Sat.Jun 11, 2022 - Fri.Jun 17, 2022

How China Hacked US Phone Networks

WIRED Threat Level

Plus: Russia rattles its cyber sword, a huge Facebook phishing operation is uncovered, feds take down the SSNDOB marketplace, and more. Security Security / Security News

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

The Last Watchdog

At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Related: Taking API proliferation seriously. Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally. Investors more than doubled down in 2021, increasing investment by about 145 percent.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Using WiFi connection probe requests to track users

Security Affairs

Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users.

Paper 101

Highlights of RSA Conference 2022

Data Breach Today

The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying.

More Trending

Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware

Dark Reading

Most of the attacks involve the use of automated exploits, security vendor says

The Evolution of Phishing From Email to SMS and Voice Hacks

Data Breach Today

KnowBe4's Roger Grimes on Why MFA Alone Isn't a Successful Hack Prevention Strategy Phishing is no longer restricted to just emails.

Microsoft Patch Tuesday, June 2022 Edition

Krebs on Security

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now.

Cloud 194

Police Linked to Hacking Campaign to Frame Indian Activists

WIRED Threat Level

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest. Security Security / Cyberattacks and Hacks

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors.

IT 112

ISMG Editors: Are We Closing in on a Federal Privacy Law?

Data Breach Today

The State of Passwordless in 2022, New Identity Technologies In the latest weekly update, Jeremy Grant, coordinator of the Better Identity Coalition, joins three editors at ISMG to discuss important cybersecurity issues, including where we are with passwordless, if we are getting closer to a U.S.

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

Krebs on Security

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. The user interface for Downthem[.]org. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org org and ampnode[.]com

WordPress Plug-in Ninja Forms Issues Update for Critical Bug

Dark Reading

The code injection vulnerability is being actively exploited in the wild, researchers say

106
106

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Facebook Phishing Scam Steals Millions of Credentials

KnowBe4

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have visited just one of these phishing pages so far this year. Phishing

Medical Center Ransomware Attack Affects 700,000

Data Breach Today

Incident Is Latest on Growing List of Recent Major Healthcare Data Hacks An Arizona medical center that suffered a ransomware attack in April has begun notifying 700,000 individuals of a data breach compromising sensitive medical and personal information.

What is a Cyberattack? Types and Defenses

eSecurity Planet

A cyberattack is any action taken by a cyber criminal in an attempt to illegally gain control of a computer, device, network, or system with malicious intent. Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system.

Veterans Explain How Military Service Prepared Them for Cybersecurity Careers

Dark Reading

The ability to handle intense pressure is just one of the skills that veterans bring to corporate cybersecurity work

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Top 5 Cyber Security Risks for Businesses

IT Governance

In an increasingly digital world, there are an escalating number of cyber security risks for business to address. Criminal hackers are adept at spotting weaknesses, while organisations do themselves no favours when they fail to adequately protect their systems.

How to Ditch the Silo and Safeguard Medical Devices

Data Breach Today

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

Security Affairs

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor.

CMS 97

RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure

Dark Reading

A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought

Cloud 99

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Monkeypox Scams Continue to Increase

KnowBe4

Attackers are taking advantage of the current news about monkeypox to trick people into clicking on malicious links, Pickr reports.

Malaysian Hacktivists Target Indian Websites as Payback

Data Breach Today

DragonForce Malaysia's Alleged Victim List Comprises Government, Private Entities Hacktivist group DragonForce Malaysia says it hacked and defaced about 70 Indian government and private sector organizations' websites in a dayslong attack last week.

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center.

DeadBolt Ransomware Actively Targets QNAP NAS Devices — Again

Dark Reading

The QNAP network-connected devices, used to store video surveillance footage, are a juicy target for attackers, experts warn

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Attacking the Performance of Machine Learning Systems

Schneier on Security

Interesting research: “ Sponge Examples: Energy-Latency Attacks on Neural Networks “: Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs.

Chinese APT Actor Gallium Adds PingPull RAT to Its Arsenal

Data Breach Today

Here’s Why You’re Still Stuck in Robocall Hell

WIRED Threat Level

Despite major progress fighting spam and scams, the roots of the problem go far deeper than your phone company’s defenses. Security Security / Cyberattacks and Hacks