October, 2021

‘Trojan Source’ Bug Threatens the Security of All Code

Krebs on Security

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns.

Data Breach Reports Rise as Supply Chain Attacks Surge

Data Breach Today

US Breach Notification Transparency Declining, Identity Theft Resource Center Warns The number of breach reports filed by U.S. organizations looks set to break records, as breaches tied to phishing, ransomware and supply chain attacks keep surging, the Identity Theft Resource Center warns.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Silence on the front lines of strategic cyber assaults belies heightening tensions

The Last Watchdog

First released in the late 1920s, the novel “All Quiet on the Western Front” was publicly burned, banned, derided and censored for its “anti-war” and “unpatriotic” messages. Set in the final weeks of World War 1, the story swings heavily on the contrast between false security and the realities of war. Related: We’re in the golden era of cyber espionage. Today, we are talking about a different war dynamically morphing between a physical war and cyber war. President Joe Biden just told U.S.

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

What Squid Game Teaches Us About Cybersecurity

Dark Reading

When life inside the security operations center feels treacherous, here are some suggestions for getting out alive

More Trending

What Happened to Facebook, Instagram, & WhatsApp?

Krebs on Security

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages.

Hackers Impersonate Amnesty International to Spread Malware

Data Breach Today

Sarwent Malware Can Execute Remote Tasks Fraudsters are impersonating Amnesty International by building a fake site to distribute malware purporting to be an anti-virus tool to protect against the NSO Group's Pegasus tool, according to researchers at Cisco Talos

GUEST ESSAY: How SPDX helps reconcile interdependencies of open, proprietary software

The Last Watchdog

Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace.

Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest

Security Affairs

White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software. The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million on a total bonus of up to $1.5

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

'TodayZoo' Phishing Kit Cobbled Together From Other Malware

Dark Reading

Microsoft's analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks

How to Permanently Delete Your Facebook Account

WIRED Threat Level

If you've finally hit your breaking point, here's how to say goodbye to Mark Zuckerberg's empire. Security Security / Security Advice

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.

Ransomware: No Decline in Victims Posted to Data-Leak Sites

Data Breach Today

Count of Victims - Listed on Leak Sites or Not - Appears To Be Holding Steady One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data-leak sites, as part of their so-called double extortion tactics.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

SHARED INTEL: Automating PKI certificate management alleviates outages caused by boom

The Last Watchdog

Our Public Key Infrastructure is booming but also under a strain that manual certificate management workflows are not keeping up with. Related: A primer on advanced digital signatures. PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce.

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Security Affairs

Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution.

7 Ways to Lock Down Enterprise Printers

Dark Reading

Following the PrintNightmare case, printer security has become a hot issue for security teams. Here are seven ways to keep printers secure on enterprise networks

An Apparent Ransomware Hack Puts the NRA in a Bind

WIRED Threat Level

The group behind the reported attack is under sanctions from the US Treasury, which means a payout could come with penalties for the victim. Security Security / Cyberattacks and Hacks

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.

Democratic Lawmakers Urge Agencies to Act on Ransomware

Data Breach Today

Letter to 4 Departments Asserts that Cryptocurrency Is Enabling These Attacks A congressional letter sent to the heads of four federal agencies expressed an urgent need for the Biden administration to continue combating ransomware.

MY TAKE: Can Project Wildland’s egalitarian platform make Google, Facebook obsolete?

The Last Watchdog

Most of the people I know professionally and personally don’t spend a lot of time contemplating the true price we pay for the amazing digital services we’ve all become addicted to. Related: Blockchain’s role in the next industrial revolution. I’ll use myself as a prime example. My professional and social life revolve around free and inexpensive information feeds and digital tools supplied by Google, Microsoft, Amazon, LinkedIn, Facebook and Twitter. I’m productive.

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Identity-Focused Security Controls Prevail

Dark Reading

How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map

Access 114

International Operation Knocks Notorious REvil Group Offline

WIRED Threat Level

Plus: Data theft in Argentina, a Sinclair Broadcast Group hack, and more of the week’s top security news. Security Security / Security News

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

The U.S.

Cyberattacks Disable IT Networks at 2 Indiana Hospitals

Data Breach Today

Some Patients' Care Previously Postponed Due to COVID-19; What Happens Now? Two Indiana hospitals say their IT systems are disabled as they recover from cyberattacks suffered last week.

IT 280

Discover the 10 Rules for Managing PostgreSQL

PostgreSQL is one of the most successful open source projects in existence. But each year it becomes harder and harder to get familiarized with the PostgreSQL ecosystem and its new features. Learn 10 rules that will help you perfect your PostgreSQL installation.

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

The Last Watchdog

Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “ 51% attacks ” resulting in the theft of over $30 million worth of cryptocurrency to date. Related: Wildland restores control of data to individuals. However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

Resecurity researchers dumped Gigabytes of data from Agent Tesla C2Cs, one of the most well-known cyberespionage tools suffers a data leakage.

Retail 114

Damages Escalate Rapidly in Multiparty Data Breaches

Dark Reading

Analysis of the top-50 multiparty attacks over the past decade finds that nation-state-linked hackers focused on disruption and using stolen credentials cause the most damage