Sat.Sep 11, 2021 - Fri.Sep 17, 2021

Microsoft Fully Ditches the Password

Data Breach Today

Windows Users Can Now Use Other Methods to Access Microsoft Products Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

It’s a Good Day to Update All Your Devices. Trust Us

WIRED Threat Level

iOS, Windows, and Chrome all have zero-day vulnerabilities that hackers are going after. Now that the fixes are here, you need to install them ASAP. Security Security / Security Advice

IT 102
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Pair of Google Chrome Zero-Day Bugs Actively Exploited

Threatpost

The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. Bug Bounty Vulnerabilities Web Security

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

FTC: Health App, Device Makers Must Report Breaches

Data Breach Today

But Does the 'Policy Statement' Warning Overstep the Intention of the Rule?

282
282

More Trending

Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

WIRED Threat Level

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Krebs on Security

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites.

Good News: REvil Ransomware Victims Get Free Decryptor

Data Breach Today

Many Files Crypto-Locked Before July 13 Unlockable via Free Bitdefender Decryptor Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

A Ransomware Recovery Plan That's Solid Gold

Dark Reading

Having a gold copy of critical data offline is essential in every organization's disaster recovery or continuity plan. Follow the 3-2-1-1 rule to secure your data

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Apple and Google Go Further Than Ever to Appease Russia

WIRED Threat Level

The tech giants have set a troubling new precedent. Security Security / Security News

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty.

Access 109

Mirai Botnet Actively Exploiting OMIGOD Flaw

Data Breach Today

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Zero-Click iMessage Exploit

Schneier on Security

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Uncategorized Apple exploits patching spyware vulnerabilities

99

A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

Security Affairs

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL).

Lawsuit: Health System Failed to Heed Ransomware Warnings

Data Breach Today

Proposed Class Action Suit Filed After Breach Affecting 1.4 Million A proposed class action lawsuit filed this week against St. Joseph's/Candler Health System in the wake of a recent ransomware breach affecting 1.4

Tape Won’t Work for Ransomware Protection. Here’s Why.

eSecurity Planet

Tape vendors have been promoting themselves as a solution to the ransomware problem because of their ability to provide air-gapped data backup, but trying to recover terabytes of data from a tape drive can be a little like, well, running into red tape.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Biggest DDoS Attack in History Hits Russian Tech Giant Yandex

WIRED Threat Level

Plus: A TrickBot hacker arrest, a Fortinet VPN password leak, and more of the week's top security news. Security Security / Security News

The new maxtrilha trojan is being disseminated and targeting several banks

Security Affairs

A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The new maxtrilha trojan is being disseminated and targeting several banks around the world.

Apple Patched iMessage. But Can It Be Made Safer Overall?

Data Breach Today

Citizen Lab Says iMessage Exploit Delivered NSO's Pegasus Spyware Apple patched a software vulnerability on Monday that researchers say was used to deliver spyware via its iMessage platform to the mobile phones of activists.

IT 253

OWASP Names a New Top Vulnerability for First Time in Years

eSecurity Planet

OWASP security researchers have updated the organization’s list of the ten most dangerous vulnerabilities – and the list has a new number one threat for the first time since 2007. The last update was in November 2017, and the latest draft is available for peer review until the end of the year.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

How to Find the Hidden Files on Your Phone or Computer

WIRED Threat Level

You shouldn't mess with some of them—but there are others you should be aware of. Security Security / Security Advice Security / Privacy

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Security Affairs

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system.

Travis CI Flaw Exposed Secrets From Public Repositories

Data Breach Today

Critics Say Travis CI's Security Bulletin is Insufficient Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials and more, potentially putting thousands of organizations at risk.

Risk 247

Show-me: Spanish Data Protection laws shaken by the Supreme Court

DLA Piper Privacy Matters

By the end of the 2018, the Spanish Parliament belatedly completed the framework provided by EU’s GDPR approving a new Data Protection Act. Following a local tradition dated in 1992, the Spanish legislators deviated themselves from the mainstream position in the EU.

GDPR 93

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Attackers Exploit OMIGOD Flaw in Azure Despite Microsoft Fixes

eSecurity Planet

Cybercriminals are targeting Linux-based servers running Microsoft’s Azure public cloud environment that are vulnerable to flaws after Microsoft didn’t automatically apply a patch on affected clients in its infrastructure.

Risk 90

OMIGOD vulnerabilities expose thousands of Azure users to hack

Security Affairs

OMIGOD – Microsoft addressed four vulnerabilities in the Open Management Infrastructure (OMI) software agent that could expose Azure users to attacks.

US Warns Nation-State Groups May Exploit Flaw in Zoho Tool

Data Breach Today

FBI, CISA, Coast Guard Release Joint Warning and Urge Customers to Patch CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit.