Sat.Jun 25, 2022 - Fri.Jul 01, 2022

Malware Breach Affects 1.2 Million Medical Center Patients

Data Breach Today

Baptist Medical Center Latest on Growing List of Entities Reporting Major Hacks A malware incident involving exfiltration of data has affected more than 1.24 million patients of Texas-based Baptist Medical Center and Resolute Health Hospital.

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

The Last Watchdog

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say.

MDM 159

Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing

Dark Reading

External attacks focused on vulnerabilities are still the most common ways that companies are successfully attacked, according to incident data

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Latest Blow Falls on the 'Scourge of Passwords'

Data Breach Today

FIDO Alliance Leader Andrew Shikiar on New Deal With Google, Apple and Microsoft Tired of keeping track of passwords?

More Trending

GUEST ESSAY: The many benefits of infusing application security during software ‘runtime’

The Last Watchdog

Vulnerabilities in web applications are the leading cause of high-profile breaches. Related: Log4J’s big lesson. Log4j, a widely publicized zero day vulnerability, was first identified in late 2021, yet security teams are still racing to patch and protect their enterprise apps and services. This notorious incident highlights the security risks associated with open-source software, and the challenges of protecting web applications against zero day attacks.

Criminals Use Deepfake Videos to Interview for Remote Work

Dark Reading

The latest evolution in social engineering could put fraudsters in a position to commit insider threats

110
110

OpenSea Customer Emails Exposed in Third-Party Breach

Data Breach Today

No Bored Apes Were Harmed In Breach Affecting Millions of Users Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks.

Latest OpenSSL version is affected by a remote memory corruption flaw

Security Affairs

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Fireside chat: The inevitable replacement of VPNs by ‘ZTNA’ — zero trust network access

The Last Watchdog

Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon. This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to zero trust security principles. I had the chance to visit with David Holmes, network security analyst at Forrester, to learn more about how this dichotomy is playing out as companies accelerate their transition to cloud-centric networking.

Access 124

Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign

Dark Reading

The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn

Mitigating the Impact of Ransomware With Data Science

Data Breach Today

Cyentia Institute Partner Wade Baker Shares Insights on Analyzing Ransomware Data Unlocking the data generated by ransomware attacks is helping organizations better understand the risks, adopt defensive technologies and prepare for future attacks, says Wade Baker, partner at Cyentia Institute.

The government of Lithuania confirmed it had been hit by an intense cyberattack

Security Affairs

Lithuania confirmed it had been hit by an “intense” cyberattack, after Vilnius imposed restrictions on the rail transit of certain goods to Kaliningrad.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

List of Data Breaches and Cyber Attacks in June 2022 – 34.9 Million Records Breached

IT Governance

Welcome to our June 2022 review of data breaches and cyber attacks. We identified 80 security incidents during the month, resulting in 34,908,053 compromised records. You can find the full list below, broken down into categories.

18 Zero-Days Exploited So Far in 2022

Dark Reading

It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero

Strategies for Reskilling and Filling Cybersecurity Jobs

Data Breach Today

Infosys CISO Vishal Salvi on Mentoring, Online Training and Foundational Skills The gap between cybersecurity workforce demand and the number of skilled workers available to fill those jobs widened during the pandemic.

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware , the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Nearly a Million Kubernetes Instances Exposed on Internet

eSecurity Planet

Cybersecurity researchers have found more than 900,000 instances of Kubernetes consoles exposed on the internet. Cyble researchers detected misconfigured Kubernetes instances that could expose hundreds of thousands of organizations.

LockBit 3.0 Debuts With Ransomware Bug Bounty Program

Dark Reading

LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing

Zero Trust Architecture: No Firewalls or VPNs

Data Breach Today

The latest edition of the ISMG Security Report describes why firewalls and VPNs don't belong in Zero Trust design. It also discusses cybercriminals' evolving ransomware tactics and the devastating price of responding to a ransomware attack, as experienced by Travelex in 2019

LockBit 3.0 introduces important novelties, including a bug bounty program

Security Affairs

The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important noveòties such as a bug bounty program, Zcash payment, and new extortion tactics.

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Hacking Linux is Easy with PwnKit

eSecurity Planet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added PwnKit as a high-severity Linux vulnerability to its list of actively exploited bugs.

A Fintech Horror Story: How One Company Prioritizes Cybersecurity

Dark Reading

A password link that didn't expire leads to the discovery of exposed personal information at a payments service

Lithuanian Government Issues DDoS Attack Alerts

Data Breach Today

Russian Hactivist Group Posts List Of Targeted Sites On Telegram Lithuania’s National Cyber Security Center has warned of increasing DDoS attacks directed against the nation's public authorities and its transport and financial sectors following Lithuania blocking road and rail supplies to the Russian enclave of Kaliningrad.

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT.

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

What’s new in OpenText Identity and Access Management

OpenText Information Management

June 2022: OpenText Identity and Access Management CE 22.2 OT IAM platform 22.2 will deliver primarily on the following themes: Leverages ServiceNow as the primary customer and partner support tool for cloud services related to OpenText Connect.

Patch Now: Linux Container-Escape Flaw in Azure Service Fabric

Dark Reading

Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug

Cloud 103

HHS Tackles Data Privacy Concerns Linked to Abortion Ruling

Data Breach Today

Issues New HIPAA Guidance and Pledges Enforcement Against Violators Federal regulators issued health privacy guidance for medical providers and patients and promised to make privacy violations a top HIPAA enforcement priority in the wake of the U.S. Supreme Court overturning Roe v.