Sat.Mar 27, 2021 - Fri.Apr 02, 2021

List of Data Breaches and Cyber Attacks in March 2021 – 21 Million Records Breached

IT Governance

Don’t be fooled by the fact that we only recorded 20,995,371 breached records in March; it was one of the leakiest months we’ve ever seen, with 151 recorded incidents. By comparison, there was a seemingly Lilliputian 82 recorded breaches in January and 118 in February.

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Troy Hunt

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

What You Need to Know -- or Remember -- About Web Shells

Dark Reading

What's old is new again as Web shell malware becomes the latest attack vector in widespread Exchange exploits. Here's a primer on what Web shells are and what they do

83

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

On Jan. 11, Ubiquiti Inc. NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

Cloud 285

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Ubiquiti Acknowledges Extortion Attempt

Data Breach Today

Company Called Out by Whistleblower for Attack Response Internet of things vendor Ubiquiti revealed in a security notice that an attacker had attempted to extort money from the company following a December 2020 cyber incident - a fact not mentioned in the company's earlier notice about the attack

More Trending

Manufacturing Firms Learn Cybersecurity the Hard Way

Dark Reading

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let’s just get this out of the way right now: It wasn’t me.

Biden's Infrastructure Plan: 3 Cybersecurity Provisions

Data Breach Today

GUEST ESSAY: Remote workforce exposures exacerbate cybersecurity challenges in 2021

The Last Watchdog

The start of 2021 brings forth a cyber security crossroads. Many people are in the process of shifting back into office operations while balancing the potential risks and benefits of remote work. Related: Breaches spike during pandemic. For some malicious hackers and IT experts, this could represent an opening.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

CISA Builds Out Defensive Tools for Security Teams

Dark Reading

Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox

IT 107

New KrebsOnSecurity Mobile-Friendly Site

Krebs on Security

Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format.

IT 159

Check Point: 50,000 Attempted Ransomware Attacks Target Exchange

Data Breach Today

New Research Report Tracks Latest Global Trends Check Point Research says it has spotted more than 50,000 ransomware attack attempts worldwide so far against unpatched on-premises Microsoft Exchange email servers

Myanmar’s Internet Shutdown Is an Act of ‘Vast Self-Harm’

WIRED Threat Level

On Friday the military junta shut off connectivity across the country. There’s no sign of when it will return. Security Security / Security News

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It

Dark Reading

Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do

Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation?

Security Affairs

A cyber attack has disrupted the Australian Channel Nine’s live broadcasts, the company was unable to transmit its Sunday morning news program. A cyber attack has hit the Australian Channel Nine’s live broadcasts causing the disruption of its operations.

IT 100

Fake 'System Update' App Targets Android Users

Data Breach Today

Malware Steals Data, Messages, Images; Takes Control of Phones Android device users are being targeted by a sophisticated spyware app that disguises itself as a "system update" application, warns mobile security firm Zimperium. The app can steal data, messages and images and take control of phones

System Update: New Android Malware

Schneier on Security

Researchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). From a news article : The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

How to Build a Resilient IoT Framework

Dark Reading

For all of their benefits, IoT devices weren't built with security in mind -- and that can pose huge challenges

IoT 97

Apple released out-of-band updates for a new Zero?Day actively exploited

Security Affairs

Apple has released new out-of-band updates for iOS, iPadOS, macOS and watchOS to address another zero?day day flaw, tracked CVE-2021-1879 , actively exploited.

Iran-Linked Phishing Campaign Targeted Medical Researchers

Data Breach Today

Proofpoint: Attackers Tried to Harvest Microsoft Office Credentials The Iranian-linked threat group TA453, also known as Charming Kitten and Phosphorus, conducted a phishing campaign, dubbed "BadBlood," in late 2020 that targeted senior U.S.

Hackers Hosed by Google Were a Counterterrorism Operation

WIRED Threat Level

Plus: Fox News gets sued for its election coverage (again), a record ransomware attack, and more of the week’s top security news. Security Security / Security News

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Security on a Shoestring? More Budget Means More Detection

Dark Reading

Companies that spend the smallest share of their IT budget on security see fewer threats, but that's not good news

IT 89

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Security Affairs

Akamai has recently involved in the mitigation of two of the largest known ransom DDoS attacks, one of them peaked at 800Gbps. CDN and cybersecurity firm Akamai warns of a worrying escalation in ransom DDoS attacks since the beginning of the year.

CISA Orders Agencies to Recheck for Exchange Compromises

Data Breach Today

Requires Rescanning of Networks, Hardening of Infrastructure CISA is ordering federal executive branch agencies to rescan and recheck their networks by Monday for any signs of compromise related to the unpatched vulnerabilities in on-premises Microsoft Exchange email servers

211
211

Fugitive Identified on YouTube By His Distinctive Tattoos

Schneier on Security

A mafia fugitive hiding out in the Dominican Republic was arrested when investigators found his YouTube cooking channel and identified him by his distinctive arm tattoos. Uncategorized identification Italy operational security videos

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

How Data Governance Protects Sensitive Data

erwin

Organizations are managing more data than ever. In fact, the global datasphere is projected to reach 175 zettabytes by 2025, according to IDC.

Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools

Security Affairs

Ransomware gang demanded a $40,000,000 ransom to the Broward County Public Schools district, Florida. It is just the last attack of a long string against the sector. Ransomware operators continue to target organizations worldwide and school districts particularly exposed to these malicious campaigns.

German Parliament Sustains Another Attack

Data Breach Today

Members of Parliament Targeted by Spear Phishing, German Media Reports Several members of the German parliament, The Bundestag, and political activists in the country were targeted using a spear-phishing campaign, German newsmagazine der Spiegel reported Friday.