Sat.Jul 23, 2022 - Fri.Jul 29, 2022

TSA Issues New Cybersecurity Directive for Oil Pipelines

Data Breach Today

Directive Emphasizes Continuous Monitoring and Assessments U.S. federal regulators are revamping their approach to oil pipeline cybersecurity by telling operators they have newfound latitude so long as they implement continuous monitoring and test their posture.

A database containing data of 5.4 million Twitter accounts available for sale

Security Affairs

Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.

Sales 114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Economic Downturn Raises Risk of Insiders Going Rogue

Dark Reading

Insiders could become more vulnerable to cybercrime recruitment efforts, new report says

Risk 104

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

The 911 service as it existed until July 28, 2022. re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Phishing-as-a-Service Platform Offers Cut-Rate Prices

Data Breach Today

Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries.

More Trending

Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization

Dark Reading

The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams

IT 114

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database.

Keys to LockBit's Success: Self-Promotion, Technical Acumen

Data Breach Today

Dominant Ransomware Group Remains Highly Active, Has Enjoyed Unusual Longevity Since the decline and fall of the Conti ransomware brand earlier this year, LockBit appears to have seized the mantle, listing more victims on its data leak site than any other.

FIRESIDE CHAT: ‘Attack surface management’ has become the centerpiece of cybersecurity

The Last Watchdog

Post Covid 19, attack surface management has become the focal point of defending company networks. Related: The importance of ‘SaaS posture management’ As digital transformation continues to intensify, organizations are relying more and more on hosted cloud processing power and data storage, i.e. Platform as a Service ( PaaS ,) as well as business tools of every stripe, i.e. Software as a Service ( SaaS. ).

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Why Bug-Bounty Programs Are Failing Everyone

Dark Reading

In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes

How Tor Is Fighting—and Beating—Russian Censorship

WIRED Threat Level

Russia has been trying to block the anonymous browser since December—with mixed results. Security Security / Security News

Ransomware Ecosystem: Big-Name Brands Becoming a Liability

Data Breach Today

Midsized Businesses Are the New Frontier for Ransomware Demands Here's unwelcome ransomware news: When a ransomware victim chooses to pay a ransom, the average amount has increased to $228,125, reports ransomware incident response firm Coveware.

Exploitation is underway for a critical flaw in Atlassian Confluence Server and Data Center

Security Affairs

Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center. Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware

Dark Reading

Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests

New UFEI Rootkit

Schneier on Security

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer.

The Decade in Vulnerabilities and Why They Persist

Data Breach Today

Despite 'Patch or Perish' Problem, Bugs Rarely Burn Out, Instead Slowly Fading Away Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out.

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads.

Sales 102

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

What Women Should Know Before Joining the Cybersecurity Industry

Dark Reading

Three observations about our industry that might help demystify security for women entrants

Beware of Sophisticated Malicious USB Keys

KnowBe4

Malicious USB keys have always been a problem. There is almost no professional penetration testing team that does not drop a handful of USB keys outside of any targeted organization and see success from employees plugging them in and opening boobytrapped documents or running malicious executables.

92

Facebook Slapped With Another Health Data Privacy Lawsuit

Data Breach Today

Proposed Class Action Claims Meta Pixel Tracks Sensitive Patient Info Another proposed federal class action lawsuit alleges Facebook uses its Pixel tracking tool to collect millions of individuals' sensitive health data from healthcare provider websites without patients' knowledge or consent.

The strange similarities between Lockbit 3.0 and Blackmatter ransomware

Security Affairs

Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit 3.0 , and the BlackMatter ransomware. The Lockbit 3.0

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Discord, Telegram Services Hijacked to Launch Array of Cyberattacks

Dark Reading

Attackers are easily turning popular messaging apps and their associated services — like bots, cloud infrastructure, and CDNs — against users, researchers warn

Cloud 105

How to Secure DNS

eSecurity Planet

The domain name system (DNS) is basically a directory of addresses for the internet. Your browser uses DNS to find the IP for a specific service.

ISMG Editors: Privacy Special With Lisa Sotto

Data Breach Today

LockBit 3.0, New US Privacy Laws and FTC Initiatives to Watch Lisa Sotto of Hunton Andrews Kurth LLP joins three ISMG editors to discuss important cybersecurity and privacy issues, including data breach preparedness, the evolution of LockBit 3.0

Akamai blocked the largest DDoS attack ever on its European customers

Security Affairs

This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers.

IT 97

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

8 Hot Summer Fiction Reads for Cybersecurity Pros

Dark Reading

A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts

Reported USB Scam Shows the Importance of Security Awareness Training

KnowBe4

Just when you thought scammers couldn't get more tricky in their attacks, this example will prove you wrong. Security Awareness Training

Ukraine, US Sign Cybersecurity Pact

Data Breach Today

Agreement Focuses on Data Sharing, Conducting Joint Exercises Ukrainian and U.S. officials pledged closer cybersecurity collaboration, announcing a memorandum of cooperation after Ukrainian officials discussed Russian threat actors in a meeting with the FBI in New York.