Sat.Nov 12, 2022 - Fri.Nov 18, 2022

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020.

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The Last Watchdog

Ever feel like your smart home has dyslexia? Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability. Related: Why standards are so vital. Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations. The technology industry hopes that Matter arises as the lingua franca for the Internet of Things.

IoT 149
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Twitter Two-Factor Authentication Has a Vulnerability

Data Breach Today

Hackers Gain Path to Potential Account Takeover by Turning Off SMS Second Factor Twitter accounts that use SMS for two-factor authentication are at a heightened risk of account takeover with the disclosure that texting "STOP" to the verification service results in it being turned off.

F5 fixed 2 high-severity Remote Code Execution bugs in its products

Security Affairs

Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS.

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

IT 228

More Trending

Ransomware Attackers Don't Take Holidays

Data Breach Today

Cybereason's Sam Curry on the Financial and Business Impact of After-Hours Strikes Cyberattackers love to strike on weekends and holidays - that's not news. What is news: These attacks cost more than weekday incidents, and they take a heavy toll on defenders.

Instagram Impersonators Target Thousands, Slipping by Microsoft's Cybersecurity

Dark Reading

The socially engineered campaign used a legitimate domain to send phishing emails to large swaths of university targets

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Krebs on Security

Vyacheslav “Tank” Penchukov , the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism.

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

Discord Fined by French CNIL for GDPR Violations

Data Breach Today

Video Streamer Pays 800,000 Euros to Settle Probe of Privacy and Security Practices The French data protection authority fined Discord 800,000 euros for privacy and security practices that violate the General Data Protection Regulation.

GDPR 203

Zero-Trust Initiatives Stall, as Cyberattack Costs Rocket to $1M per Incident

Dark Reading

Researchers find current data protections strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defense initiatives

IT 108

Vulnerability Patching: How to Prioritize and Apply Patches

eSecurity Planet

Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them.

Two public schools in Michigan hit by a ransomware attack

Security Affairs

Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems.

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Ransomware-as-a-Service Market Now Highly Specialized

Data Breach Today

Services Include Subscription Models, Bug Bounties and High-Paying Jobs Budding cybercriminals can purchase a large number of specialized services from the ransomware criminal underground, reports cybersecurity firm Sophos.

Ukraine's 'IT Army' Stops 1,300 Cyberattacks in 8 Months of War

Dark Reading

President Zelensky offers hard-won Ukrainian cybersecurity expertise to other countries that want to protect citizen populations

Here’s How Bad a Twitter Mega-Breach Would Be

WIRED Threat Level

Elon Musk laid off half the staff, and mass resignations seem likely. If nobody’s there to protect the fort, what’s the worst that could happen? Security Security / Cyberattacks and Hacks Business / Social Media

Watch Out For This Tricky New Tactic Called Clone Phishing

KnowBe4

Researchers at Vade Secure describe a type of phishing attack dubbed “clone phishing,” in which attackers follow up a legitimate email from a trusted sender with a replica, claiming that they forgot to include a link or attachment. Phishing

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

Arrest of Ukrainian in Cybercrime Case Shows Patience Pays

Data Breach Today

Suspect in Jabberzeus Banking Malware Gang Nabbed in Geneva The apparent arrest of a Ukrainian national long wanted on cybercrime charges in the U.S. shows that with much patience, law enforcement can notch successes.

The Next Generation of Supply Chain Attacks Is Here to Stay

Dark Reading

With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe and Latin America. North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn.

One in Five Public-Facing Cloud Storage Buckets Expose Sensitive Data

eSecurity Planet

Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today.

Cloud 97

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Pro-Moscow Nuisance Hackers Claim DDoS Attack on FBI Website

Data Breach Today

KillNet Asserts It Temporarily Made FBI Websites Unavailable Pro-Kremlin hackers claimed credit for a denial-of-service attack against FBI websites, marking the latest in a series of nuisance attacks.

Misconfigurations, Vulnerabilities Found in 95% of Applications

Dark Reading

Weak configurations for encryption and missing security headers topped the list of software issues found during a variety of penetration and application security tests

Experts found critical RCE in Spotify’s Backstage

Security Affairs

Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify’s Backstage (CVSS Score of 9.8).

The new wave of digital mailroom automation

OpenText Information Management

Capture in the mailroom is not a new concept. It was first deployed in Europe in the aughts to understand the scanned contents of an envelope—to classify and route incoming mail to whomever it is addressed. It caught on in a more limited fashion in the U.S.,

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Russian Hackers Target Ukraine With Malicious Encryption

Data Breach Today

From Russia with Love Group Boasted of Removing Decryptor from Somnia Ransomware Russian hackers are on a campaign to maliciously encrypt the files of Ukrainian victims - but unlike other ransomware groups, doing so without the possibility of offering a decryptor.

DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions

Dark Reading

Although the group relies on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure victims

FTX Collapse Highlights the Cybersecurity Risks of Crypto

eSecurity Planet

John Jay Ray III is one of the world’s top bankruptcy lawyers. He has worked on cases like Enron and Nortel. But his latest gig appears to be the most challenging. On November 11, he took the helm at FTX, a massive crypto platform, which has plunged into insolvency.