Sat.Oct 22, 2022 - Fri.Oct 28, 2022

Security Alert: Daixin Ransomware Targets Healthcare

Data Breach Today

Cybercrime Gang Wields Phishing Emails and Proficiency for VMware Environments Beware ransomware and data extortion shakedowns that trace to a cybercrime gang called Daixin Team, which is especially targeting the healthcare sector, as well as wielding phishing emails and a proficiency with VMware server environments, warns a new U.S.

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to. There are several ways you can protect your business from data breaches. Create security awareness for employees.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Stress Is Driving Cybersecurity Professionals to Rethink Roles

Dark Reading

Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows

The Anticipant Organization

OpenText Information Management

Imagine if the world went dark and there were no internet. Even for a day. For a week. Consider the massive fallout for organizations everywhere. Digitalization has morphed from a useful function to a bedrock of society. It is at the center of all future growth.

IT 86

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Major UK Outsourcer Hit With Multi-Million Dollar Fine Due to a Phishing Attack

KnowBe4

Britain's data watchdog has fined major construction group Interserve with a £4.4m This was due to a cyber attack stole personal and financial details for over 113,000 employees and the company failed to stop the attack. Phishing

More Trending

FIRESIDE CHAT: Timely employee training, targeted testing needed to quell non-stop phishing

The Last Watchdog

Humans are rather easily duped. And this is the fundamental reason phishing persists as a predominant cybercriminal activity. Related: How MSSPs help secure business networks. Tricking someone into clicking to a faked landing page and typing in their personal information has become an ingrained pitfall of digital commerce. The deleterious impact on large enterprises and small businesses alike has been – and continues to be — profound.

Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn

Dark Reading

A CISA advisory warns that the Daixin Team ransomware group has put the US healthcare system in its crosshairs for data extortion, and provides tools to fight back

Thomson Reuters collected and leaked at least 3TB of sensitive data

Security Affairs

The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online. Original post at [link].

IoT 104

Cyber Events Disrupt Polish, Slovakian Parliament IT Systems

Data Breach Today

Poland Senate Alleges Russian Connection to DDoS Attack Parliament IT systems in two East European capitals were disrupted Thursday. The Poland Senate said a distributed denial-of-service attack partially originated from inside Russia.

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

AIIM Names Tori Miller Liu Chief Executive Officer

AIIM

The Association for Intelligent Information Management (AIIM), the world’s leading association dedicated to the information management industry and its practice, announced today that it has appointed Tori Miller Liu as its next Chief Executive Officer, effective December 1, 2022.

Cybersecurity Risks & Stats This Spooky Season

Dark Reading

From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons

Risk 104

Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads

Security Affairs

Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads.

Medlab Pathology Breach Affects 223,000 Australians

Data Breach Today

Medical Records and Credit Card Details of Patients Compromised One of Australia's largest private testing laboratories announced a data breach affecting 223,000 Australians. Ransomware-as-a-service group Quantum took credit for the incident, posting an 86-gigabyte file in June.

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

If Musk Starts Firing Twitter's Security Team, Run

WIRED Threat Level

What's next for the social network is anyone's guess—but here's what to watch as you wade through the privacy and security morass. Security Security / Cyberattacks and Hacks Security / Privacy Business Business / Social Media

Cisco Warns AnyConnect VPNs Under Active Cyberattack

Dark Reading

Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures

OpenSSL to fix the second critical flaw ever

Security Affairs

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit.

Fallout From Medibank Hack Grows

Data Breach Today

About 4M Australians Affected by Extortion Demand Made Against the Health Insurer Fallout from the hack of Australian health insurer Medibank continues to worsen as the company twice this week acknowledged a wider set of affected individuals.

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

eSecurity Planet

GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found.

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

Dark Reading

When we think about cybercrime and retail it is natural to focus on websites being targeted with attacks. Indeed, there has been a shocking rise in the number of cyberattacks perpetrated against online retailers in the past year.

Multiple vulnerabilities affect the Juniper Junos OS

Security Affairs

Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices.

UK Firm Fined for Poor Security Prior to Ransomware Attack

Data Breach Today

Interserve Ran Obsolete Servers and Didn't Verify Malware Deletion The U.K. Information Commissioner levied a nearly $5 million fine against Interserve Group Limited for its lack of security protections in the run-up to a 2020 ransomware attack.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Critical Vulnerability in Open SSL

Schneier on Security

There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable.

Atlassian Vulnerabilities Highlight Criticality of Cloud Services

Dark Reading

Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk

Cloud 97

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Security Affairs

Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723.

Apple Issues Emergency iOS Fix as Kernel Zero-Day Exploited

Data Breach Today

Immediate Updating Recommended as Any App in iOS and iPad Exploitable Apple has issued a slew of security updates amidst reports that its iOS devices are being actively exploited via a zero-day vulnerability in the kernel.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Over Two-Thirds of Organizations Have No Ransomware-Specific Incident Response Playbook

KnowBe4

A newly released report on ransomware preparedness shows organizations are improving their security stance in comparison to last year, but overall still aren’t doing enough. Ransomware

Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit

Dark Reading

A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws

New York Post hacked? No, the culprit is an employee

Security Affairs

Threat actors hacked the website and Twitter account of the New York Post and published offensive messages against US politicians.