Sat.Jun 26, 2021 - Fri.Jul 02, 2021

Senate Bill Addresses Federal Cyber Workforce Shortage

Data Breach Today

Workforce Expansion Act Would Create CISA, VA Training Programs Sens. Maggie Hassan and John Cornyn have introduced legislation that would create a pilot apprenticeship program within CISA.

Ransomware Groups are Targeting VMs

eSecurity Planet

Virtual machines are becoming an increasingly popular avenue cybercriminals are taking to distribute their ransomware payloads onto compromised corporate networks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Pros and Cons of FTP for Secure Business File Sharing

OneHub

File transfer protocol (FTP) turned 50 this year. In the fast-moving world of technology, that’s an eternity. File sharing looks much different now than it did half a century ago, but some companies are still using FTP to share their business files.

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

Financial services giant Intuit this week informed 1.4

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

REvil's Ransomware Success Formula: Constant Innovation

Data Breach Today

Affiliate-Driven Approach and Regular Malware Refinements Are Key, Experts Say REvil, aka Sodinokibi, is one of today's most notorious - and profitable - ransomware operations, driven by highly skilled affiliates who share profits with the operators.

More Trending

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront. Related: Equipping Security Operations Centers (SOCs) for the long haul. Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time.

Risk 113

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD.

Cloud 246

Researchers Identify New Malware Loader Variant

Data Breach Today

New JSSLoader Variant is Being Spread by TA543 Group A cybercrime group tracked as TA543 by security firm Proofpoint is deploying a new variant of a malware loader to target victims as part of a phishing campaign, the company reports

Fancy Bear Is Trying to Brute-Force Hundreds of Networks

WIRED Threat Level

While SolarWinds rightly drew attention earlier this year, Moscow's Fancy Bear group has been on a password-guessing spree this whole time. Security Security / Cyberattacks and Hacks

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

Microsoft has blunted the ongoing activities of the Nobelium hacking collective, giving us yet another glimpse of the unceasing barrage of hack attempts business networks must withstand on a daily basis. Related: Reaction to Biden ‘s cybersecurity executive order. Nobelium is the Russian hacking collective best known for pulling off the milestone SolarWinds supply chain hack last December.

We Infiltrated a Counterfeit Check Ring! Now What?

Krebs on Security

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each.

Cajee Brothers Deny $3.6 Billion Bitcoin Fraud

Data Breach Today

Lawyer Says Contract to Assist the Cajee Brothers Terminated Two brothers who run Africrypt, a currency exchange service based in Johannesburg, South Africa, have been accused by law firm Hanekom Attorneys, acting on behalf of investors, of 'vanishing' along with $3.6

204
204

Hackers Are Erasing Western Digital Hard Drives Remotely

WIRED Threat Level

Amazon acquires Wickr, the Senate holds up CISA, and more of the week’s top security news. Security Security / Security News

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

New LinkedIn breach exposes data of 700 Million users

Security Affairs

A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users.

Sales 83

5 Mistakes That Impact a Security Team's Success

Dark Reading

The way we work and treat each other go a long way in improving our organizations' security posture

US Tracking Brute-Force Attacks Linked to Russia

Data Breach Today

NSA: Attackers Targeting Cloud Services for Espionage The NSA, the FBI and other U.S. government agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Office 365 and other cloud-based services

Cloud 187

How to Make Sure Your Browser Extensions Are Safe

WIRED Threat Level

As useful as all those add-ons can be, don't get complacent when it comes to making sure they're also secure. Security Security / Privacy Security / Security Advice

IT 92

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang?

Security Affairs

Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report.

Google Updates Vulnerability Data Format to Support Automation

Dark Reading

The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data

IT 81

4 Dell Bugs Could Affect 30 Million Users

Data Breach Today

Dell Issues Security Advisory to Address Flaws Security researchers at Eclypsium have reported that they had identified four vulnerabilities that could affect 30 million users of computer technology company Dell's laptops, desktops and tablets. The vulnerabilities have a cumulative CVSS score of 8.3

More Russian Hacking

Schneier on Security

Two reports this week.

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

Linux version of REvil ransomware targets ESXi VM

Security Affairs

The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises.

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

Threatpost

After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications. Breach Privacy Web Security

Sales 111

700 Million 'Scraped' LinkedIn User Records Offered for Sale

Data Breach Today

Social Media Platform Says No Private Data Exposed Some 700 million records of LinkedIn users have reportedly been offered for sale on a hacker forum.

Sales 178

POPIA: The long wait is over

DLA Piper Privacy Matters

Authors : Monique Jefferson and Justine Katz. The Protection of Personal Information Act, 2013 (POPIA) came into effect on 1 July 2020 but was subject to a 12-month grace period, which ended yesterday (30 June 2021).

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection.

Windows 11's Security Push Leaves Scores of PCs Behind

WIRED Threat Level

The minimum hardware requirements for Microsoft’s next operating system will leave plenty of PCs stranded. Security Security / Security News

REvil Target: University Medical Center of Southern Nevada

Data Breach Today

Ransomware Group Posts Stolen Data The University Medical Center of Southern Nevada acknowledged it had been the victim of a cyberattack after a newspaper discovered stolen data had been posted on the darknet site of ransomware-as-a-service gang REvil