Sat.Dec 12, 2020 - Fri.Dec 18, 2020

2021 Security Budgets: Top Priorities, New Realities

Dark Reading

An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021

US Commerce, Treasury Hit in Network Intrusions

Data Breach Today

SolarWinds: Flawed Updates in Orion Platform May be Source of Attacks The U.S. Commerce Department confirmed on Sunday it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck.

IT 270
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Russia’s Hacking Frenzy Is a Reckoning

WIRED Threat Level

Despite years of warning, the US still has no good answer for the sort of “supply chain” attack that let Russia run wild. Security Security / Cyberattacks and Hacks

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

The Last Watchdog

One legacy of the ongoing global pandemic is that companies now realize that a secured and well-supported remote workforce is possible. Recently, the University of Illinois and the Harvard Business School conducted a study, and 16% of companies reported switching their employees to work at home from offices at least twice a week. Related: SASE translates into secure connectivity.

Access 130

More Trending

CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach

Dark Reading

Agency says it has "evidence of additional initial access vectors" besides SolarWinds' Orion software

Access 113

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets.

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

Security Affairs

Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts.

Hacked: US Commerce and Treasury Departments

Data Breach Today

Fellow Victim FireEye Traces Breaches to Trojanized SolarWinds Software Updates The U.S. Commerce Department confirmed on Sunday it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond

Dark Reading

White House National Security Council establishes unified group to coordinate response across federal agencies to the threat

SolarWinds Hack Could Affect 18K Customers

Krebs on Security

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday.

No One Knows How Deep Russia's Hacking Rampage Goes

WIRED Threat Level

A supply chain attack against IT company SolarWinds has exposed as many as 18,000 companies to Cozy Bear's attacks. Security Security / Cyberattacks and Hacks

IT 112

Hackers Use Mobile Emulators to Steal Millions

Data Breach Today

IBM: Attackers Target Mobile Banking Customers in US, Europe IBM Trusteer reports that a hacking group is using mobile emulators to spoof banking customers' mobile devices and steal millions of dollars from banks in the U.S. and Europe

232
232

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack

Dark Reading

Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Krebs on Security

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned.

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner.

Mining 111

FBI Warns of DoppelPaymer Ransomware Attack Surge

Data Breach Today

Cybercriminals Are Using Phone Calls to Pressure Victims The FBI is warning of increased activity - including disruption of a police dispatch system - by the operators of DoppelPaymer, a ransomware variant linked to high-profile attacks over the last several months.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

FBI Warns of DoppelPaymer Attacks on Critical Infrastructure

Dark Reading

The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say

108
108

US Schools Are Buying Cell Phone Unlocking Systems

Schneier on Security

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology.

Apple addressed multiple code execution flaws in iOS and iPadOS

Security Affairs

Apple addressed this week serious code execution vulnerabilities that affect its iOS and iPadOS mobile operating systems. Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating systems. The IT giant released iOS 14.3 and iPadOS 14.3

CISA: SolarWinds Hack Not the Only Attack Vector in Breaches

Data Breach Today

Agency Says Nation-State Hackers Used Other Methods as Well An advanced persistent threat actor used other attack vectors besides the compromised SolarWinds' Orion nework monitoring software to gain a foothold into the networks of government agencies and others, according to a Thursday alert from the U.S.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Malicious Browser Extensions for Social Media Infect Millions of Systems

Dark Reading

At least 28 third-party add-ons for top social media sites, including Facebook and Vimeo, redirect users to phishing sites and steal data

Should There Be Limits on Persuasive Technologies?

Schneier on Security

Persuasion is as old as our species. Both democracy and the market economy depend on it. Politicians persuade citizens to vote for them, or to support different policy positions. Businesses persuade consumers to buy their products or services.

5 million WordPress sites potentially impacted by a Contact Form 7 flaw

Security Affairs

The development team behind the Contact Form 7 WordPress plugin discloses an unrestricted file upload vulnerability. Jinson Varghese Behanan from Astra Security discovered an unrestricted file upload vulnerability in the popular Contact Form 7 WordPress vulnerability.

SolarWinds: The Hunt to Figure Out Who Was Breached

Data Breach Today

Some Organizations May Never Know If Data Was Stolen A mighty effort is underway to figure out which organizations may have been deeply infiltrated by a suspected Russian hacking group following the SolarWinds hack.

217
217

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Concerns Run High as More Details of SolarWinds Hack Emerge

Dark Reading

Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say

More on the SolarWinds Breach

Schneier on Security

The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update –­ a Trojan horse of sorts ­– that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.

Hacked Subway UK marketing system used in TrickBot phishing campaign

Security Affairs

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers.