Sat.Feb 20, 2021 - Fri.Feb 26, 2021

Senate SolarWinds Hearing: 4 Key Issues Raised

Data Breach Today

Issues Include Attackers' Use of Amazon's Infrastructure The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues

217
217

Optimizing Performance for Your EIM Platform

OpenText Information Management

Slow and inconsistent performance can be a barrier to user adoption and achieving the desired outcomes for a solution. Even small inefficiencies can add up, leading to reduced productivity across the user base.

68
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

A Trippy Visualization Charts the Internet's Growth

WIRED Threat Level

In 2003, Barrett Lyon created a map of the internet. In 2021, he did it again—and showed just how quickly it's expanded. Security Security / Security News

IT 100

How $100M in Jobless Claims Went to Inmates

Krebs on Security

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail.

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Senators Grill Cybersecurity Execs on SolarWinds Attack

Data Breach Today

FireEye, Microsoft, CrowdStrike Offer New Details and Recommendations The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S.

More Trending

China Hijacked an NSA Hacking Tool—and Used It for Years

WIRED Threat Level

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online. Security Security / National Security

IT 114

Checkout Skimmers Powered by Chip Cards

Krebs on Security

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim?

Retail 207

DHS to Provide $25 Million More for Cybersecurity Grants

Data Breach Today

CISA May Launch Other Grants as Well The U.S. Department of Homeland Security will provide an additional $25 million in grants to state and local cybersecurity preparedness programs with a particular focus on combatting ransomware, Secretary Alejandro Mayorkas announced Thursday

New Ryuk ransomware implements self-spreading capabilities

Security Affairs

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

NSA Releases Guidance on Zero-Trust Architecture

Dark Reading

A new document provides guidance for businesses planning to implement a zero-trust system management strategy

109
109

Hackers Tied to Russia's GRU Targeted the US Grid for Years

WIRED Threat Level

A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos. Security Security / Cyberattacks and Hacks

Chinese Attack Tool Gains Gmail Access

Data Breach Today

Campaign Targets Tibetan Organizations Proofpoint reports that Chinese state-sponsored hackers are using a new customized malicious Mozilla Firefox browser extension that facilitates access and control of victims’ Gmail accounts. So far, the hackers are targeting Tibetan organizations

Access 235

Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

Security Affairs

Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world.

Cloud 106

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Ransomware, Phishing Will Remain Primary Risks in 2021

Dark Reading

Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports

Sites Have a Sneaky New Way to Track You Across the Web

WIRED Threat Level

Plus: A LastPass rate change, Clubhouse concerns, and more of the week's top security news. Security Security / Security News

House SolarWinds Hearing Focuses on Updating Cyber Laws

Data Breach Today

Lawmakers and Witnesses See Expanded Role for CISA Following Attack A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures.

Google discloses technical details of Windows CVE-2021-24093 RCE flaw

Security Affairs

Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Cybercriminals Target QuickBooks Databases

Dark Reading

Stolen financial files then get sold on the Dark Web, researchers say

102
102

Clubhouse's Security and Privacy Lag Behind Its Huge Growth

WIRED Threat Level

The platform has promised to do better after a string of incidents. But the hardest part might be managing user expectations. Security Security / Privacy

Lazarus Hits Defense Firms with ThreatNeedle Malware

Data Breach Today

232
232

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Security Affairs

Crooks are exploiting BTC blockchain transactions to hide backup command-and-control (C2) server addresses for a cryptomining botnet.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

What Can Your Connected Car Reveal About You?

Dark Reading

App developers must take responsibility for the security of users' data

Twelve-Year-Old Vulnerability Found in Windows Defender

Schneier on Security

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time.

IT 91

New Malicious Adware Exploits Apple M1 Chip

Data Breach Today

GoSearch22 is an Off-Shoot of macOS-Targeting Pirrit Adware A security researcher has uncovered what is believed to be the first-ever malware variant that can be successfully executed in Apple's M1 chips, its latest central processor unit for Mac computers

VMware addresses a critical RCE issue in vCenter Server

Security Affairs

VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform.

Access 102

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express

Dark Reading

The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies

The Problem with Treating Data as a Commodity

Schneier on Security

Excellent Brookings paper: “ Why data ownership is the wrong approach to protecting privacy.”

Paper 85

Researchers Show How Digitally Signed PDFs Can Be Manipulated

Data Breach Today

Attackers Could Use Tactic to Insert Malicious Content Hackers could manipulate certain digitally signed PDF documents to add malicious content, according to a study by researchers at Germany's Ruhr University of Bochum

222
222