Sat.Jun 26, 2021 - Fri.Jul 02, 2021

Senate Bill Addresses Federal Cyber Workforce Shortage

Data Breach Today

Workforce Expansion Act Would Create CISA, VA Training Programs Sens. Maggie Hassan and John Cornyn have introduced legislation that would create a pilot apprenticeship program within CISA.

Ransomware Groups are Targeting VMs

eSecurity Planet

Virtual machines are becoming an increasingly popular avenue cybercriminals are taking to distribute their ransomware payloads onto compromised corporate networks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Pros and Cons of FTP for Secure Business File Sharing

OneHub

File transfer protocol (FTP) turned 50 this year. In the fast-moving world of technology, that’s an eternity. File sharing looks much different now than it did half a century ago, but some companies are still using FTP to share their business files.

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

Financial services giant Intuit this week informed 1.4

The Top 5 Business Outcomes Companies Can Achieve From Monitoring Consolidation

In this eBook, learn what the top five business outcomes are that organizations see when leveraging Datadog's end-to-end monitoring tool.

REvil's Ransomware Success Formula: Constant Innovation

Data Breach Today

Affiliate-Driven Approach and Regular Malware Refinements Are Key, Experts Say REvil, aka Sodinokibi, is one of today's most notorious - and profitable - ransomware operations, driven by highly skilled affiliates who share profits with the operators.

More Trending

A New Kind of Ransomware Tsunami Hits Hundreds of Companies

WIRED Threat Level

An apparent supply chain attack exploited Kaseya's IT management software to encrypt a "monumental" number of victims all at once. Security Security / Security News

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD.

Researchers Identify New Malware Loader Variant

Data Breach Today

New JSSLoader Variant is Being Spread by TA543 Group A cybercrime group tracked as TA543 by security firm Proofpoint is deploying a new variant of a malware loader to target victims as part of a phishing campaign, the company reports

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront. Related: Equipping Security Operations Centers (SOCs) for the long haul. Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time.

Risk 114

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

3 Things Every CISO Wishes You Understood

Dark Reading

Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers

We Infiltrated a Counterfeit Check Ring! Now What?

Krebs on Security

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each.

US Tracking Brute-Force Attacks Linked to Russia

Data Breach Today

NSA: Attackers Targeting Cloud Services for Espionage The NSA, the FBI and other U.S. government agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Office 365 and other cloud-based services

Cloud 278

Hackers hit a televised phone-in between President Putin and citizens at a TV show

Security Affairs

A massive cyber attack attempted to disrupt a televised phone-in between Russian President Vladimir Putin and the Rossiya 24 network.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Google Updates Vulnerability Data Format to Support Automation

Dark Reading

The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data

IT 114

More Russian Hacking

Schneier on Security

Two reports this week.

Babuk Ransomware Mystery Challenge: Who Leaked Builder?

Data Breach Today

Code for Generating Unique Copies of Crypto-Locking Malware Uploaded to VirusTotal The code used to build copies of Babuk ransomware - to infect victims with the crypto-locking malware - has been leaked, after someone posted the software to virus-scanning service VirusTotal.

New LinkedIn breach exposes data of 700 Million users

Security Affairs

A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users.

Sales 112

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Why Are There Never Enough Logs During An Incident Response?

Dark Reading

Most security pros believe their responses could be dramatically quicker were the right logs available, and usually they're not

Hackers Are Erasing Western Digital Hard Drives Remotely

WIRED Threat Level

Amazon acquires Wickr, the Senate holds up CISA, and more of the week’s top security news. Security Security / Security News

Analysis: Why Ransomware Is No. 1 Cyberthreat

Data Breach Today

This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals. Also featured: Western Digital IoT flaws; an FBI agent tracks cybersecurity trends

Microsoft urges Azure users to update PowerShell to fix RCE flaw

Security Affairs

Microsoft is urging Azure users to update PowerShell to address a remote code execution vulnerability that was fixed earlier this year. Microsoft is recommending its Azure users to update PowerShell versions 7.0 and 7.1

IT 111

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

5 Mistakes That Impact a Security Team's Success

Dark Reading

The way we work and treat each other go a long way in improving our organizations' security posture

Fancy Bear Is Trying to Brute-Force Hundreds of Networks

WIRED Threat Level

While SolarWinds rightly drew attention earlier this year, Moscow's Fancy Bear group has been on a password-guessing spree this whole time. Security Security / Cyberattacks and Hacks

Capital One Breach Suspect Faces New Criminal Charges

Data Breach Today

Paige Thompson Now Faces Up to 20 Years in Federal Prison, Documents Show The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, which compromised the personal data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers.

Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang?

Security Affairs

Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Name That Edge Toon: Security Grill

Dark Reading

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card

How to Make Sure Your Browser Extensions Are Safe

WIRED Threat Level

As useful as all those add-ons can be, don't get complacent when it comes to making sure they're also secure. Security Security / Privacy Security / Security Advice

IT 104

Zyxel Warns of Attacks on Its Firewall, VPN Products

Data Breach Today

Company Advises Users to Maintain Proper Security Policies as It Prepares Hotfix Taiwanese networking device manufacturer Zyxel is notifying customers about an ongoing series of attacks on some of its enterprise firewall and VPN products and is advising users to maintain proper remote access security policies as it prepares a hotfix.