Sat.Sep 17, 2022 - Fri.Sep 23, 2022

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

Cybersecurity is a top concern for individuals and businesses in the increasingly digital world. Billion-dollar corporations, small mom-and-pop shops and average consumers could fall victim to a cyberattack. Related: Utilizing humans as security sensors. Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service.

15-Year-Old Python Flaw Slithers into Software Worldwide

Dark Reading

An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559

101
101
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Automatic Cheating Detection in Human Racing

Schneier on Security

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field?

A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder

Security Affairs

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang.

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Harassment Site Kiwi Farms Breached

Data Breach Today

Assume Password, Email and IPs Leaked as an Attempt to Export User Database Made One of the internet's worst websites is down following a weekend hack that may have exposed the email, password and IP address of Kiwi Farms yses.

More Trending

SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity

The Last Watchdog

The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.

Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

Dark Reading

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign

FBI Warns Healthcare Sector of Surge in Payment Scams

Data Breach Today

Cybercriminals Using Social Engineering, Phishing to Divert Payments Cybercriminals are netting multimillion-dollar hauls by targeting healthcare industry payment processing, the FBI warns.

Bitdefender releases Universal LockerGoga ransomware decryptor

Security Affairs

Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom.

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

[HEADS UP] Bank of America Warns About Recent Scams That Request Zelle Payment Due to 'Suspicious Activity'

KnowBe4

Bank of America recently sent a customer service email warning users to watch out for this new phishing attack. Social Engineering Phishing

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Dark Reading

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments

Ransomware’s Future: A Lucrative Money Spinner

Data Breach Today

Intel 471’s Michael DeBolt Says Anti-Ransomware Actions Will Take Time What is the future of ransomware, and is it going to continue with the same intensity of the last few years?

Analyzing IP Addresses to Prevent Fraud for Enterprises

Security Affairs

How can businesses protect themselves from fraudulent activities by examining IP addresses? The police would track burglars if they left calling cards at the attacked properties. Internet fraudsters usually leave a trail of breadcrumbs whenever they visit websites through specific IP addresses.

Risk 98

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Software Supply Chain Security Guidance for Developers

eSecurity Planet

Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery ( CI/CD ) compromises, or basic web exploitation of outdated dependencies , there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom , and exfiltrate critical data.

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

Dark Reading

It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services

Ransomware’s Future: A Continuing Money Spinner

Data Breach Today

Intel 471’s Michael DeBolt Says Anti-Ransomware Actions Will Take Time What is the future of ransomware, and is it going to continue with the same intensity of the last few years?

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability.

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Schneier on Security

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.”

Ransomware: The Latest Chapter

Dark Reading

As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks

Australian Telco Optus Warns of 'Significant' Data Breach

Data Breach Today

Current and Former Customers' Contact Details Exposed, But No Financial Information Australian telecommunications giant Optus is warning that current and former customers' personal details were exposed, including some driver's license and passport details, but no passwords or financial details, after it suffered a major data breach.

Social Engineering Targets Healthcare Payment Processors

KnowBe4

The US Federal Bureau of Investigation (FBI) has issued an alert warning of an increase in phishing and other social engineering attacks against healthcare payment processors. Social Engineering Phishing

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Iran’s Internet Shutdown Hides a Deadly Crackdown

WIRED Threat Level

Amid protests against the killing of Mahsa Amini, authorities have cut off mobile internet, WhatsApp, and Instagram. The death toll continues to rise. Security Security / National Security

Don't Wait for a Mobile WannaCry

Dark Reading

Attacks against mobile phones and tablets are increasing, and a WannaCry-level attack could be on the horizon

100
100

Australian Telco Optus Investigates Scope of Large Breach

Data Breach Today

Optus CEO Apologizes and Says Incident Under ‘Criminal Investigation’ A criminal investigation is under way into a breach at Optus, Australia’s second-largest telecommunications company. Optus’s CEO says the company will notify those affected. It’s unknown so far who perpetrated the attack.

Credit Card Fraud That Bypasses 2FA

Schneier on Security

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Threat Group TeamTNT Returns with New Cloud Attacks

eSecurity Planet

A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys.

Cloud 90

DDoS Attack Against Eastern Europe Target Sets New Record

Dark Reading

The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe

101
101

Cyberattack Disrupts Michigan School District for 2nd Day

Data Breach Today

K-12 Educational Sector Is a Target for Ransomware Gangs School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following a cyberattack. Students have been told not to use district-issued Chromebooks.