Sat.Nov 07, 2020 - Fri.Nov 13, 2020

Probing Marriott's Mega-Breach: 9 Cybersecurity Takeaways

Data Breach Today

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

9 New Tactics to Spread Security Awareness

Dark Reading

Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages.

IoT 182

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

How a Game Developer Leaked 46 Million Accounts

Data Breach Today

WildWorks Data Breach Shows Danger of Sharing Sensitive Keys Over Chat Chat and collaboration software tools such as Slack are critical for software development teams.

More Trending

The EU’s draft Data Governance Act: an own goal?

Data Protector

The EU’s draft Data Governance Act is designed to facilitate the greater sharing of non-Personal data within the EU. Such big data ought to provide new insights and benefit the lives of EU citizens, the EU thinking goes.

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Related: CEOs quit Tweeting to protect their companies A confluence of technical and social developments points to username-and-password logons becoming obsolete over the next few years.

Banking Trojan Can Spy on Over 150 Financial Apps

Data Breach Today

Kaspersky: Ghimob Malware Started in Brazil But Is Spreading A recently uncovered banking Trojan targeting Android devices can spy on over 150 apps, including those of banks, cryptocurrency exchanges and fintech firms, as a way to gather credentials and other data, according to an analysis by security firm Kaspersky.

Patch Tuesday, November 2020 Edition

Krebs on Security

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users.

IT 195

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

The Scammer Who Wanted to Save His Country

WIRED Threat Level

Last fall, a hacker gave Glenn Greenwald a trove of damning messages between Brazil’s leaders. Some suspected the Russians. The truth was far less boring. Security Security / Cyberattacks and Hacks Backchannel

Want to Avoid an Extreme Cyberloss? Focus on the Basics

Dark Reading

New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events

113
113

Tom Kellermann: Post-Election Security Analysis

Data Breach Today

Cybersecurity Strategist Warns of Pre-Inauguration Nation-State Strikes The good news: U.S. election security measures seem to have worked. The bad news: Disinformation and misinformation campaigns continue.

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

Many popular OS and applications have been hacked during this year’s edition of the Tianfu Cup hacking competition.

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

2020 Was a Secure Election

Schneier on Security

Over at Lawfare: “ 2020 Is An Election Security Success Story (So Far).” ” What’s more, the voting itself was remarkably smooth.

Data Privacy Gets Solid Upgrade With Early Adopters

Dark Reading

The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Lee, which gives users more control of their data

Hackers Stealing and Selling VoIP Access

Data Breach Today

Attackers Exploit a Vulnerability in Asterisk VoIP PBX Servers Check Point Research has uncovered a large and likely profitable business model that involves hackers attacking and gaining control of certain VoIP services, which enables them to make phone calls through a company's compromised system

Access 230

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike

Security Affairs

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks.

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

The Security Failures of Online Exam Proctoring

Schneier on Security

Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them.

Manufacturing Sees Rising Ransomware Threat

Dark Reading

Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats

Biden's Cybersecurity Mission: Regain Momentum

Data Breach Today

Experts Say Cybersecurity Will Be a Higher Priority Cybersecurity is poised to become a higher White House priority when President-elect Joe Biden takes office. And he's expected to renew key international relationships needed in the fight against cyberattacks

Costaricto APT: Cyber mercenaries use previously undocumented malware

Security Affairs

CostaRicto APT is targeting South Asian financial institutions and global entertainment companies with undocumented malware.

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

Breached Mashable User Database Leaked Online

Adam Levin

The personal information of technology and culture website Mashable.com users has been discovered in a leaked database online. Mashable announced the leak late November 8, in an announcement on its website. “[W]e

The Double-Edged Sword of Cybersecurity Insurance

Dark Reading

With ransomware on the rise, more organizations are opting to purchase cyber insurance -- tipping off criminals about how much to demand for access back to pilfered systems and data

FTC Settlement With Zoom Sets Security Requirements

Data Breach Today

Agency Requires Comprehensive Security Program As part of a settlement of allegations that Zoom "engaged in a series of deceptive and unfair practices that undermined the security of its users," the U.S.

Three APT groups have targeted at least seven COVID-19 vaccine makers

Security Affairs

At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns. Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Why MSPs and their partners must prioritise cyber security

IT Governance

Cyber attackers have been increasingly turning their attention to MSPs (managed service providers) in recent years, with devastating results. MSPs often work with dozens, if not hundreds, of organisations – so a single vulnerability can have far-reaching consequences.

Risk 97

Flaws in Privileged Management Apps Expose Machines to Attack

Dark Reading

The Intel Support Assistant is the latest Windows utility to be found that could expose millions of computers to privilege-escalation attacks through file manipulation and symbolic links

100
100

APT Groups Target Firms Working on COVID-19 Vaccines

Data Breach Today

Microsoft Says Attacks on Seven Companies Blocked Three state-sponsored advanced persistent threat groups - one Russian, two North Korean - have been targeting companies across the globe involved with COVID-19 vaccine and treatment development, Microsoft says

221
221