Sat.Apr 10, 2021 - Fri.Apr 16, 2021

Iranian Nuclear Site Shut Down by Apparent Cyberattack

Data Breach Today

Report: Israeli Government Involved Israeli public media outlet Kan, citing intelligence sources, says an Israeli government cyberattack was responsible for the shutdown of an Iranian nuclear power facility on Sunday in what Iran describes as an act of "sabotage

How to Log In to Your Devices Without Passwords

WIRED Threat Level

You can use your face, fingerprint, or a wearable to get access to your gadgets. It saves you some typing—and makes you feel like a spy. Security Security / Privacy

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Governance Maturity and Tracking Progress

erwin

Data governance is best defined as the strategic, ongoing and collaborative processes involved in managing data’s access, availability, usability, quality and security in line with established internal policies and relevant data regulations.

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Krebs on Security

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Facebook Tries to 'Scrape' Its Way Through Another Breach

Data Breach Today

Social Network Attempts 'Not Hacking' Spin on Theft of 533 Million Users' Details Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped.

IT 267

More Trending

The FBI Is Now Securing Networks Without Their Owners’ Permission

Schneier on Security

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange.

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Krebs on Security

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal , a service that scans submitted files against more than five dozen antivirus and security products.

US Pulls Back Curtain on Russian Cyber Operations

Data Breach Today

Foreign Intelligence Service's Techniques, Partners Revealed While the Biden administration is betting that the latest round of sanctions aimed at Russia and its economy will help deter the country's cyber operations, several U.S.

IT 257

Joker malware infected 538,000 Huawei Android devices

Security Affairs

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store.

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

Microsoft Warns of Malware Delivery via Google URLs

Dark Reading

A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan

112
112

Microsoft Patch Tuesday, April 2021 Edition

Krebs on Security

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products.

A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook

Data Breach Today

Confusion Over Hacking, Scraping and Amassing Highlights Data Lockdown Imperative Criminals love to amass and sell vast quantities of user data, but not all such data sets necessarily pose a fresh risk to users.

Risk 247

Personal data of 1.3 million Clubhouse users leaked online

Security Affairs

An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

5 Objectives for Establishing an API-First Security Strategy

Dark Reading

With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever

Oh Look, LinkedIn Also Has a 500M User Data Leak

WIRED Threat Level

Plus: A bad Zoom bug, a billion-dollar cocaine bust, and more of the week's top security news. Security Security / Security News

Texas Man Charged With Planning to Bomb AWS Data Center

Data Breach Today

DOJ: Suspect Believed He Could Disrupt 70% of Internet Traffic A Texas man is facing a federal charge after he allegedly tried to buy explosives from an undercover FBI agent to bomb an AWS data center in Virginia, according to the Justice Department.

246
246

This man was planning to kill 70% of Internet in a bomb attack against AWS

Security Affairs

The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet.

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Microsoft Uses Machine Learning to Predict Attackers' Next Steps

Dark Reading

Researchers build a model to attribute attacks to specific groups based on tactics, techniques and procedures, and then figure out their next move

110
110

100M More IoT Devices Are Exposed—and They Won't Be the Last

WIRED Threat Level

The Name:Wreck flaws in TCP/IP are the latest in a series of vulnerabilities with global implications. Security Security / Security News

IoT 103

Biden Seeks to Boost CISA's Budget by $110 Million

Data Breach Today

Additional Money Would Address Range of Cybersecurity Issues President Joe Biden is asking Congress to boost CISA's budget by $110 million in 2021 to allow the agency to address a range of cybersecurity issues following several high-profile incidents that have happened in the past six months

For the second time in a week, a Google Chromium zero-day released online

Security Affairs

For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Software Developer Arrested in Computer Sabotage Case

Dark Reading

Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer

101
101

NSA Discloses Vulnerabilities in Microsoft Exchange

Schneier on Security

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday , there are four in Microsoft Exchange that were disclosed by the NSA. Uncategorized disclosure Microsoft NSA patching vulnerabilities

98

Microsoft Patches 4 Additional Exchange Flaws

Data Breach Today

NSA Calls on Exchange Customers to Update Immediately Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched

Critical RCE can allow attackers to compromise Juniper Networks devices

Security Affairs

Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison

Dark Reading

Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking

100
100

Data Breaches, Class Actions and Ambulance Chasing

Troy Hunt

This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020.

Unscripted: 3 Security Leaders Dissect Today's Top Trends

Data Breach Today