Sat.Feb 06, 2021 - Fri.Feb 12, 2021

Florida City's Water Hack: Poor IT Security Laid Bare

Data Breach Today

Oldsmar Used Windows 7, Shared TeamViewer Password, Didn't Have a Firewall The Florida city that experienced a breach of its water treatment system used now-unsupported Windows 7 machines, shared the same password for remote access and had no firewall.

5 Cloud Trends That Will Reshape IT in 2021

DXC

We rang in 2020 with all the expectations that cloud computing would continue its progression as a massive catalyst for digital transformation throughout the enterprise. What we didn’t expect was a worldwide health crisis that led to a huge jump in cloud usage.

Cloud 107
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How Email Attacks are Evolving in 2021

Threatpost

The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics. Hacks Videos Web Security

What’s most interesting about the Florida water system hack? That we heard about it at all.

Krebs on Security

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material.

IT 251

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Patient Files Dumped on Darknet Site After Hacking Incidents

Data Breach Today

Data Appears to Come From 2 Healthcare Organizations in Florida, Texas The Conti cybercrime gang has reportedly leaked sensitive patient data, as well as employee records, on a darknet site following recent hacker attacks on a two healthcare organizations in Florida and Texas

259
259

More Trending

Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector

Dark Reading

Expect increase in ransomware and 'triple extortion' attacks, Cyber Threat Intelligence League says

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.”

Senators Demand More Coordination in SolarWinds Investigation

Data Breach Today

Warner and Rubio Call for Designation of Leader of Four-Agency Effort Citing a lack of coordination and transparency, U.S.

239
239

COMB breach: 3.2B email and password pairs leaked online

Security Affairs

The Largest compilation of emails and passwords (COMB), more than 3.2 billion login credentials, has been leaked on a popular hacking forum. More than 3.2

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Android App Infects Millions of Devices With a Single Update

Dark Reading

The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update

110
110

Microsoft Patch Tuesday, February 2021 Edition

Krebs on Security

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software.

5 Critical Questions Raised by Water Treatment Facility Hack

Data Breach Today

Incident Highlights the Need to Enhance OT Security As the investigation into the hacking of a water treatment facility in Florida continues, cybersecurity experts say the incident points to the urgent need to enhance operational technology security. Here are five key questions the incident raises

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes.

Access 108

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Ransomware Attackers Set Their Sights on SaaS

Dark Reading

Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks

A Windows Defender Flaw Lurked Undetected for 12 Years

WIRED Threat Level

Microsoft has finally patched the bug in its antivirus program after researchers spotted it last fall. Security Security / Security News

IT 103

Water Treatment Hack Prompts Warning From CISA

Data Breach Today

Agency Offers Critical Infrastructure Security Reminders Following the hacking of a Florida water treatment plant, CISA is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating systems - and to take risk mitigation steps.

Risk 221

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

You've Got Cloud Security All Wrong: Managing Identity in a Cloud World

Dark Reading

In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors

Cloud 104

A Hacker Tried to Poison a Florida City's Water Supply

WIRED Threat Level

The attacker upped sodium hydroxide levels in the Oldsmar, Florida, water supply to extremely dangerous levels. Security Security / Cyberattacks and Hacks

White House Taps Neuberger to Lead SolarWinds Probe

Data Breach Today

Novel phishing technique uses Morse code to compose malicious URLs

Security Affairs

Cybercriminals devised a new phishing technique that leverages the Morse code to hide malicious URLs and bypass defense.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Florida Water Utility Hack Highlights Risks to Critical Infrastructure

Dark Reading

The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population

Risk 106

Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer

Schneier on Security

MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature.

IT 101

Plex Media Servers Used to Amplify DDoS Threats

Data Breach Today

Researchers Warn of Yet Another Way to Boost Attacks Researchers with NetScout are warning that attackers are abusing certain versions of the Plex media server app to strengthen and amplify DDoS attacks.

222
222

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government

Dark Reading

A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world

Attack against Florida Water Treatment Facility

Schneier on Security

A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100.

Florida's Water Hack: Poor IT Security Laid Bare

Data Breach Today

Oldsmar Used Windows 7, Shared TeamViewer Password, Didn't Have a Firewall The Florida city that experienced a breach of its water treatment system used now-unsupported Windows 7 machines, shared the same password for remote access and had no firewall.