Sat.Sep 24, 2022 - Fri.Sep 30, 2022

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be.

FIRESIDE CHAT: Why ‘digital resiliency’ has arisen as the Holy Grail of IT infrastructure

The Last Watchdog

Digital resiliency has arisen as something of a Holy Grail in the current environment. Related: The big lesson of Log4j. Enterprises are racing to push their digital services out to the far edge of a highly interconnected, cloud-centric operating environment. This has triggered a seismic transition of company networks, one that has put IT teams and security teams under enormous pressure.

IT 159
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules

Dark Reading

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys

Would-be Software Pirates Served Malware Through 'NullMixer'

Data Breach Today

NullMixer Opens Windows To Dozens of Malicious Files A new malware dropper uncovered by Kaspersky targets would-be users of pirated software with a slew of nasty infections including backdoors, Trojan-Bankers, downloaders, spyware and more. The cybersecurity company calls the dropper "NullMixer

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities.

More Trending

GUEST ESSAY: The case for an identity-first approach ‘Zero Trust’ privileged access management

The Last Watchdog

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry.

Access 146

Uber Ex-CSO's Trial: Who's Responsible for Breach Reporting?

Data Breach Today

While Joe Sullivan Is Accused of Perpetrating Cover-Up, Where Should the Buck Stop? Should the now-former CSO of Uber have reported a security incident to authorities after discovering signs of unusual behavior?

Most Attackers Need Less Than 10 Hours to Find Weaknesses

Dark Reading

Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days

110
110

The Best VPNs to Protect Yourself Online

WIRED Threat Level

It won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers. Gear Gear / Buying Guides Gear / How To and Advice Security Security / Security Advice

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

GUEST ESSAY: These advanced phishing tactics should put all businesses on high alert

The Last Watchdog

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Related: The threat of ‘business logic’ hacks. The Iranian hacker group TA453 has recently been using a technique that creates multiple personas to trick victims , deploying “social proof” to scam people into engaging in a thread. One example comes from Proofpoint, where a researcher began corresponding with an attacker posing as another researcher.

Assessing Growing Cyberthreats to Africa's Financial Sector

Data Breach Today

Rob Dartnall of Security Alliance Shares Insights on Current and Emerging Trends Financial services firms in Africa are becoming bigger cyber targets as they expand into new mobile payment and financial inclusion products.

OpIran: Anonymous declares war on Teheran amid Mahsa Amini’s death

Security Affairs

OpIran: Anonymous launched Operation Iran against Teheran due to the ongoing crackdown on dissent after Mahsa Amini’s death. Anonymous launched OpIran against Iran due to the ongoing crackdown on dissent after Mahsa Amini’s death.

How to Advocate for Data Privacy and Users' Rights

WIRED Threat Level

Want to speak up against Big Tech, unjust data collection, and surveillance? Here's how to be an activist in your community and beyond. Security Security / Privacy Security / Security Advice Gear / How To and Advice

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Capital One Phish Showcases Growing Bank-Brand Targeting Trend

Dark Reading

Capital One lures leveraged the bank's new partnership with Authentify, showing that phishers watch the headlines, and take advantage

Code42's Joe Payne on Why Source Code Theft Is So Prevalent

Data Breach Today

CEO Shares Strategies to Overcome Technical, Cultural Challenges of This Top Threat Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer.

Experts uncovered novel Malware persistence within VMware ESXi Hypervisors

Security Affairs

Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors.

Fake Emails Purporting to be from UK Energy Regulator

KnowBe4

A phishing campaign is impersonating UK energy regulator Ofgem, according to Action Fraud, the UK’s cybercrime reporting centre. Phishing

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

Dark Reading

The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say

105
105

Feds: Chinese Hacking Group Undeterred by Indictment

Data Breach Today

Indictment 'Did Not Hinder APT41’s Operations,' says HHS HC3 Two federal indictments against APT41, a Chinese state-sponsored hacking group, haven't slowed down its operations, the U.S. government acknowledges in a warning telling the healthcare sector to be vigilant about the threat actor.

New Report on IoT Security

Schneier on Security

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.”

IoT 99

APT28 relies on PowerPoint Mouseover to deliver Graphite malware

Security Affairs

The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports

Dark Reading

Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API

OT Security Shorted by Nuclear Weapon Oversight Agency

Data Breach Today

National Nuclear Security Administration Made 'Limited Progress,' Says GAO The U.S. federal agency responsible for the ongoing functionality of the nuclear weapons stockpile hasn't gotten its arms around how to secure operational technology, says the Government Accountability Office.

Leaking Passwords through the Spellchecker

Schneier on Security

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.

Threat actors use Quantum Builder to deliver Agent Tesla malware

Security Affairs

The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Dangerous New Attack Technique Compromising VMware ESXi Hypervisors

Dark Reading

China-based threat actor used poisoned vSphere Installation Bundles to deliver multiple backdoors on systems, security vendor says

Chilean Court System Hit With Ransomware Attack

Data Breach Today

A Raft of Cyber Disruptions Hit the South American Country in September A phishing email led to the spread of the Cryptolocker Trojan inside the court system of Chile, adding to a growing list of cyber disruptions affecting the South American country.

Where VCs Are Investing in Cybersecurity

eSecurity Planet

Between a plunging stock market, rising interest rates and a slumping economy, raising venture capital has not been easy this year. This has even been the case for high-priority categories like cybersecurity. According to data from PitchBook, venture capital investments have reached about $13.66