November, 2021

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

Trojan Source: Invisible Vulnerabilities in Most Code

Data Breach Today

This Flaw Could Lead to an Attack Like SolarWinds Two researchers from the University of Cambridge have discovered a vulnerability that affects most computer code compilers and many software development environments, according to a new research paper.

Paper 229
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers.

Access 221

How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity

Dark Reading

The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

The McDonald’s Ice Cream Machine Hacking Saga Has a New Twist

WIRED Threat Level

The cold war between a startup and a soft-serve machine manufacturer is heating up, thanks to a newly released trove of internal emails. Security Security / Security News

More Trending

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

IT 280

Ransomware Evolves: Affiliates Set to Wield Greater Power

Data Breach Today

Operators Left Exposed After Overreaching, Says McAfee Enterprise’s John Fokker How is the ransomware ecosystem set to evolve?

MY TAKE: lastwatchdog.com receives recognition as a Top 10 cybersecurity webzine in 2021

The Last Watchdog

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Holiday Scams Drive SMS Phishing Attacks

Dark Reading

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

A Drone Tried to Disrupt the Power Grid. It Won't Be the Last

WIRED Threat Level

An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it. Security Security / Security News

IT 114

Cisco warns of hard-coded credentials and default SSH key issues in some products

Security Affairs

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys.

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information.

California Clinic Network Cyber Incident Affects 656,000

Data Breach Today

A Nevada Cancer Center Is Also Dealing With the Aftermath of an Attack A recent cyberattack on Community Medical Centers in Northern California has potentially compromised the information of more than 656,000 individuals.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

The Last Watchdog

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Risk 173

How Threat Actors Get Into OT Systems

Dark Reading

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems

Risk 111

1.8TB of Police Helicopter Surveillance Footage Leaks Online

WIRED Threat Level

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be. Security Security / Privacy

IT 114

Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server

Security Affairs

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

‘Tis the Season for the Wayward Package Phish

Krebs on Security

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery.

Changing Employee Mindsets During Digital Transformation

Data Breach Today

How CISOs Can Ensure That the Business Succeeds While It Transforms While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have.

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Finding Your Niche in Cybersecurity

Dark Reading

With a little patience and research, you can discover a role you love that also protects those around you

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Hackers Targeted Hong Kong Apple Devices in Widespread Attack

WIRED Threat Level

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more. Security Security / Cyberattacks and Hacks

Attackers compromise Microsoft Exchange servers to hijack internal email chains

Security Affairs

A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails.

Access 109

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Krebs on Security

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.

CISA Directs Federal Agencies to Patch Known Vulnerabilities

Data Breach Today

BOD 22-01 Imposes Strict Deadlines for Remediation of Publicly Known Exploits The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a new directive - BOD 22-01 - requiring federal civilian agencies to patch vulnerabilities known to be actively exploited in the wild

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

Application Programming Interface. Where would we be without them? Related: Supply-chain exposures on the rise. APIs are the snippets of code that interconnect the underlying components of all the digital services we can’t seem to live without. Indeed, APIs have opened new horizons of cloud services, mobile computing and IoT infrastructure, with much more to come. Yet, in bringing us here, APIs have also spawned a vast new tier of security holes.

Cyber Conflict Between US and Iran Heats Up

Dark Reading

The United States, United Kingdom, and Australia warn attacks from groups linked to Iran are on the rise, while the Iranian government blames the US and Israel for an attack on gas pumps

Iranian Hackers Are Going After US Critical Infrastructure

WIRED Threat Level

A hacking group is targeting a broad range of organizations, taking advantage of vulnerabilities that have been patched but not yet updated. Security Security / Cyberattacks and Hacks