Sat.Jan 02, 2021 - Fri.Jan 08, 2021

Analysis: 2020 Health Data Breach Trends

Data Breach Today

Ransomware, Phishing Incidents, Vendor Hacks Prevail Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

WIRED Threat Level

Wednesday's insurrection could have exposed congressional data and devices in ways that have yet to be appreciated. Security Security / National Security

IT 113
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Friction Affliction: How to Balance Security With User Experience

Dark Reading

There's a fine line between protecting against suspicious, malicious, or unwanted activity and making users jump through hoops to prove themselves

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

SolarWinds Hires Chris Krebs to Reboot Its Cybersecurity

Data Breach Today

Hacked Firm Also Taps Former Facebook CSO as It Responds to Supply Chain Attack As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S.

More Trending

Top 5 'Need to Know' Coding Defects for DevSecOps

Dark Reading

Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster

Top data breaches of 2020 – Security Affairs

Security Affairs

Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020.

Federal Courts Investigate 'Apparent Compromise' of System

Data Breach Today

Meanwhile, Courts Suspend Use of SolarWinds, Adopt New Document Security Measures The U.S. federal court system is investigating an "apparent compromise" of a confidential electronic filing system used for sensitive legal documents.

IT 247

Extracting Personal Information from Large Language Models Like GPT-2

Schneier on Security

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.”

Paper 105

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Malware Developers Refresh Their Attack Tools

Dark Reading

Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features

IT 108

FBI alert warns private organizations of Egregor ransomware attacks

Security Affairs

The US Federal Bureau of Investigation (FBI) issued a security alert warning private sector companies of Egregor ransomware attacks. The US FBI has issued a Private Industry Notification (PIN) to warn private organizations of Egregor ransomware attacks.

Blood Testing Lab Data Leaked

Data Breach Today

After Apparent Ransomware Attack, Patient Information Posted Apex Laboratory a Farmingdale, New York-based blood testing facility, is notifying patients about the leak of their information, including test results. The security incident - which appears to involve ransomware - happened in July

Activists Publish a Vast Trove of Ransomware Victims' Data

WIRED Threat Level

WikiLeaks successor DDoSecrets has amassed a controversial new collection of corporate secrets and is sharing them in the name of transparency. Security Security / Privacy

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Microsoft Source Code Exposed: What We Know & What It Means

Dark Reading

Microsoft says there is no increase in security risk; however, experts say access to source code could make some steps easier for attackers

Risk 111

Over 200 million records of Chinese Citizens for Sale on the Darkweb

Security Affairs

During a routine Dark web monitoring, the Research team at Cyble found threat actors selling 200 million+ Records of Chinese Citizens.

Sales 108

Ryuk Ransomware Profits: $150 Million

Data Breach Today

Researchers Track Funds in 61 Cryptocurrency Wallets Researchers say cryptocurrency wallets used by the operators behind the Ryuk ransomware strain and the gang's affiliates hold more than $150 million

5 key trends that will impact cyber security in 2021

DXC

Will this year be as tumultuous as 2020? Let’s hope not. But one thing won’t change: In 2021, as is the case every year, companies will continue to be challenged by new or evolving cyber security threats.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Even Small Nations Have Jumped into the Cyber Espionage Game

Dark Reading

While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year

107
107

Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack

Security Affairs

An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack.

Access 103

JPMorgan Chase Hacker Sentenced to 12 Years in Prison

Data Breach Today

Russian Andrei Tyurin Pleaded Guilty to Numerous Charges A Russian national who pleaded guilty to hacking JPMorgan Chase and other financial institutions has been sentenced to 12 years in federal prison. The hacking scheme affected more than 100 million bank customers

197
197

Russia’s SolarWinds Attack and Software Security

Schneier on Security

The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Russian Hacker Sentenced to 12 Years for Role in Breaches of JP Morgan, Others

Dark Reading

Crimes netted him $19 million overall

105
105

Ezuri memory loader used in Linux and Windows malware

Security Affairs

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes.

Analysis: The Latest SolarWinds Hack Developments

Data Breach Today

This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends

Cloud 197

Latest on the SVR’s SolarWinds Hack

Schneier on Security

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

6 Open Source Tools for Your Security Team

Dark Reading

Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started

Cloud 107

WhatsApp will share your data with Facebook and its companies

Security Affairs

WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving them no choice.

IT 99

NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

Agency Recommends Replacement of Old TLS and SSL Protocols The U.S. National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions.