May, 2022

FBI: Russian Forums Sell Higher Education Credentials

Data Breach Today

Agency Spotted Compromised Credentials On Various Dark Web Forums The FBI is warning the U.S. higher education sector about compromised sensitive credentials and network access information advertised for sale across various public and Dark Web forums.

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Security Affairs

A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus.

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Act Now: Leveraging PCI Compliance to Improve Security

Dark Reading

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards

More Trending

Feds Allege Former IT Consultant Hacked Healthcare Company

Data Breach Today

Experts: Case Spotlights Critical, But Often Overlooked, Insider Threats, Risks A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization.

IT 266

Microsoft Patch Tuesday, May 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software.

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products.

GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles

The Last Watchdog

It’s no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats. Related: Deploying employees as threat sensors. Meanwhile, 200,000 well-trained and technically skilled military service members are discharged each year. These individuals have many transferable skills that would make cybersecurity a prosperous civilian career.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

ChromeLoader Malware Hijacks Browsers With ISO Files

Dark Reading

The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections

Thousands of Top Websites See What You Type—Before You Hit Submit

WIRED Threat Level

A surprising number of the top 100,000 websites effectively include keyloggers that covertly snag everything you type into a form. Security Security / Privacy

A $150 Million Plan to Secure Open-Source Software

Data Breach Today

Areas of Proposed Investments Include SBOMs, Software Supply Chains The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S.

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Krebs on Security

Image: Proxima Studios, via Shutterstock.

IT 225

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets.

GUEST ESSAY: Rising global tensions put us a few lines of code away from a significant cyber event

The Last Watchdog

Reflecting on the threats and targets that we are most concerned with given the Russia-Ukraine war, cybersecurity is now the front line of our country’s wellbeing. Cyber threats endanger businesses and individuals — they can affect supply chains, cause power grid failures, and much more. Related: Reaction to Biden’s cybersecurity order.

Critical OAS Bugs Open Industrial Systems to Takeover

Dark Reading

The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says

NOYB open letter on the new EU – US data deal

DLA Piper Privacy Matters

Max Schrems, through his organisation, ‘My Privacy is None of your Business’ (“ noyb.eu ”) has issued an open letter to U.S. and EU officials about the announcement of an ‘agreement in principle’ for a new Trans-Atlantic Data Privacy Framework (“ letter ”).

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Phisher Jailed After Tricking Pentagon Out of $24 Million

Data Breach Today

California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice.

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases.

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals.

Paper 112

GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers

The Last Watchdog

In today’s times, we are more aware of cyberattacks as these have become front-page news. We most recently witnessed this as Russia invaded Ukraine. Cyberattacks were used as the first salvo before any bullet or missile was fired. Related: The role of post-quantum encryption.

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

New Chaos Malware Variant Ditches Wiper for Encryption

Dark Reading

The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes

This Hacktivist Site Lets You Prank-Call Russian Officials

WIRED Threat Level

To protest the war in Ukraine, WasteRussianTime.today auto-dials Russian government officials, connects them to each other, and lets you listen in to their confusion. Security Security / Cyberattacks and Hacks

Ransomware Ecosystem: Big Changes Since Colonial Pipeline

Data Breach Today

The latest edition of the ISMG Security Report analyzes the changes in the ransomware landscape one year after the attack on Colonial Pipeline. It also revisits the Ryuk ransomware attack on a school district in Illinois and examines common culprits hindering effective Zero Trust adoption

Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions

Krebs on Security

Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive.

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems.

CMS 109

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

You very likely will interact with a content management system (CMS) multiple times today. Related: How ‘business logic’ hackers steal from companies. For instance, the The Last Watchdog article you are reading uses a CMS to store posts, display them in an attractive manner, and provide search capabilities. Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “ talk pages ” that help its many contributors collaborate.

CMS 179

Majority of Kubernetes API Servers Exposed to the Public Internet

Dark Reading

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers

113
113