Sat.Aug 21, 2021 - Fri.Aug 27, 2021

Top Code Debugging and Code Security Tools

eSecurity Planet

There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And as even a casual reader would know from the headlines, not all of that code is flawless.

Intelligent Search – Strategies to Find What You Need

AIIM

Regardless of your industry, managing information intelligently requires the ability to find, store, and use information effectively and flexibly in order to get good results. It all boils down to: Finding the right information when you need it.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Financial Execs Say Security a Top Cryptocurrency Barrier

Data Breach Today

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce. Related: Employees as human sensors. As of 2018, more than 2 million people were working abroad for U.S. companies in China alone.

More Trending

Cloudflare Thwarts Largest Ever HTTP DDoS Attack

Data Breach Today

Million RPS Attack Originated From Over 20,000 Bots In 125 Countries Security firm Cloudflare says it detected and mitigated a 17.2 million request-per-second (rps) distributed denial of service attack, almost three times larger than any previously reported HTTP DDoS attack

Surveillance of the Internet Backbone

Schneier on Security

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network.

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

eSecurity Planet

Cloudflare last month fought off a massive distributed denial-of-service (DDoS) attack by a botnet that was bombarding 17.2 million requests per second (rps) at one of the internet infrastructure company’s customers in the financial services space.

IoT 110

LPE zero-day flaw in Razer Synapse allows attackers to take over Windows PCs

Security Affairs

A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer mouse or keyboard. Razer is a popular manufacturer of computer accessories, including gaming mouses and keyboards.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

T-Mobile CEO Apologizes for Mega-Breach, Offers Update

Data Breach Today

Hacker Claiming Responsibility for Attack Calls Company's Security 'Awful' T-Mobile CEO Mike Sievert on Friday issued an official mea culpa for the data breach that exposed information on 54 million of the company's customers and prospects.

Details of the Recent T-Mobile Breach

Schneier on Security

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked. Uncategorized breaches cell phones data breaches hacking T-Mobile

Neural Fuzzing: A Faster Way to Test Software Security

eSecurity Planet

Software vulnerabilities are a grave threat to the security of computer systems. They often go undetected for years until it is too late and the consequences are irreversible.

New LockFile ransomware gang uses ProxyShell and PetitPotam exploits

Security Affairs

A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang named LockFile targets Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

The Ransomware Files, Episode 1: The School District

Data Breach Today

This is the first episode of The Ransomware Files, a podcast miniseries focused on stories of resilience in the fight against ransomware.

Explosion in Geofence Warrants Threatens Privacy Nationwide

WIRED Threat Level

New figures from Google show a tenfold increase in the requests from law enforcement, which target anyone who happened to be in a given location at a specified time. Security Security / Privacy Business

Interesting Privilege Escalation Vulnerability

Schneier on Security

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges.

Access 101

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. The U.S. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

US Agencies Increasing Use of Facial Recognition Tech

Data Breach Today

GAO Finds Increasing Use for Security and Access; Privacy Concerns Remain At least 10 U.S. government agencies are planning to increase the use of facial recognition technologies by 2023, according to a GAO report.

3 Tests to Ensure Zero Trust Network Security

eSecurity Planet

The COVID pandemic has highlighted the challenges of ensuring security across an expanding enterprise network forced to support more and more remote workers , an ever-increasing diversity of devices, and frequent mobility.

IoT 99

The Stealthy iPhone Hacks That Apple Still Can't Stop

WIRED Threat Level

After another “zero-click” attack, security experts say it's time for more extreme measures to keep iMessage users safe. Security Security / Cyberattacks and Hacks

IT 92

Personal Data and docs of Swiss town Rolle available on the dark web

Security Affairs

Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack. The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors.

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

After Ransomware Attack, When Must Patients Be Notified?

Data Breach Today

Eskenazi Health Says It's Still Assessing Whether Individual Notifications Are Required Eskenazi Health, Brett Callow, Vice Society, Rob Bonta, Waikato District Health Board, HIPAA, ransomware, exfiltration, breach notification, David Holtzman, California, attorney general

Whitelisting vs. Blacklisting: Which is Better?

eSecurity Planet

Cyberattacks are becoming more sophisticated all the time. From phishing scams to ransomware and botnets, it’s hard to keep up with the latest methods that cybercriminals use. It’s not just about stopping unwanted intruders from getting into a system, however.

38M Records Exposed Online—Including Contact-Tracing Info

WIRED Threat Level

Misconfigured Power Apps from Microsoft led to more than a thousand web apps accessible to anyone who found them. Security Security / Security News

FBI flash alert warns on OnePercent Group Ransomware attacks

Security Affairs

The FBI shared info about OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

7 Emerging Ransomware Groups Practicing Double Extortion

Data Breach Today

Fresh Ransomware-as-a-Service Operations Seek Affiliates for Extorting New Victims After a string of high-profile hits, many of the largest and most notorious ransomware operations recently disappeared.

Ransomware Groups Look for Inside Help

eSecurity Planet

Ransomware attackers, who use myriad methods to get their malware into the systems of businesses large and small in hopes of pulling down millions of dollars, are now going directly to the source.

Why MSPs must prioritise Cloud security

IT Governance

Cloud computing has become an integral part of business, providing affordable and flexible options for organisations as they grow. But as Cloud services become more popular, they become increasingly lucrative targets for cyber criminals.

Cloud 89