Sat.Jan 23, 2021 - Fri.Jan 29, 2021

4 Clues to Spot a Bot Network

Dark Reading

Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods

89

Flash Is Dead—But Not Gone

WIRED Threat Level

Zombie versions of Adobe’s troubled software can still cause problems in systems around the world. Security Security / Security News

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

International Action Targets Emotet Crimeware

Krebs on Security

Authorities across Europe on Tuesday said they’d seized control over Emotet , a prolific malware strain and cybercrime-as-service operation.

Ransomware: Should Governments Hack Cybercrime Cartels?

Data Breach Today

Banning Ransom Payments and Unleashing Offensive Hacking Teams Being Mooted With ransomware continuing to fuel a massive surge in illicit profits, some experts have been calling on governments to launch offensive hacking teams to target cybercrime cartels.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises

The Last Watchdog

SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks. Related: Digital certificates destined to play key role in securing DX. Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map.

B2B 140

More Trending

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims.

Pediatric Hospital Faces Lawsuit After Blackbaud Breach

Data Breach Today

Case Spotlights Critical Vendor Security Risk Issues A proposed class action lawsuit has been filed against Rady Children's Hospital-San Diego in the wake of data breach resulting from a ransomware attack on Blackbaud, the hospital's cloud-based fundraising software vendor

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security Affairs

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users.

Sales 112

Ransomware Payoffs Surge by 311% to Nearly $350 Million

Dark Reading

Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

The Taxman Cometh for ID Theft Victims

Krebs on Security

The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events.

Netscout: 10 Million DDoS Attacks in 2020

Data Breach Today

Researchers Say Pandemic Triggered Surge in Activity The number of distributed denial-of-service attacks launched in 2020 surpassed 10 million, up from 8.5 million in 2019, according to NetScout's Atlas Security Engineering and Response Team

Apple addresses three iOS zero-day flaws exploited in the wild

Security Affairs

Apple has addressed three zero-day vulnerabilities in its iOS operating system that have been exploited in the wild. Apple has addressed three zero-day vulnerabilities in iOS that have been exploited in the wild with the release of security updates (iOS 14.4).

How to Better Secure Your Microsoft 365 Environment

Dark Reading

Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments

Cloud 109

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Fleeing WhatsApp for Privacy? Don't Turn to Telegram

WIRED Threat Level

Because the chat app doesn't encrypt conversations by default—or at all for group chats—security professionals often warn against it. Security Security / Privacy

Phishing Kit Can Change Lures and Text

Data Breach Today

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links

Lebanese Cedar APT group broke into telco and ISPs worldwide

Security Affairs

Clearsky researchers linked the Lebanese Cedar APT group to a cyber espionage campaign that targeted companies around the world. Clearsky researchers linked the Lebanese Cedar group (aka Volatile Cedar) to a cyber espionage campaign that targeted companies around the world.

Access 109

FBI Encounters: Reporting an Insider Security Incident to the Feds

Dark Reading

Most insider incidents don't get reported to the FBI due to fear of debilitating business disruptions, public embarrassment, and screeching vans skidding into the parking lot to confiscate servers. But is that reality

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

Massive Brazilian Data Breach

Schneier on Security

I think this is the largest data breach of all time: 220 million people. Lots more stories are in Portuguese

Cyber Incident Knocks Construction Firm Palfinger Offline

Data Breach Today

Unknown Attack Has Disrupted the Company's Global IT Infrastructure The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

Zscaler’s research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner.

Mining 110

Comparing Different AI Approaches to Email Security

Dark Reading

Get to know the difference between "supervised" and "unsupervised" machine learning

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Insider Attack on Home Surveillance Systems

Schneier on Security

No one who reads this blog regularly will be surprised : A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they had sex. […].

Access 101

Lebanese Hacking Group Targeting Telcos and ISPs

Data Breach Today

Researchers: Lebanese Cedar's Campaigns Expand Beyond Middle East An APT group known as Lebanese Cedar has launched a cyberespionage campaign targeting telecommunication companies and ISPs, according to the Israeli security firm ClearSky, which says the attacks have spread beyond the Middle East to the U.S. and Europe.

LogoKit, a new phishing kit that dynamically creates phishing forms

Security Affairs

Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target specific users.

Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short

Dark Reading

With demand for skilled cybersecurity workers so high, is it really surprising that most companies are seeing fewer qualified applicants

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Lawmakers Take Aim at Insidious Digital ‘Dark Patterns’

WIRED Threat Level

A new California law prohibits efforts to trick consumers into handing over data or money. A bill in Washington state copies the language. Business Business / Policy and Net Neutrality Security

Intel Investigating Hack of Confidential Financial Report

Data Breach Today

Incident Forced Intel to Release Results Earlier Than Planned Intel is investigating an incident in which an unauthorized person accessed a portion of the company's latest quarterly financial report, forcing the chipmaker to release its earnings slightly earlier than planned

Access 216

Security firm SonicWall was victim of a coordinated attack

Security Affairs

The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday.

Access 107