Ransomware Attacks Target Exchange

Data Breach Today

New Research Report Tracks Latest Global Trends Check Point Research says it has spotted more than 50,000 ransomware attack attempts worldwide so far against unpatched on-premises Microsoft Exchange email servers

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

Technology advancements have made it relatively easy for many employees to carry out their regular job duties from the comfort of their home. Related: Poll confirms rise of Covid 19-related hacks. This is something companies are under pressure to allow to help minimize the spread of Covid 19. The main problem for remote workers is the threat to online security. Remote workers face having both their personal and work-related information compromised.

Risk 168

CISA Builds Out Defensive Tools for Security Teams

Dark Reading

Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox

IT 114

Experts found three new 15-year-old bugs in a Linux kernel module

Security Affairs

Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems.

Risk 113

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Netflix's Password-Sharing Crackdown Has a Silver Lining

WIRED Threat Level

The streaming service is making account owners enter two-factor codes in a limited test. That's … actually not so bad. Security Security / Security News

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked.

Indian Vaccine Makers, Oxford Lab Reportedly Hacked

Data Breach Today

Incidents Spotlight Growing COVID-19-Related Cyberthreats Two Indian vaccine makers and an Oxford University lab are reportedly among the latest targets of hackers apparently seeking to steal COVID-19 research data

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

The Last Watchdog

Basic research, also called pure research, is aimed at advancing scientific theories unfettered by commercial interests. Related: The case for infusing ethics into Artifical Intelligence. Basic research is the foundational theorizing and testing scientists pursue in order to advance their understanding of a phenomenon in the natural world, and, increasingly, in the digital realm.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Sierra Wireless Website Still Down After Ransomware Attack

Dark Reading

The company believes the attack's impact is limited to its internal IT systems and corporate websites

Hackers breached four prominent underground cybercrime forums

Security Affairs

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums.

A Bird-Feed Seller Beat a Chess Master. Then It Got Ugly

WIRED Threat Level

Twitch and YouTube chess star Levy Rozman has faced over a week of sustained harassment after calling out an alleged cheater. Security Security / Security News

IT 114

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else.

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Rockwell Controllers Vulnerable

Data Breach Today

Flaw Could Enable Access to Secret Encryption Key A critical authentication bypass vulnerability could enable hackers to remotely compromise programmable logic controllers made by industrial automation giant Rockwell Automation, according to the cybersecurity company Claroty.

MY TAKE: Apple users show strong support for Tim Cook’s privacy war against Mark Zuckerberger

The Last Watchdog

Like a couple of WWE arch rivals, Apple’s Tim Cook and Facebook’s Mark Zuckerberg have squared off against each other in a donnybrook over consumer privacy. Cook initially body slammed Zuckerberg — when Apple issued new privacy policies aimed at giving U.S. consumers a smidgen more control over their personal data while online. Related: Raising kids who care about their privacy.

Acer Reportedly Hit With $50M Ransomware Attack

Dark Reading

Reports say a ransomware gang has given Acer until March 28 to pay, or it will double the ransom amount

Managed Services provider CompuCom by Darkside ransomware

Security Affairs

US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its operations, experts believe it was a ransomware attack. US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its services and some of its operations.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

How to Tell Which Emails Quietly Track You

WIRED Threat Level

Your emails know more about you than you might think, like when you open them or when you forward them to others. But you can reclaim your privacy. Security Security / Security Advice Security / Privacy

A Basic Timeline of the Exchange Mass-Hack

Krebs on Security

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion.

Beer-Brewer Molson Coors Reports On-Going Cyber Incident

Data Breach Today

Multiple Systems Impacted, Including Production and Shipping Capabilities The Molson Coors Beverage Company reported Thursday it is in the process of countering a cybersecurity incident that has caused system outages throughout the brewer's manufacturing process.