Sat.Sep 03, 2022 - Fri.Sep 09, 2022

LA School District Accounts on Dark Web Before Attack

Data Breach Today

Hacked Accounts May Have Made District an Easy Ransomware Target The Labor Day weekend ransomware attack against Los Angeles Unified School District is drawing serious attention from the U.S. government, which has dispatched the FBI.

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

The Last Watchdog

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

5 Keys to Better Key Management

Dark Reading

From analyzing your company's risk profile to knowing where keys are stored and who can access them, prioritize key clean-up and management. Make compliance an outcome and develop a risk management strategy

Risk 83

Bitwarden Raises $100M to Go Passwordless, Defend Developers

Data Breach Today

PSG Funding Will Enable Bitwarden to Get into Passwordless and Developer Secrets Bitwarden has raised $100 million to expand into new product areas including developer secrets, passwordless and privileged access management.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

NEW TECH SNAPSHOT: The role of ‘MSSPs’ in helping businesses manage cybersecurity

The Last Watchdog

Network security has been radically altered, two-plus years into the global pandemic. Related: ‘ Attack surface management’ rises to the fore. The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Criminal hacking collectives are thriving, more than ever.

More Trending

Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin

Security Affairs

Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin.

Iranian Threat Group Befriends Victims

Data Breach Today

APT42 Operates on Behalf of the Islamic Revolutionary Guard Corps An Iranian state-sponsored group in operation since 2015 relies on highly targeted social engineering to try and attack individuals and organizations that Tehran deems enemies of the regime, says a new report from cyberthreat intelligence firm Mandiant.

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

The internet has drawn comparisons to the Wild West, making ransomware the digital incarnation of a hold-up. Related: It’s all about ‘ attack surface management ‘ However, today’s perpetrator isn’t standing in front of you brandishing a weapon. They could be on the other side of the globe, part of a cybercrime regime that will never be discovered, much less brought to justice. But the situation isn’t hopeless.

Big California Privacy News: Legislative and Enforcement Updates

Data Matters

Privacy never sleeps in California.

B2B 156

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Cisco will not fix the authentication bypass flaw in EoL routers

Security Affairs

Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit.

Cybercriminal Service ‘EvilProxy’ Seeks to Hijack Accounts

Data Breach Today

EvilProxy Bypasses MFA By Capturing Session Cookies One of the biggest challenges for cybercriminals is how to defeat multifactor authentication. New research has uncovered a criminal service called “EvilProxy” that steals session cookies to bypass MFA and compromise accounts

Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds

Dark Reading

The US government and the Open Source Security Foundation have released guidance to shore up software supply chain security, and now it's up to developers to act

Police Across US Bypass Warrants With Mass Location-Tracking Tool

WIRED Threat Level

Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more. Security Security / Cyberattacks and Hacks Security / Privacy Security / Security News

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The U.S.

IT 110

LA School District Forewarned of Malware, Attack Risks

Data Breach Today

Also: Vice Society Ransomware Gang Claims Credit for Attack The only surprising aspect of the ransomware attack against Los Angeles Unified School District is that it didn’t happen sooner. The district was warned of cybersecurity weaknesses in the 20 months leading to its ransomware attack.

Risk 207

Researchers Spot Snowballing BianLian Ransomware Gang Activity

Dark Reading

The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace

Healthcare Cyberattacks Lead to Increased Mortality, Lower Patient Care: Ponemon Study

eSecurity Planet

Nearly a quarter of healthcare organizations hit by ransomware attacks experienced an increase in patient mortality, according to a study from Ponemon Institute and Proofpoint released today.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Classified NATO documents sold on darkweb after they were stolen from Portugal

Security Affairs

Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA).

Who's Disrupting Ransomware Groups' Stolen Data Leak Sites?

Data Breach Today

Major Drama in the Online Underworld Who's been disrupting ransomware operations' data leak sites by targeting them with distributed denial-of-service attacks?

Why Ports Are at Risk of Cyberattacks

Dark Reading

More docked ships bring a new challenge. The longer a ship is docked, the more vulnerable the port is to a cyberattack

Risk 100

New Phishing-as-a-Service Platform

KnowBe4

Researchers at Resecurity have discovered a new Phishing-as-a-Service (PhaaS) platform called “EvilProxy” that’s being offered on the dark web.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Samsung discloses a second data breach this year

Security Affairs

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach.

Protecting Industrial Security When Uptime Is Essential

Data Breach Today

In this episode of "Cybersecurity Unplugged," Mark Cristiano of Rockwell Automation discusses Rockwell's cybersecurity journey, the particular challenges of deploying cybersecurity in an OT environment, and the minimum and proper industrial protections that organizations need to have in place

How to Stop DDoS Attacks: Prevention & Response

eSecurity Planet

Distributed denial-of-service (DDoS) attacks cause problems for organizations of all sizes. To fight DDoS attacks, organizations and teams need to implement the three standard phases for any IT threat: preparation, reaction, and recovery.

Cloud 99

Building a Security Culture With Behavior Design

KnowBe4

Anyone who has run security awareness programs for a while knows that changing human behaviour is not an easy task. And that sometimes the problem with awareness is that "awareness" alone does not automatically result in secure behavior. Security Culture Cybersecurity Awareness Month

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Google rolled out emergency fixes to address actively exploited Chrome zero-day

Security Affairs

Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in the wild. Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild.

ISMG Editors: Kicking the Criminals Out of Cryptocurrency

Data Breach Today

Crypto Expert Joins ISMG Panel to Discuss Recent Revelations, Regulatory Actions In the latest weekly update, Ari Redbord, head of legal and government affairs at TRM Labs, joins ISMG editors to discuss how extremist groups could circumvent sanctions and fund terrorism through NFTs, the limitations of digital assets regulations, and new U.K.

It’s Time to Get Real About TikTok’s Risks

WIRED Threat Level

US lawmakers keep warning about the popular app. But until they can explain what makes it uniquely dangerous, it’s difficult to tailor a resolution. Security Security / National Security Security / Privacy

Risk 89