Sat.Apr 17, 2021 - Fri.Apr 23, 2021

7 Old IT Things Every New InfoSec Pro Should Know

Dark Reading

Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less

IoT 105

NFTs: The Newest Collectible

eSecurity Planet

NFT-mania, pronounced nifty , is upon us with little time to prepare. From news of a collage selling for almost $70 million at Christie’s auction house to a portrayal of Janet Yellen and Morpheus rapping about cryptocurrency on SNL , the current craze is all about non-fungible tokens (NFTs).

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Telehealth: Safeguarding Patient Data

Data Breach Today

New Guidance Spells Out Security Precautions Given the surge in the use of telehealth during the COVID-19 pandemic - and expectations for continued growth - the Healthcare and Public Health Sector Coordinating Council has unveiled guidance on safeguarding patient data during remote care encounters

Note to Self: Create Non-Exhaustive List of Competitors

Krebs on Security

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. NYSE:IT ] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

NEW TECH: DigiCert unveils ‘Automation Manager’ to help issue, secure digital certificates

The Last Watchdog

How do you bring a $9 billion-a-year, digitally-agile corporation to a grinding halt? Related: Why it’s vital to secure IoT. Ask Spotify. When the popular streaming audio service went offline globally, last August, we saw a glimpse of just how tenuous digital transformation sometimes can be. Someone reportedly forgot to renew Spotify’s TLS certificate. The outage lasted about an hour, until the certificate in question got renewed.

More Trending

Payment Card Theft Ring Tech Leader Gets 10-Year Sentence

Data Breach Today

Fedir Hladyr of Ukraine Admitted to Working as System Admin for FIN7 A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques.

Mining 109

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

The Last Watchdog

Google was absolutely right to initiate a big public push a couple of years ago to make HTTPS Transport Layer Security (TLS) a de facto standard. Related: Malicious activity plagues the cloud services. At the time, in the spring of 2018, only 25 percent of commercial websites used HTTPS; today adoption is at 98 percent and rising. Far beyond just protecting websites, TLS has proven to be a linchpin of network-level communications across the board. Guess who else has been leveraging TLS?

SOC 2 Attestation Tips for SaaS Companies

Dark Reading

Attestation helps SaaS vendors demonstrate that digital security is a primary focus

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

Nation-State Actor Linked to Pulse Secure Attacks

Data Breach Today

Vulnerabilities Exploited Include a Zero-Day in Ivanti's Pulse Connect Secure The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that U.S.

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War

WIRED Threat Level

Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out. Backchannel Security Security / Cyberattacks and Hacks

WhatsApp Pink malware spreads via group chat messages

Security Affairs

A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages.

Access 107

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

Dark Reading

China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell

Access 105

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Analysts Uncover More Servers Used in SolarWinds Attack

Data Breach Today

RiskIQ: Discovery Sheds Light on Size of Cyberespionage Operation Researchers at RiskIQ say they've discovered more than a dozen previously undocumented command-and-control servers used in the SolarWinds supply chain attack, showing that the cyberespionage operation was much larger than previously identified.

224
224

Top 8 Cybersecurity Podcasts of 2021

eSecurity Planet

Cybersecurity podcasts are an easy way to immerse yourself in the world of SecOps. Depending on your interests, you can catch up on the latest news and hear analysis from experts in the field, or you can take a deep-dive into a major cybersecurity story or concept. The best part?

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips.

How to Attack Yourself Better in 2021

Dark Reading

Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals

104
104

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Signal Founder Says Cellebrite's Forensics Tools Flawed

Data Breach Today

Flaws Described by Moxie Marlinspike Raise Questions About Extracted Data's Trustworthiness Law enforcement agencies use forensics tools from Israeli company Cellebrite to gain access to locked mobile devices and extract data.

The cost of a cyber attack in 2021

IT Governance

It’s been rough sailing for organisations in the past year or so. In addition to the ongoing challenges of COVID-19, there are the effects of Brexit, increasing public awareness of privacy rights and regulatory pressure to improve data protection practices.

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Security Affairs

Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased.

IT 104

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

Dark Reading

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

ER Physician Association Hacked

Data Breach Today

ACEP Reports Tens of Thousands of Doctors Affected The American College of Emergency Physicians says a "malware" attack affected tens of thousands of the group's current and former members as well as members of three other emergency medical professional organizations

215
215

Apple’s Ransomware Mess Is the Future of Online Extortion

WIRED Threat Level

This week, hackers stole confidential schematics from a third-party supplier and demanded $50 million not to release them. Security Security / Cyberattacks and Hacks

Evil Maid Attack – Vacuum Hack

Security Affairs

Evil Maid Attack – Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry Pi. It is a typical day at the office. You are sitting at your desk, working hard at whatever it is that you do.

Business Email Compromise Costs Businesses More Than Ransomware

Dark Reading

Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Joker Malware Targets More Android Devices

Data Breach Today

Trojan Spreads Through Malicious Apps in Huawei App Store Joker malware has targeted more than 500,000 Android devices across the world through malicious apps in AppGallery - the official app store of Huawei, according to the security firm Doctor Web finds

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

Schneier on Security

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security.

Codecov was a victim of a supply chain attack

Security Affairs

The software company Codecov suffered a security breach, threat actors compromised the supply chain of one of its tools.

Access 104