January, 2021

SolarWinds Hires Chris Krebs to Reboot Its Cybersecurity

Data Breach Today

Hacked Firm Also Taps Former Facebook CSO as It Responds to Supply Chain Attack As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S.

A Site Published Every Face From Parler's Capitol Riot Videos

WIRED Threat Level

Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6. Security Security / Privacy

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How Cybersecurity Newbs Can Start Out on the Right Foot

Dark Reading

Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises

The Last Watchdog

SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks. Related: Digital certificates destined to play key role in securing DX. Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map.

B2B 146

More Trending

Analysis: 2020 Health Data Breach Trends

Data Breach Today

Ransomware, Phishing Incidents, Vendor Hacks Prevail Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020

Fleeing WhatsApp for Privacy? Don't Turn to Telegram

WIRED Threat Level

Because the chat app doesn't encrypt conversations by default—or at all for group chats—security professionals often warn against it. Security Security / Privacy

Pay-or-Get-Breached Ransomware Schemes Take Off

Dark Reading

In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

The Last Watchdog

Today’s children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come. Related: Web apps are being used to radicalize youth. The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime. For adults doing the teaching, it’s no easy task.

Two kids found a screensaver bypass in Linux Mint

Security Affairs

The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver.

Access 114

Defining and Refining Next-Gen AML

Data Breach Today

David Stewart of SAS on the Tools and Technologies Deployed to Fight Financial Crimes As the financial payments landscape shifts, and as fraudsters employ new technologies and techniques, institutions are deploying a next generation of anti-money laundering defenses.

IT 247

Parler Finds a Reprieve in Russia—but Not a Solution

WIRED Threat Level

The far-right platform still hasn't found a US-based home. Where it lands could have serious consequences for its users' privacy. Security Security / Security News

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Ransomware Payoffs Surge by 311% to Nearly $350 Million

Dark Reading

Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds

SolarWinds: What Hit Us Could Hit Others

Krebs on Security

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers.

Finding the Location of Telegram Users

Schneier on Security

Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers.

IT 114

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security Affairs

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users.

Sales 113

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

Biden's $10 Billion Cybersecurity Proposal: Is It Enough?

Data Breach Today

Security Experts Say Proposal Amounts to a 'Down Payment' President-elect Joe Biden's $1.9 trillion plan for COVID-19 relief includes nearly $10 billion in cybersecurity and IT spending. Some security experts hope the amount as just a "down payment" toward a broader effort

An Absurdly Basic Bug Let Anyone Grab All of Parler's Data

WIRED Threat Level

The “free speech” social network also allowed unlimited access to every public post, image, and video. Security Security / Privacy

Access 114

Successful Malware Incidents Rise as Attackers Shift Tactics

Dark Reading

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims.

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

Changes in WhatsApp’s Privacy Policy

Schneier on Security

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that.

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials.

Mining 114

President Biden Orders SolarWinds Intelligence Assessment

Data Breach Today

New Administration Signals Importance of Cybersecurity to National Security Agenda The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack.

How Law Enforcement Gets Around Your Smartphone's Encryption

WIRED Threat Level

New research has dug into the openings that iOS and Android security provide for anyone with the right tools. Security Security / Privacy

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Why North Korea Excels in Cybercrime

Dark Reading

North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it

IT 113

New Charges Derail COVID Release for Hacker Who Aided ISIS

Krebs on Security

A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft.

Cell Phone Location Privacy

Schneier on Security

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. Pretty Good Phone Privacy” (PGPP) protects both user identity and user location using the existing cellular networks.