Sat.Mar 13, 2021 - Fri.Mar 19, 2021

US: Cyber Risk: Facing Off Against Employee Monitoring Requirements

DLA Piper Privacy Matters

Authors: Carol A.F. Umhoefer and Alaa Salaheldin. Global companies face increased pressure to adopt strong cyber risk mitigation measures in today’s rapidly evolving cyber threat-heavy business environment.

Risk 90

The Case for 'Zero Trust' Approach After SolarWinds Attack

Data Breach Today

CISA Acting Director and Federal CISO Tell Senate of Need for a New Government Strategy The SolarWinds supply chain attack should push federal government agencies to adopt the "zero trust" model and deploy better endpoint detection and response tools, according to the new federal CISO and the acting director of the U.S.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Smart City Trends – Benefits, Concerns and its Future by Tech Fools

IG Guru

A smart city is pretty much an urban region that makes use of information and communication technology, with electronic sensors to optimize efficiency, collect data, share information, and better the services rendered by the government and the lives of the citizens.

Tips on Selecting a Protective DNS Service

Data Breach Today

NSA, CISA Offer Advice on Using PDNS Services to Help Thwart Attacks As concerns about the number of attacks targeting domain name system protocols continue to grow, the NSA and CISA have released new guidance on how to choose and deploy a Protective Domain Name System service to strengthen securit

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else.

More Trending

Facebook's ‘Red Team X’ Hunts Bugs Outside the Social Network

WIRED Threat Level

The internal hacking team has spent the last year looking for vulnerabilities in the products the company uses, which could in turn make the whole internet safer. Security Security / Security News

Feds Charge Verkada Camera Hacker With 'Theft and Fraud'

Data Breach Today

Swiss Citizen Allegedly Leaked Multiple Victims' Stolen Data, Including Source Code A Swiss national who recently highlighted flaws in Verkada surveillance cameras has been charged with hacking by a U.S.

Access 233

Fintech Giant Fiserv Used Unclaimed Domain

Krebs on Security

If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous.

GUEST ESSAY: How and why ‘pen testing’ will continue to play a key role in cybersecurity

The Last Watchdog

When we look at society today, we can see that we are moving further and further ahead with technology. Numerous advancements are being made at an extremely fast pace with no sign of slowing down. In fact, there is evidence that technology grows exponentially fast. Since we are quickly putting out large technologies, security risks always come with this. Related: Integrating ‘pen tests’ into firewalls. Even large companies are not immune to this.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Illegal Content and the Blockchain

Schneier on Security

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless.

Over 400 Cyberattacks at US Public Schools in 2020

Data Breach Today

Experts Say Increase Owes to Lack of Funding, Virtual Learning U.S. public schools faced a record number of cyber incidents in 2020, with over 400 attacks reported.

WeLeakInfo Leaked Customer Payment Info

Krebs on Security

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites.

The fire in the OVH datacenter also impacted APTs and cybercrime groups

Security Affairs

The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs.

Risk 112

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

New Malware Hidden in Apple IDE Targets macOS Developers

Dark Reading

XcodeSpy is latest example of growing attacks on software supply chain

103
103

New Attack Uses Fake Icon To Deliver Trojan

Data Breach Today

Attackers Deploy NanoCore Malware as Part of the Campaign A new malware spam email campaign is delivering the NanoCore remote access Trojan as a malicious Adobe icon to infect its victims, a new report by security firm Trustwave finds.

Easy SMS Hijacking

Schneier on Security

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding.

Experts found three new 15-year-old bugs in a Linux kernel module

Security Affairs

Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems.

Risk 112

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

DDoS's Evolution Doesn't Require a Security Evolution

Dark Reading

They may have grown in sophistication, with more widespread consequences, yet today's distributed denial-of-service attacks can still be fought with conventional tools

How Did the Exchange Server Exploit Leak?

Data Breach Today

Microsoft Investigating; Devcore Pentesters Say They're in the Clear It has been an open question as to how a half-dozen hacking groups began exploiting Exchange servers in an automated fashion in the days leading up to Microsoft's patches.

IT 231

Security Analysis of Apple’s “Find My…” Protocol

Schneier on Security

Interesting research: “ Who Can Find My Devices?

Paper 101

Russian National pleads guilty to conspiracy to plant malware on Tesla systems

Security Affairs

The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. The U.S.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Hackers Accessed Security Cameras Inside Tesla and Beyond

WIRED Threat Level

Plus: A Molson-Coors hack, Github controversy, and more of the week's top security news. Security Security / Security News

Access 101

Researchers Uncover Widely Used Malware Crypter

Data Breach Today

Avast Says OnionCrypter Has Been in Use Since 2016 Security researchers at Avast have discovered that more than 30 hacker groups have been using a malware crypter dubbed OnionCrypter

What CISOs Can Learn From Big Breaches: Focus on the Root Causes

Dark Reading

Address these six technical root causes of breaches in order to keep your company safer

94

Millions of sites could be hacked due to flaws in popular WordPress plugins

Security Affairs

Experts found vulnerabilities in two WordPress plugins that could be exploited to run arbitrary code and potentially take over a website.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Apple Bent the Rules for Russia. Other Nations Will Take Note

WIRED Threat Level

Russian iPhone buyers will soon be prompted to install software developed in that country, setting a precedent that other authoritarian governments may follow. Security Security / Security News

US Intelligence Reports: Russia, Iran Targeted 2020 Election

Data Breach Today

Review Confirms Disinformation Campaigns, But No Signs Hackers Altered Vote Tallies U.S.

224
224

Tech Vendors' Lack of Security Transparency Worries Firms

Dark Reading

A majority of firms say they're more likely to buy from suppliers that are open about security issues -- yet that sentiment isn't necessarily reflected in the technology providers they're currently working with