September, 2022

Most Attackers Need Less Than 10 Hours to Find Weaknesses

Dark Reading

Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days

110
110

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FBI Warns Healthcare Sector of Surge in Payment Scams

Data Breach Today

Cybercriminals Using Social Engineering, Phishing to Divert Payments Cybercriminals are netting multimillion-dollar hauls by targeting healthcare industry payment processing, the FBI warns.

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

The Last Watchdog

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Another Ransomware For Linux Likely In Development

Security Affairs

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path.

More Trending

Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

Dark Reading

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign

Transacting in Person with Strangers from the Internet

Krebs on Security

Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill.

Sales 244

Harassment Site Kiwi Farms Breached

Data Breach Today

Assume Password, Email and IPs Leaked as an Attempt to Export User Database Made One of the internet's worst websites is down following a weekend hack that may have exposed the email, password and IP address of Kiwi Farms yses.

SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity

The Last Watchdog

The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

Google announced the completion of the acquisition of Mandiant for $5.4 billion

Security Affairs

Google completed the acquisition of the threat intelligence firm Mandiant, the IT giant will pay $5.4 billion. Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “ RESTON, Va.,

Cloud 112

How to Advocate for Data Privacy and Users' Rights

WIRED Threat Level

Want to speak up against Big Tech, unjust data collection, and surveillance? Here's how to be an activist in your community and beyond. Security Security / Privacy Security / Security Advice Gear / How To and Advice

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Dark Reading

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments

Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

Krebs on Security

A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot.

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Tesla Hack Could Allow Car Theft, Security Researchers Warn

Data Breach Today

Attack Requires 2 People, Customized Gear and Very Close Proximity to the Victim Security researchers revealed yet another method for stealing a Tesla although the brand is one of the least-stolen cars and among the most recovered once pilfered.

FIRESIDE CHAT: Why ‘digital resiliency’ has arisen as the Holy Grail of IT infrastructure

The Last Watchdog

Digital resiliency has arisen as something of a Holy Grail in the current environment. Related: The big lesson of Log4j. Enterprises are racing to push their digital services out to the far edge of a highly interconnected, cloud-centric operating environment. This has triggered a seismic transition of company networks, one that has put IT teams and security teams under enormous pressure.

IT 159

Cisco will not fix the authentication bypass flaw in EoL routers

Security Affairs

Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit.

Big California Privacy News: Legislative and Enforcement Updates

Data Matters

Privacy never sleeps in California.

B2B 157

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

The Makings of a Successful Threat-Hunting Program

Dark Reading

Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers

Botched Crypto Mugging Lands Three U.K. Men in Jail

Krebs on Security

Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes.

Uber Ex-CSO's Trial: Who's Responsible for Breach Reporting?

Data Breach Today

While Joe Sullivan Is Accused of Perpetrating Cover-Up, Where Should the Buck Stop? Should the now-former CSO of Uber have reported a security incident to authorities after discovering signs of unusual behavior?

NEW TECH SNAPSHOT: The role of ‘MSSPs’ in helping businesses manage cybersecurity

The Last Watchdog

Network security has been radically altered, two-plus years into the global pandemic. Related: ‘ Attack surface management’ rises to the fore. The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Criminal hacking collectives are thriving, more than ever.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

OpIran: Anonymous declares war on Teheran amid Mahsa Amini’s death

Security Affairs

OpIran: Anonymous launched Operation Iran against Teheran due to the ongoing crackdown on dissent after Mahsa Amini’s death. Anonymous launched OpIran against Iran due to the ongoing crackdown on dissent after Mahsa Amini’s death.

Massive Data Breach at Uber

Schneier on Security

It’s big : The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

Dark Reading

It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Iranian Threat Group Befriends Victims

Data Breach Today

APT42 Operates on Behalf of the Islamic Revolutionary Guard Corps An Iranian state-sponsored group in operation since 2015 relies on highly targeted social engineering to try and attack individuals and organizations that Tehran deems enemies of the regime, says a new report from cyberthreat intelligence firm Mandiant.

GUEST ESSAY: The case for an identity-first approach ‘Zero Trust’ privileged access management

The Last Watchdog

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry.

Access 146

Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin

Security Affairs

Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin.