Sat.Jan 30, 2021 - Fri.Feb 05, 2021

Clearview Facial-Recognition Technology Ruled Illegal in Canada

Threatpost

The company’s controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges. Government Privacy

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented.

IT 102
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Android Devices Prone to Botnet’s DDoS Onslaught

Threatpost

A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity. Malware Mobile Security Web Security

IT 106

Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector

Data Breach Today

SolarWinds CEO Says No Office 365 Vulnerability Pinpointed as Entry Point Microsoft's security team says the company's Office 365 suite of products did not serve as an initial entry point for the hackers who waged the SolarWinds supply chain attack.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages.

More Trending

There Are Spying Eyes Everywhere—and Now They Share a Brain

WIRED Threat Level

Security cameras. License plate readers. Smartphone trackers. Drones. We’re being watched 24/7. What happens when all those data streams fuse into one? Backchannel Security / Privacy Business

French Security Firm Says Hackers Accessed Its Source Code

Data Breach Today

Stormshield Is a Major Supplier of Security Products to the French Government French security vendor Stormshield has launched an investigation after an internal review found that hackers accessed the source code of the company's network security product.

Access 226

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms.

Sales 205

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

The Last Watchdog

The cybersecurity operational risks businesses face today are daunting, to say the least. Related: Embedding security into DevOps. Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of. Adopting and nurturing a security culture is vital for all businesses. But where to start?

Cloud 133

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

UScellular data breach: attackers ported customer phone numbers

Security Affairs

US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers.

Fonix Ransomware Gang Shuts Down Operations

Data Breach Today

Hackers Release Master Decryptor Key The Fonix ransomware gang has closed down its operations and has released a decryptor key, according to Malwarebytes and Kaspersky. But security researchers warn the gang, like others, might re-emerge with new tactics

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Krebs on Security

ValidCC , a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure. ValidCC, circa 2017.

Another SolarWinds Orion Hack

Schneier on Security

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Spotify Hit With Another Credential-Stuffing Attack

Dark Reading

This marks the second credential-stuffing attack to hit the streaming platform in the last few months

107
107

Malware Targets Kubernetes Clusters

Data Breach Today

Researchers: 'Hildegard' Linked to TeamTNT Hacking Group A previously undocumented malware variant called "Hildegard" is targeting Kubernetes clusters, according to Palo Alto Networks' Unit 42. The malicious code is likely the work of the TeamTNT hacking group, which mines for monero cryptocurrency

Mining 222

The Gaming Platforms That Let Streamers Profit From Hate

WIRED Threat Level

WIRED has found dozens of far-right and white supremacist figures monetizing their livestreams through “donation management services” Streamlabs and StreamElements. Security Security / Security News

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive Technologies expert Andrey Medov. .

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

What I Wish I Knew at the Start of My InfoSec Career

Dark Reading

Security pros identify lessons learned that impact how they view infosec today

New DHS Secretary Pledges to Investigate SolarWinds Hack

Data Breach Today

Alejandro Mayorkas: ‘Cybersecurity of Our Nation Will Be One of My Highest Priorities’ Alejandro Mayorkas, the newly confirmed secretary of the Department of Homeland Security, says his initial priorities include reviewing all available intelligence on the SolarWinds supply chain hack and scrutinizing the government's cybersecurity programs.

Apple Fixes One of the iPhone's Most Pressing Security Risks

WIRED Threat Level

By hardening iMessage in iOS 14, the company has effectively cut off what had been an increasingly popular line of attack. Security Security / Security News

Risk 104

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

6 Cybersecurity Start-Up Trends to Track

Dark Reading

The pandemic took a bite out of funding deals, but cybersecurity start-ups fared better than many other industries

China Tied to Separate SolarWinds Espionage Campaign

Data Breach Today

US Government Payroll Provider Hit, Apparently by Chinese Hackers, Reuters Reports While many details about the SolarWinds Orion hack and full victim list remain unknown, experts have ascribed the apparent espionage campaign to Russia.

Update Your iPhone and iPad Now If You Haven't Recently

WIRED Threat Level

Plus: A ransomware arrest, a dating site data leak, and more of the week's top security news. Security Security / Security News

UK Research and Innovation (UKRI) discloses ransomware attack

Security Affairs

A ransomware infected the systems at the UK Research and Innovation (UKRI), at leat two services were impacted. The UK Research and Innovation (UKRI) discloses a ransomware incident that impacted a number of UKRI-related web assets.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Cybercrime Goes Mainstream

Dark Reading

Organized cybercrime is global in scale and the second-greatest risk over the next decade

Risk 101

Led by Hydra, Darknet Markets Logged Record Revenue

Data Breach Today

Global Cybercrime Market Revenue Surged to $1.7 Billion in 2020, Chainalysis Reports Darknet markets just had their best year ever, led by Hydra, which accounted for 75% of the $1.7 billion in 2020 revenue such markets generated, Chainalysis reports.

A Second SolarWinds Hack Deepens Third-Party Software Fears

WIRED Threat Level

It appears that not only Russia but also China targeted the company, a reminder of the many ways interconnectedness can go wrong. Security Security / Cyberattacks and Hacks

IT 88