September, 2020

FBI, CISA Warn of Election Results Disinformation Campaigns

Data Breach Today

Nation-States, Others Could Try to Undermine Confidence in Election Process With less than 45 days to go before the November election, the FBI and CISA have issued a warning that nation-state hackers and cybercriminals may attempt to spread disinformation regarding the final vote tallies as a way to undermine confidence in the voting process.

251
251

Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere

WIRED Threat Level

So-called single sign-on options offer a lot of convenience. But they have downsides that a good old fashioned password manager doesn't. Security Security / Security Advice

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Due Diligence That Money Can’t Buy

Krebs on Security

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in.

A powerful DDoS attack hit Hungarian banks and telecoms services

Security Affairs

Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them.

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Troy Hunt

You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway.

More Trending

Morgan Stanley Hit With $5 Million Data Breach Suit

Data Breach Today

Poor Procedures for Discarding Old Equipment Led to Breach, Lawsuit Alleges A $5 million lawsuit seeking class action status has been filed against Morgan Stanley, claiming the financial organization failed to properly safeguard personally identifiable information when the company discarded old computer equipment.

179 Arrested in Massive Global Dark Web Takedown

WIRED Threat Level

Operation Disruptor is an unprecedented international law enforcement effort, stemming from last year’s seizure of a popular underground bazaar called Wall Street Market. Security Security / Security News

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies.

Mining 262

Victims of ThunderX ransomware can recover their files for free

Security Affairs

Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated

Dark Reading

Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats

Interesting Attack on the EMV Smartcard Payment Standard

Schneier on Security

It’s complicated , but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal.

Paper 109

Cyber Incidents Disrupt More Schools

Data Breach Today

Districts in Connecticut, Florida Among the Latest Targets The start of classroom instruction at Hartford Public Schools in Connecticut was canceled Tuesday as a result of a ransomware attack - the latest in a series of cyber incidents to disrupt schools this fall.

The iOS 14 Privacy and Security Features You Should Know

WIRED Threat Level

The latest update for your iPhone and iPad will make them safer than ever. Security Security / Security Advice

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Who’s Behind Monday’s 14-State 911 Outage?

Krebs on Security

Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft ‘s Azure web services platform, which also was struggling with a widespread outage at the time.

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019.

IoT 114

Open Source Security's Top Threat and What To Do About It

Dark Reading

With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor

Risk 111

Top 6 Benefits of Automating End-to-End Data Lineage

erwin

Replace manual and recurring tasks for fast, reliable data lineage and overall data governance. It’s paramount that organizations understand the benefits of automating end-to-end data lineage.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Bye-Bye Bitcoins: Empire Darknet Market 'Exit Scams'

Data Breach Today

Darknet Market Is the Latest to See Administrators Steal Users' Cryptocurrency Message to anyone who placed or fulfilled an order via the world's largest darknet market, Empire, in recent weeks: Say bye-bye to your cryptocurrency.

One Data Scientist’s Quest to Quash Misinformation

WIRED Threat Level

Sara-Jayne Terp uses the tools of cybersecurity to track false claims like they’re malware. Her goal: Stop dangerous lies from hacking our beliefs. Security Security / Cyberattacks and Hacks Backchannel

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

Tyler Technologies , a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations.

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

Samba team has released a security patch to address the Zerologon issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Samba team has released a security patch to address the Zerologon (CVE-2020-1472) issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC).

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Research Finds Nearly 800,000 Access Keys Exposed Online

Dark Reading

The keys were primarily for access to databases and cloud services

Access 111

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them.

Attacks Using Cerberus Banking Trojan Surge

Data Breach Today

Release of Code on Russian Darknet Forums Leads to Broader Use, Enhancements The posting on Russian underground forums of source code for the Android mobile banking Trojan Cerberus has led to an increase in attacks as well as updates to the malware, the security firm Kaspersky reports

A Texas County Clerk’s Bold Crusade to Transform How We Vote

WIRED Threat Level

How Dana DeBeauvoir set off the biggest, weirdest, and most promising revolution in election technology since the 1800s. Security Security / Cyberattacks and Hacks Backchannel

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Krebs on Security

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware.

A Hacker's Playlist

Dark Reading

Nine security researchers share their favorite songs and genres