Sat.Jun 04, 2022 - Fri.Jun 10, 2022

Hackers Claim Drug Data Theft as Reports Warn Health Sector

Data Breach Today

Pharma Maker Disputes Data Compromise Amid Reported Rise in Sector Attacks Novartis says no sensitive information was compromised in an alleged attack involving the drugmaker's data showing up for sale on the dark web.

Sales 198

GUEST ESSAY – The role of automation in keeping software from malicious, unintended usage

The Last Watchdog

Writing a code can be compared to writing a letter. Related: Political apps promote division. When we write a letter, we write it in the language we speak — and the one that the recipient understands. When writing a code, the developer does it in a language that the computer understands, that is, a programing language. With this language, the developer describes a program scenario that determines what the program is required to do, and under what circumstances.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Are You Ready for a Breach in Your Organization's Slack Workspace?

Dark Reading

A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels

Access 103

KrebsOnSecurity in New Netflix Series on Cybercrime

Krebs on Security

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

OneTrust Lays Off 950 Due To 'Capital Markets Sentiment'

Data Breach Today

Company Becomes the 3rd Late-Stage Startup to Cut Headcount in the Past 3 Weeks OneTrust has laid off 25% of its staff - or 950 workers - making it the third late-stage startup to significantly cut headcount in recent weeks.

More Trending

Artificial Intelligence and Security: What You Should Know

Dark Reading

Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

Russian Ministry of Construction Website Hacked

Data Breach Today

Hacker Demands Ransom; Ministry Says Personal Data of Users Secure The website of the Russian Ministry of Construction, Housing and Utilities was reportedly hacked and defaced on Sunday. The attacker demands a 1-million-ruble ransom be paid by Tuesday to ensure the security of stolen data.

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

The Last Watchdog

Reducing the attack surface of a company’s network should, by now, be a top priority for all organizations. Related: Why security teams ought to embrace complexity. As RSA Conference 2022 gets underway today in San Francisco, advanced systems to help companies comprehensively inventory their cyber assets for enhanced visibility to improve asset and cloud configurations and close security gaps will be in the spotlight. As always, the devil is in the details.

Cloud 171

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

New Linux Malware 'Nearly Impossible to Detect'

Dark Reading

So-called Symbiote malware, first found targeting financial institutions, contains stealthy rootkit capabilities

114
114

Period-Tracking and Fertility Apps Can Put Women Seeking Abortions at Risk

WIRED Threat Level

Apps collect sensitive data that could be subpoenaed by law enforcement or sold by data brokers. Business Security / Privacy

Risk 114

Hard-to-Detect 'Parasite' Targets Linux Operating Systems

Data Breach Today

Highly Evasive Symbiote Can Hide Itself and Other Malware Post-Infection New malware called Symbiote is affecting Linux operating systems by infecting other running processes to inflict damage on machines, say Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team, who jointly conducted the research.

RSAC insights: Security platforms arise to help companies discover, assess and mitigate cyber risks

The Last Watchdog

Pity the poor CISO at any enterprise you care to name. Related: The rise of ‘XDR’. As their organizations migrate deeper into an intensively interconnected digital ecosystem, CISOs must deal with cyber attacks raining down on all fronts. Many are working with siloed security products from another era that serve as mere speed bumps. Meanwhile, security teams are stretched thin and on a fast track to burn out. Help is on the way.

Risk 167

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

How AI Is Useful — and Not Useful — for Cybersecurity

Dark Reading

AI works best when security professionals and AI are complementing each other

Period-Tracking and Fertility Apps Can Put Women Seeking Abortions at Risk

WIRED Threat Level

Apps collect sensitive data that could be subpoenaed by law enforcement or sold by data brokers. Business Security / Privacy

Risk 114

The Makings of a Million-Dollar Facebook Phishing Campaign

Data Breach Today

How a Threat Actor Stole Credentials, Evaded Security Teams and Made Money Via Ads A phishing campaign used stolen credentials to log into Facebook user accounts and send links leading to phishing pages to the victims' friends to harvest their credentials.

GitLab addressed critical account take over via SCIM email change

Security Affairs

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Communication Is Key to CISO Success

Dark Reading

A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

WIRED Threat Level

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source. Security Security / Privacy Security / Cyberattacks and Hacks Security / Security News

Forescout to Buy Threat Detection and Response Vendor Cysiv

Data Breach Today

Cysiv's Cloud-Native Data Analytics Will Help OT and IoT Customers Address Threats Forescout has agreed to purchase startup Cysiv to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics.

IoT 206

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote.

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Harnessing AI to Proactively Thwart Threats

Dark Reading

By using artificial intelligence to predict how an attacker would carry out their attack, we can deploy defenses and preemptively shut down vulnerable entry points

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

WIRED Threat Level

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source. Security Security / Privacy Security / Cyberattacks and Hacks Security / Security News

Book Excerpt: Building an Effective Defense

Data Breach Today

A Chapter of the New Book 'Heuristic Risk Management' by Michael Lines Michael Lines is working with ISMG to promote awareness of the need for cyber risk management, and the CyberEdBoard is posting draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself."

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

Security Affairs

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released.

IoT 109

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

An Emerging Threat: Attacking 5G Via Network Slices

Dark Reading

A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans

112
112

The Hacker Gold Rush That's Poised to Eclipse Ransomware

WIRED Threat Level

As governments crack down on ransomware, cybercriminals may soon shift to business email compromise—already the world's most profitable type of scam. Security Security / Cyberattacks and Hacks Security / Security News

CISA Says Chinese Cyberattackers Are Targeting US Telcos

Data Breach Today