Sat.Dec 26, 2020 - Fri.Jan 01, 2021

SolarWinds Orion: Fixes Aim to Block Sunburst and Supernova

Data Breach Today

Both Strains of Malware Among Multiple Tactics Being Used by Supply Chain Attackers Software vendor SolarWinds has updated multiple versions of its Orion network-monitoring software to address the Sunburst backdoor that was added to its code, and to block Supernova malware that exploited a vulnerability in Orion.

Reducing the Risk of Third-Party SaaS Apps to Your Organization

Dark Reading

Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks

Risk 102
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ransomware in 2020: A Banner Year for Extortion

Threatpost

From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.

Happy 11th Birthday, KrebsOnSecurity!

Krebs on Security

Today marks the 11th anniversary of KrebsOnSecurity! Thank you, Dear Readers, for your continued encouragement and support! With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

SolarWinds Attack: 'This Hit the Security Community Hard'

Data Breach Today

RiskIQ CEO Lou Manousos Details Lessons to Learn in Supply-Chain Attack Aftermath The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ.

More Trending

The Coolest Hacks of 2020

Dark Reading

Despite a pandemic and possibly the worst cyberattack campaign ever waged against the US, the year still had some bright spots when it came to "good" and creative hacks

IT 113

Russia’s SolarWinds Attack

Schneier on Security

Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world.

Ticketmaster Fined $10 Million for Hacking Competitor

Data Breach Today

The Ticket Seller Used Credentials Supplied by a Competitor's Former Staffer Ticketmaster has agreed to pay a $10 million criminal fine to resolve charges that the company illegally accessed an unnamed competitor's computer system on at least 20 separate occasions, using stolen passwords to conduct a cyber espionage operation.

New Golang-based Crypto worm infects Windows and Linux servers

Security Affairs

Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code

Dark Reading

Malicious SolarWinds Orion backdoor installed in Microsoft's network led to the attackers viewing some of its source code

Access 112

The Most Dangerous People on the Internet in 2020

WIRED Threat Level

This year saw plenty of destructive hacking and disinformation campaigns—but amid a pandemic and a historic election, the consequences have never been graver. Security Security / Cyberattacks and Hacks

Whirlpool Hit With Ransomware Attack

Data Breach Today

Nefilim Ransomware Gang Takes Responsibility, Posts Allegedly Stolen Data The major appliances giant Whirlpool acknowledges it was hit with a ransomware attack in November, with the cyber gang Nefilim taking responsibility for the cyber incident and claiming to have stolen company data

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Homomorphic Encryption: The 'Golden Age' of Cryptography

Dark Reading

The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors. So when can they get started

How Your Digital Trails Wind Up in the Police’s Hands

WIRED Threat Level

Phone calls. Web searches. Location tracks. Smart speaker requests. They’ve become crucial tools for law enforcement, while users often are unaware. Business Business / Computers and Software Security

T-Mobile Alerts Customers to New Breach

Data Breach Today

Compromised Information Includes Phone Numbers and Call-Related Information T-Mobile on Tuesday began informing a portion of its customers that some of their mobile phone account information may have been compromised in a data breach that took place in early December.

SolarWinds hackers gained access to Microsoft source code

Security Affairs

The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products.

Access 107

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

DDoS Attacks Spiked, Became More Complex in 2020

Dark Reading

Global pandemic and the easy availability of for-hire services and inexpensive tool sets gave adversaries more opportunities to attack

111
111

The Worst Hacks of 2020, a Surreal Pandemic Year

WIRED Threat Level

From ransomware schemes to supply chain attacks, this year melded classic hacks with extraordinary circumstances. Security Security / Cyberattacks and Hacks

Citrix Warns Its ADC Products Are Being Used in DDoS Attacks

Data Breach Today

Company Notes: Permanent Fix Won't Be Ready Until January Citrix is warning its customers that attackers are taking advantage of the company's ADC products to conduct and amplify DDoS attacks, according to a notification published by the firm.

IT 201

Today Adobe Flash Player reached the end of life (EOL)

Security Affairs

Today Adobe Flash Player has reached its end of life (EOL), its vulnerabilities were exploited by multiple threat actors in attacks in the wild over the years.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

10 Benefits of Running Cybersecurity Exercises

Dark Reading

There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills

Ransomware Is Headed Down a Dire Path

WIRED Threat Level

2020 was a great year for ransomware gangs. For hospitals, schools, municipal governments, and everyone else, it’s going to get worse before it gets better. Security Security / Cyberattacks and Hacks

SolarWinds Aftermath: 'This Hit the Security Community Hard'

Data Breach Today

RiskIQ CEO Lou Manousos on Lessons We Need to Learn From This Attack As CEO of RiskIQ, Lou Manousos has a unique view into the Internet Attack Surface Intelligence, Vulnerability & Analytics space.

Vermont Hospital confirmed the ransomware attack

Security Affairs

The Burlington-based University of Vermont Health Network has finally admitted that ransomware was behind the October attack. In October, threat actors hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year

Dark Reading

Remote Desktop flaws were a patching priority this year as Microsoft distributed fixes and businesses scrambled to protect remote employees

110
110

Brexit Deal Mandates Old Insecure Crypto Algorithms

Schneier on Security

In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information.

Microsoft Warned CrowdStrike of Possible Hacking Attempt

Data Breach Today

Failed Attack Reportedly Linked to Hackers Who Breached SolarWinds Microsoft warned CrowdStrike of a failed attempt by unidentified attackers to access and read the company's emails, according to a blog post published by the security firm.

Access 188