Sat.Apr 24, 2021 - Fri.Apr 30, 2021

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Fighting Ransomware: A Call for Cryptocurrency Regulation

Data Breach Today

Coalition Offers a Framework for Disrupting Attacks A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Public Affairs: Your New Neighborhood Library

Information Governance Perspectives

When you think about the fact that libraries are about information and not simply about books, you begin to see where the value is. The post Public Affairs: Your New Neighborhood Library appeared first on Rafael Moscatel.

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

The Last Watchdog

Historically, consumers have had to rely on self-discipline to protect themselves online. Related: Privacy war: Apple vs. Facebook. I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual private networks, or VPNs, came along, providing a pretty nifty little tool that any individual could use to deflect invasive online tracking. Consumer-grade VPNs have steadily gained a large following.

B2C 166

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Experian API Exposed Credit Scores of Most Americans

Krebs on Security

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned.

More Trending

7 Modern-Day Cybersecurity Realities

Dark Reading

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe

When AIs Start Hacking

Schneier on Security

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth.

Experian’s Credit Freeze Security is Still a Joke

Krebs on Security

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States.

FBI, CISA Warn of Ongoing Russian Cyberthreats

Data Breach Today

Agencies Say Russia's SVR Continues to Target Vulnerable Networks The FBI and CISA are warning of continued cyberthreats stemming from Russia's Foreign Intelligence Service, or SVR, which the Biden administration formally accused of carrying out the SolarWinds supply chain attack.

227
227

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

Expect an Increase in Attacks on AI Systems

Dark Reading

Companies are quickly adopting machine learning but not focusing on how to verify systems and produce trustworthy results, new report shows

114
114

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor. A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy.

The New iOS Update Lets You Stop Ads From Tracking You

WIRED Threat Level

Facebook and other advertisers fought the move, but App Tracking Transparency is finally here. Security Security / Privacy

Rapid7 Acquires Open-Source Community Project Velociraptor

Data Breach Today

Zscaler Is Also Boosting Cloud Capabilities by Picking Up Trustdome Rapid7 is acquiring Velociraptor, an open-source endpoint-monitoring organization and community that will continue to operate as a stand-alone entity while the security firm adopts some of its technology.

Cloud 228

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Challenging Our Education System to Nurture the Cyber Pipeline

Dark Reading

Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers

The cybersecurity researcher Dan Kaminsky has died

Security Affairs

The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter.

Hackers Used ‘Mind-Blowing’ Bug to Dodge macOS Safeguards

WIRED Threat Level

The vulnerability was patched Monday, but hackers had already used it to spread malware. Security Security / Cyberattacks and Hacks

IT 101

CISA: 5 Agencies Using Pulse Secure VPNs Possibly Breached

Data Breach Today

Suspicious Activity Detected; Investigation Continues CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

FluBot Malware's Rapid Spread May Soon Hit US Phones

Dark Reading

The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam

111
111

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency.

VPN Hacks Are a Slow-Motion Disaster

WIRED Threat Level

Recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown. Security Security / Cyberattacks and Hacks

BIND 9: DNS Server Software Has Flaws

Data Breach Today

Users Urged to Take Immediate Mitigation Action The developer of Berkeley Internet Name Domain, or BIND 9, an open-source implementation of domain name systems, is advising users to mitigate three vulnerabilities that attackers could remotely exploit to cause systems to crash or become inaccessible

189
189

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Ransomware Task Force Publishes Framework to Fight Global Threat

Dark Reading

An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package.

Data breaches and cyber attacks quarterly review: Q1 2021

IT Governance

Welcome to our first quarterly review of cyber attacks and data breaches. For several years, we’ve produced a monthly list of security incidents , comprised of publicly disclosed breaches from mainstream publications.

Ransomware Gang Exploits SonicWall Zero-Day Flaw

Data Breach Today

FireEye: Attacks Happened Before Patch Issued for VPN Vulnerability A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Researchers Connect Complex Specs to Software Vulnerabilities

Dark Reading

Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link

107
107

ToxicEye RAT exploits Telegram communications to steal data from victims

Security Affairs

ToxicEye is a new Remote Access Trojan (RAT) that exploits the Telegram service as part of it command and control infrastructure.

Serious MacOS Vulnerability Patched

Schneier on Security

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through.