Sat.Jun 12, 2021 - Fri.Jun 18, 2021

Malicious PDFs Flood the Web, Lead to Password-Snarfing

Threatpost

SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware. Malware Web Security

How AI is Transforming Data Governance in Today’s World

Security Affairs

How AI is Transforming Data Governance? Consumers are becoming more aware of their rights, making data governance more relevant across organizations. Data governance is a set of standards, metrics, and processes that allow organizations to responsibly use consumer data.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

VPNs and Trust

Schneier on Security

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies.

How Does One Get Hired by a Top Cybercrime Gang?

Krebs on Security

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

McDonald's Breach Exposes Korean, Taiwanese Customer Data

Data Breach Today

Company Says Phone Numbers, Delivery and Email Addresses Exposed Fast-food giant McDonald's is acknowledging a data breach that affected some customer and company data from its locations in Korea and Taiwan. Phone numbers, delivery and email addresses were exposed.

More Trending

Vigilante malware stops victims from visiting piracy websites

Security Affairs

This strange malware stops you from visiting pirate websites. Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from being able to visit a large number of piracy websites. .

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

Biden Warns Putin of Cyber Retaliation

Data Breach Today

Wants 16 Critical Infrastructure Entities Off-Limits to Attack At their Geneva summit meeting Wednesday, U.S. President Joe Biden told Russian President Vladimir Putin that if Russia continued to wage cyberattacks against the U.S., it would face retaliation

IT 202

What You Should Know About Voilá, the Latest Viral Selfie App

WIRED Threat Level

Before you use it to cartoonify your face, consider the risks to your data. Security Security / Privacy

Risk 91

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

11 Security Certifications to Seek Out This Summer

Dark Reading

The more you know, the more you grow. The Edge takes a fresh look at leading security certifications that can help advance your career

First American Financial Pays Farcical $500K Fine

Krebs on Security

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years.

Union Benefits Administrator Says Data Deleted in Hack

Data Breach Today

Service Employees International Union 775 Benefits Group: PII and PHI Deleted A Seattle-based benefits administrator for unionized home healthcare and nursing home workers has reported a hacking incident affecting 140,000 individuals that involved deleting certain data

201
201

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function.

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Apple Says It's Time to Digitize Your ID, Ready or Not

WIRED Threat Level

Digital driver’s licenses have had a slow start in the US so far, but iOS 15 Wallet will give the nascent technology a serious push. Security Security / Security News

IT 83

Welcoming the Finnish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains.

Senators Draft a Federal Breach Notification Bill

Data Breach Today

193
193

TikTok Can Now Collect Biometric Data

Schneier on Security

This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content.

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

McDonald’s discloses data breach in US, Taiwan and South Korea

Security Affairs

McDonald’s fast-food chain disclosed a data breach, hackers have stolen information belonging to customers and employees from the US, South Korea, and Taiwan.

Millions of Connected Cameras Open to Eavesdropping

Threatpost

A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability. IoT Vulnerabilities

NATO Endorses Cybersecurity Defense Policy

Data Breach Today

Agreement Comes in Advance of Biden Meeting With Putin on Wednesday The U.S. and its NATO allies endorsed a new cybersecurity defense policy during President Biden's visit this week with member states in Brussels.

VPN Attacks Surged in First Quarter

Dark Reading

But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown

78

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros

Security Affairs

An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell.

Huawei and the Critical Need for Global Cybersecurity Cooperation

eSecurity Planet

Huawei is understandably frustrated. The company has been accused by the U.S., UK and others of improper ties to the Chinese government and punished without any proof of wrongdoing.

Cyberium Domain Targets Tenda Routers in Botnet Campaign

Data Breach Today

AT&T Alien Labs: Hackers Used Mirai Variant MooBot Malware hosting domain Cyberium has spread multiple Mirai variants, including one that targeted vulnerable Tenda routers as part of a botnet campaign, AT&T Alien Labs reports

178
178

Ukraine Police Disrupt Cl0p Ransomware Operation

Dark Reading

Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Over a billion records belonging to CVS Health exposed online

Security Affairs

Researchers discovered an unprotected database belonging to CVS Health that was exposed online containing over a billion records.

How AI is Advancing Cybersecurity

eSecurity Planet

There’s a never ending cycle between the measures cybersecurity providers introduce to prevent or remediate cyber threats and the tactics cyber criminals use to get around these security measures.

Researcher: 1 Billion CVS Health Website Records Exposed

Data Breach Today

Database Contains Website Visitor Activity Logs, But Not Personal Information The discovery of an unsecured database containing over 1 billion records related to CVS Health website visitor activity illustrates yet again how security missteps can potentially leave sensitive data exposed, some security experts say.