November, 2021

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

Trojan Source: Invisible Vulnerabilities in Most Code

Data Breach Today

This Flaw Could Lead to an Attack Like SolarWinds Two researchers from the University of Cambridge have discovered a vulnerability that affects most computer code compilers and many software development environments, according to a new research paper.

Paper 228
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers.

Access 216

Phishing Remains the Most Common Cause of Data Breaches, Survey Says

Dark Reading

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L.

More Trending

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information.

Ransomware Evolves: Affiliates Set to Wield Greater Power

Data Breach Today

Operators Left Exposed After Overreaching, Says McAfee Enterprise’s John Fokker How is the ransomware ecosystem set to evolve?

MY TAKE: lastwatchdog.com receives recognition as a Top 10 cybersecurity webzine in 2021

The Last Watchdog

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

What’s the Difference Between SASE and SD-WAN?

Dark Reading

While SD-WAN is a key part of a hybrid workplace and multicloud operation, it should be treated as a stepping stone to SASE, not an alternative

IT 113

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day

Security Affairs

0patch released free unofficial patches for Windows local privilege escalation zero-day ( CVE-2021-24084 ) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later.

Access 113

1.8TB of Police Helicopter Surveillance Footage Leaks Online

WIRED Threat Level

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be. Security Security / Privacy

IT 113

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

IT 261

California Clinic Network Cyber Incident Affects 656,000

Data Breach Today

A Nevada Cancer Center Is Also Dealing With the Aftermath of an Attack A recent cyberattack on Community Medical Centers in Northern California has potentially compromised the information of more than 656,000 individuals.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

The Last Watchdog

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Risk 168

How Threat Actors Get Into OT Systems

Dark Reading

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems

Risk 114

Attackers compromise Microsoft Exchange servers to hijack internal email chains

Security Affairs

A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails.

Access 114

Mainframe Modernization has gone Mainstream: Modernizing Mainframe Workloads with AWS and Micro Focus

Micro Focus

Micro Focus’ innovation in the modernization space continues to gather pace. Eddie Houghton, Enterprise Product Director explains the latest developments in mainframe workload modernization with AWS and Micro Focus.

109
109

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

‘Tis the Season for the Wayward Package Phish

Krebs on Security

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery.

Changing Employee Mindsets During Digital Transformation

Data Breach Today

How CISOs Can Ensure That the Business Succeeds While It Transforms While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have.

GUEST ESSAY: The shock waves of mental illness have begun exacerbating cybersecurity exposures

The Last Watchdog

Mental health at work is undergoing a rapid transformation. Even before the COVID-19 pandemic, which has caused an increase in feelings of loneliness and isolation, workers’ mental health was under pressure. Related: Capital One hacker demonstrated ‘erratic behavior’ According to a recent workforce health survey, 40% of workers experienced mental health issues this past year , double the year before.

When Will Security Frameworks Catch Up With the New Cybersecurity Normal?

Dark Reading

Standards need to reflect that most endpoints will be remote and/or wireless

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

IKEA hit by a cyber attack that uses stolen internal reply-chain emails

Security Affairs

Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails.

The McDonald’s Ice Cream Machine Hacking Saga Has a New Twist

WIRED Threat Level

The cold war between a startup and a soft-serve machine manufacturer is heating up, thanks to a newly released trove of internal emails. Security Security / Security News

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Krebs on Security

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.

Cloud 216

CISA Directs Federal Agencies to Patch Known Vulnerabilities

Data Breach Today

BOD 22-01 Imposes Strict Deadlines for Remediation of Publicly Known Exploits The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a new directive - BOD 22-01 - requiring federal civilian agencies to patch vulnerabilities known to be actively exploited in the wild

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

Application Programming Interface. Where would we be without them? Related: Supply-chain exposures on the rise. APIs are the snippets of code that interconnect the underlying components of all the digital services we can’t seem to live without. Indeed, APIs have opened new horizons of cloud services, mobile computing and IoT infrastructure, with much more to come. Yet, in bringing us here, APIs have also spawned a vast new tier of security holes.

Holiday Scams Drive SMS Phishing Attacks

Dark Reading

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well

Experts found 11 malicious Python packages in the PyPI repository

Security Affairs

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks.