Sat.Jul 10, 2021 - Fri.Jul 16, 2021

10 Mistakes Companies Make in Their Ransomware Responses

Dark Reading

Hit by ransomware? These missteps can take a bad scenario and make it even worse

Navigating Active Directory Security: Dangers and Defenses

Dark Reading

Microsoft Active Directory, ubiquitous across enterprises, has long been a primary target for attackers seeking network access and sensitive data

Access 110

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

EDI vs API? It’s a False Debate

OpenText Information Management

According to EFT, 55 percent of supply chain executives considered web service APIs as an alternative to EDI. But we should know better by now than try to write off electronic data interchange (EDI) again. This isn’t about replacement. It is, as always, about integration.

IT 60

Facebook Disrupts Iranian APT Campaign

Data Breach Today

Tortoiseshell' Group Used the Social Network to Contact Targets Facebook's threat intelligence team says it has disrupted an Iranian advanced persistent threat group that was using the social network as part of an effort to spread malware and conduct cyberespionage operations, primarily in the U.S.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Microsoft Patch Tuesday, July 2021 Edition

Krebs on Security

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.

IT 222

More Trending

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Security Affairs

Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers.

Access 113

SolarWinds Issues Patches in Wake of Zero-Day Attacks

Data Breach Today

Flaw in Serv-U File-Transfer Software Unconnected to Orion Supply-Chain Attack Attackers have been actively exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns.

Analysis of the FBI’s Anom Phone

Schneier on Security

Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting. Uncategorized backdoors cell phones encryption FBI law enforcement

Microsoft Confirms Acquisition of RiskIQ

Dark Reading

RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises

Cloud 112

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform, again. Original post: [link].

Ransomware Landscape: REvil Is One of Many Operators

Data Breach Today

Biden Administration Says Attempted Ransomware Disruption Efforts Won't Be Immediate As the Biden administration attempts to force Russia to crack down on its domestic cybercriminals, one challenge will be the sheer diversity of attack code being wielded and individuals involved.

REvil is Off-Line

Schneier on Security

This is an interesting development : Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday. […].

Enterprises Altering Their Supply Chain Defenses on Heels of Latest Breaches

Dark Reading

More than half of enterprises surveyed for Dark Reading's State of Malware Threats report indicate they are making at least a few changes to their supply chain security defenses following recent attacks on software vendors such as SolarWinds

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

BIOPASS malware abuses OBS Studio to spy on victims

Security Affairs

Researchers spotted a new malware, dubbed BIOPASS, that sniffs victim’s screen by abusing the framework of Open Broadcaster Software (OBS) Studio.

Cloud 111

How 'Mespinoza' Ransomware Group Hits Targets

Data Breach Today

Palo Alto Networks Report Describes Tactics of Group Leveraging Open-Source Tools The gang behind the ransomware strain known as Mespinoza, aka PYSA, is targeting manufacturers, schools and others, mainly in the U.S. and U.K., demanding ransom payments as high as $1.6

A New System Is Helping Crack Down on Child Sex Abuse Images

WIRED Threat Level

There are 150 child sexual abuse laws around the world. Now, metadata is making it easier for countries to work together. Security Security / Security News

Iranian State-Sponsored Hacking Attempts

Schneier on Security

Interesting attack : Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

HelloKitty ransomware now targets VMware ESXi servers

Security Affairs

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems.

DOD and DHS Need More Collaboration on Cybersecurity Issues

Data Breach Today

Report: Cooperation Is Required to Protect US Critical Infrastructure A greater level of cooperation is needed between the DOD and DHS to ensure that U.S. critical infrastructure is protected against various cyberthreats, according to an inspector general's report.

Facebook Catches Iranian Spies Catfishing US Military Targets

WIRED Threat Level

The hackers posed as recruiters, journalists, and hospitality workers to lure its victims. Security Security / Security News

Did the Cybersecurity Workforce Gap Distract Us From the Leak?

Dark Reading

Cyber games can play a critical role in re-engaging our workforce and addressing the employee retention crisis

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Google: four zero-day flaws have been exploited in the wild

Security Affairs

Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year.

Year-long Phishing Campaign Targets Energy Firms

Data Breach Today

The oil and gas industry is yet again a victim of Agent Tesla malware A sophisticated campaign that uses remote access Trojans and malware-as-a-service threats for cyber espionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.

China Taking Control of Zero-Day Exploits

Schneier on Security

China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make.

SonicWall: 'Imminent' Ransomware Attack Targets Older Products

Dark Reading

The attack exploits a known vulnerability that was fixed in new versions of firmware released this year

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts.

Kaseya Fixes Remaining VSA Vulnerabilities

Data Breach Today

On-Premises Software Patched, SaaS to Come Online Again Miami-based software company Kaseya released patches on Sunday for its monitoring and management software that was exploited by a ransomware group.

Colorado Passes Consumer Privacy Law

Schneier on Security

First California. Then Virginia. Now Colorado. Here’s a good comparison of the three states’ laws. Uncategorized data collection data protection privacy