March, 2021

CISA Releases CHIRP, a Tool to Detect SolarWinds Malicious Activity

Security Affairs

US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments.

Cloud 112

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Microsoft's Dream of Decentralized IDs Enters the Real World

WIRED Threat Level

The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service. Security Security / Privacy

IT 110

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

On Jan. 11, Ubiquiti Inc. NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

Cloud 285

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Researchers Disclose More Malware Used in SolarWinds Hack

Data Breach Today

Microsoft, FireEye Find Additional Payloads Used During Supply Chain Attack Researchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds in December.

248
248

More Trending

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom.

Illegal Content and the Blockchain

Schneier on Security

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless.

Netflix's Password-Sharing Crackdown Has a Silver Lining

WIRED Threat Level

The streaming service is making account owners enter two-factor codes in a limited test. That's … actually not so bad. Security Security / Security News

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Ryuk Ransomware Updated With 'Worm-Like Capabilities'

Data Breach Today

Prolific Ransomware Can 'Spread Automatically' Inside Networks, CERT-FR Warns Prolific Ryuk ransomware has a new trick up its sleeve. "A

MY TAKE: Apple users show strong support for Tim Cook’s privacy war against Mark Zuckerberger

The Last Watchdog

Like a couple of WWE arch rivals, Apple’s Tim Cook and Facebook’s Mark Zuckerberg have squared off against each other in a donnybrook over consumer privacy. Cook initially body slammed Zuckerberg — when Apple issued new privacy policies aimed at giving U.S. consumers a smidgen more control over their personal data while online. Related: Raising kids who care about their privacy.

OVH data centers suffered a fire, many popular sites are offline

Security Affairs

OVH, the largest hosting provider in Europe, has suffered a terrible fire that destroyed the data centers located in Strasbourg. OVH, one of the largest hosting providers in the world, has suffered a terrible fire that destroyed its data centers located in Strasbourg.

Access 113

Manufacturing Firms Learn Cybersecurity the Hard Way

Dark Reading

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

A Bird-Feed Seller Beat a Chess Master. Then It Got Ugly

WIRED Threat Level

Twitch and YouTube chess star Levy Rozman has faced over a week of sustained harassment after calling out an alleged cheater. Security Security / Security News

IT 113

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked.

Acer Reportedly Targeted by Ransomware Gang

Data Breach Today

PC and Device Maker Appears to Have Been Targeted by REvil Acer, one of the world's largest PC and device makers, has reportedly been targeted by the ransomware gang REvil, aka Sodinokibi, according to multiple published reports.

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

The Last Watchdog

Basic research, also called pure research, is aimed at advancing scientific theories unfettered by commercial interests. Related: The case for infusing ethics into Artifical Intelligence. Basic research is the foundational theorizing and testing scientists pursue in order to advance their understanding of a phenomenon in the natural world, and, increasingly, in the digital realm.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

The fire in the OVH datacenter also impacted APTs and cybercrime groups

Security Affairs

The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs.

Risk 112

National Security Risks of Late-Stage Capitalism

Schneier on Security

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds.

Risk 114

How to Tell Which Emails Quietly Track You

WIRED Threat Level

Your emails know more about you than you might think, like when you open them or when you forward them to others. But you can reclaim your privacy. Security Security / Security Advice Security / Privacy

A Basic Timeline of the Exchange Mass-Hack

Krebs on Security

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion.

IT 256

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Beer-Brewer Molson Coors Reports On-Going Cyber Incident

Data Breach Today

Multiple Systems Impacted, Including Production and Shipping Capabilities The Molson Coors Beverage Company reported Thursday it is in the process of countering a cybersecurity incident that has caused system outages throughout the brewer's manufacturing process.

GUEST ESSAY: Remote workforce exposures exacerbate cybersecurity challenges in 2021

The Last Watchdog

The start of 2021 brings forth a cyber security crossroads. Many people are in the process of shifting back into office operations while balancing the potential risks and benefits of remote work. Related: Breaches spike during pandemic. For some malicious hackers and IT experts, this could represent an opening.

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws

Security Affairs

After the disclosure of Microsoft Exchange zero-days, MS Exchange Server team has released a script to determine if an install is vulnerable.

CISA Builds Out Defensive Tools for Security Teams

Dark Reading

Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox

IT 107

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

WIRED Threat Level

A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught. Security Security / Cyberattacks and Hacks

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else.

Why Does EternalBlue-Targeting WannaCry Remain at Large?

Data Breach Today

The Most Widely Successful Wormable Malware Becomes Almost a Permanent Hangover' Nearly four years after the WannaCry ransomware hit the world, targeting the EternalBlue vulnerability in Microsoft SMB version 1, security firms say the malware continues to be a top threat detected in the wild by endpoint security products.