Sat.Jul 10, 2021 - Fri.Jul 16, 2021

10 Mistakes Companies Make in Their Ransomware Responses

Dark Reading

Hit by ransomware? These missteps can take a bad scenario and make it even worse

Navigating Active Directory Security: Dangers and Defenses

Dark Reading

Microsoft Active Directory, ubiquitous across enterprises, has long been a primary target for attackers seeking network access and sensitive data

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

EDI vs API? It’s a False Debate

OpenText Information Management

According to EFT, 55 percent of supply chain executives considered web service APIs as an alternative to EDI. But we should know better by now than try to write off electronic data interchange (EDI) again. This isn’t about replacement. It is, as always, about integration.

IT 60

How 'Mespinoza' Ransomware Group Hits Targets

Data Breach Today

Palo Alto Networks Report Describes Tactics of Group Leveraging Open-Source Tools The gang behind the ransomware strain known as Mespinoza, aka PYSA, is targeting manufacturers, schools and others, mainly in the U.S. and U.K., demanding ransom payments as high as $1.6

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Microsoft Patch Tuesday, July 2021 Edition

Krebs on Security

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.

IT 167

More Trending

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile trojan.

Facebook Disrupts Iranian APT Campaign

Data Breach Today

Tortoiseshell' Group Used the Social Network to Contact Targets Facebook's threat intelligence team says it has disrupted an Iranian advanced persistent threat group that was using the social network as part of an effort to spread malware and conduct cyberespionage operations, primarily in the U.S.

IT 206

SonicWall: 'Imminent' Ransomware Attack Targets Older Products

Dark Reading

The attack exploits a known vulnerability that was fixed in new versions of firmware released this year

Hackers Got Past Windows Hello by Tricking a Webcam

WIRED Threat Level

The security researchers used an infrared photos and third-party hardware to best Microsoft's facial recognition tech. Security Security / Security News

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

HelloKitty ransomware now targets VMware ESXi servers

Security Affairs

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems.

SolarWinds Issues Patches in Wake of Zero-Day Attacks

Data Breach Today

Flaw in Serv-U File-Transfer Software Unconnected to Orion Supply-Chain Attack Attackers have been actively exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns.

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling.

Cuba’s Social Media Blackout Reflects an Alarming New Normal

WIRED Threat Level

In response to mass protests, the country has been blocking social media and communication platforms since Sunday—an increasingly common action worldwide. Security Security / Security News

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Google: four zero-day flaws have been exploited in the wild

Security Affairs

Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year.

Ransomware Landscape: REvil Is One of Many Operators

Data Breach Today

Biden Administration Says Attempted Ransomware Disruption Efforts Won't Be Immediate As the Biden administration attempts to force Russia to crack down on its domestic cybercriminals, one challenge will be the sheer diversity of attack code being wielded and individuals involved.

Microsoft Confirms Acquisition of RiskIQ

Dark Reading

RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises

Cloud 82

How to Make Your Web Searches More Secure and Private

WIRED Threat Level

What you look for online is up to you—just make sure no one else is taking a peek. Security Security / Privacy Security / Security Advice

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

SpearTip Finds New Diavol Ransomware Does Steal Data

Security Affairs

Security researchers have linked a new ransomware strain called Diavol to the Wizard Spider threat group behind the Trickbot botnet.

DOD and DHS Need More Collaboration on Cybersecurity Issues

Data Breach Today

Report: Cooperation Is Required to Protect US Critical Infrastructure A greater level of cooperation is needed between the DOD and DHS to ensure that U.S. critical infrastructure is protected against various cyberthreats, according to an inspector general's report.

Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers

Threatpost

HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs. Malware Web Security

The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones

WIRED Threat Level

Security researchers say the group exploited a zero-day in Apple’s operating system to target European government officials over LinkedIn. Security Security / Cyberattacks and Hacks

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

American retailer Guess discloses data breach after ransomware attack

Security Affairs

American clothing brand and retailer Guess discloses a data breach after the February ransomware attack and is notifying the affected customers. In February, American fashion brand Guess was hit by a ransomware attack, now the company is disclosing a data breach and is notifying affected customers.

Year-long Phishing Campaign Targets Energy Firms

Data Breach Today

The oil and gas industry is yet again a victim of Agent Tesla malware A sophisticated campaign that uses remote access Trojans and malware-as-a-service threats for cyber espionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.

Microsoft: New Unpatched Bug in Windows Print Spooler           

Threatpost

Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover. Vulnerabilities

108
108

The Everyday IT Tools That Can Offer ‘God Mode’ to Hackers

WIRED Threat Level

Attackers are increasingly attuned to the power and potential of remote management software. Security Security / Cyberattacks and Hacks

IT 79

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform, again. Original post: [link].

Kaseya Fixes Remaining VSA Vulnerabilities

Data Breach Today

On-Premises Software Patched, SaaS to Come Online Again Miami-based software company Kaseya released patches on Sunday for its monitoring and management software that was exploited by a ransomware group.

China Taking Control of Zero-Day Exploits

Schneier on Security

China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make.