Sat.Sep 04, 2021 - Fri.Sep 10, 2021

IoT Attacks Skyrocket, Doubling in 6 Months

Threatpost

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets. IoT Most Recent ThreatLists

Mining 111

Preparing for Ransomware: Are Backups Enough?

eSecurity Planet

In a year where ransomware has raised the alert levels everywhere, the go-to answer from many is redundancy through offline, remote backups – but are they enough? Backups are a critical component of any enterprise cybersecurity posture, but they are not an airtight strategy.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence.

Criminals' Wish List: Who's Their Ideal Ransomware Victim?

Data Breach Today

Revenue, Size, Geography and Level of Access Help Determine Sale Price for Access The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website.

More Trending

Experts confirmed that the networks of the United Nations were hacked earlier this year

Security Affairs

The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg. The United Nations on Thursday confirmed that its computer networks were hit by a cyberattack earlier this year. “We

Sales 105

Zero-Day Attacks Exploit MSHTML Flaw in Microsoft Windows

Data Breach Today

Workarounds Detailed to Block Active Attack; Microsoft Has Yet to Release Patches Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available.

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack.

IoT 230

GUEST POST: How China’s updated digital plans impacts U.S. security and diplomacy

The Last Watchdog

In May 2021, China unveiled their updated Five-Year Plan to the world. This plan marks the 14th edition of their socioeconomic, political, and long-range objectives, and has set the tone for a Chinese-dominated supply chain that will be accomplished using antitrust, intellectual property, and standards tools to promote industrial policies. Their plan poses a grave threat to the US.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

A new botnet named M?ris is behind massive DDoS attack that hit Yandex

Security Affairs

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as M?ris.

IoT 104

The Cost of Cloud Compromise and Shadow IT

Data Breach Today

Cloud 255

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email.

A Texas Abortion ‘Whistleblower’ Site Still Can't Find a Host

WIRED Threat Level

Even the most extreme internet infrastructure providers have turned their backs on the website for violating their terms of service. Security Security / Security News

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Pacific City Bank hit by AVOS Locker Ransomware

Security Affairs

Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it.

SEC Warns of Fraudulent Cryptocurrency Schemes

Data Breach Today

Experts Say Social Engineering Continues to Drive Illicit Activity The U.S. SEC in a new advisory warns against schemes targeting digital assets.

Catches of the month: Phishing scams for September 2021

IT Governance

Welcome to September’s review of phishing scams, in which we look at criminals’ latest tactics and provide examples of successful frauds. This month, we review a pair of phishing campaigns centred on sex-related offences. Criminal hacker breaks into iCloud accounts to find pictures of naked women.

IT 96

BrakTooth Flaws Affect Billions of Bluetooth Devices

WIRED Threat Level

Plus: A spyware ban, a big WhatsApp fine, and more of the week's top security news. Security Security / Security News

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Microsoft warns of a zero-day in Internet Explorer that is actively exploited

Security Affairs

Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs.

Risk 99

Moxa Devices Prone to Vulnerabilities Affecting Railways

Data Breach Today

Flaws Fixed, Mitigations Issued for Discontinued Devices SEC Consult reportedly found multiple vulnerabilities in Moxa devices used in critical infrastructures including railways, manufacturing, cellular and heavy industries.

Palo Alto Enters Small Business, Remote and Home Markets with Okyo

eSecurity Planet

Palo Alto Networks (PANW) is bringing its enterprise-class security to small business and home markets with Okyo , a Wi-Fi 6 hardware device announced today.

Information Governance – 3 Common Pitfalls and How to Avoid Them

AIIM

What is Information Governance, and Why is it Important? There are many benefits to constructing an Information Governance program plan.

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

TrickBot gang developer arrested at the Seoul international airport

Security Affairs

A Russian man accused of being a member of the infamous TrickBot gang was arrested while trying to leave South Korea. A Russian man accused of being a member of the TrickBot gang was arrested last week at the Seoul international airport.

Howard University Hit With Ransomware Attack

Data Breach Today

Classes Canceled as the University's IT Staff Repairs Damage Howard University canceled classes Tuesday in the wake of a ransomware attack it first detected on Friday, the university has announced. There is no evidence the attackers accessed or exfiltrated personal information, the school says

Zero Day Threats: Preparation is the Best Prevention

eSecurity Planet

Zero day threats can be the source of some of the most dangerous kinds of cyberattacks. Zero day attacks take advantage of vulnerabilities that haven’t been discovered or are not publicly known yet.

Risk 90

ProtonMail Now Keeps IP Logs

Schneier on Security

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.” ” Uncategorized anonymity courts data collection data protection e-mail privacy

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Zoho warns of zero-day authentication bypass flaw actively exploited

Security Affairs

Zoho urges customers to address an authentication bypass vulnerability in its ManageEngine ADSelfService Plus that is actively exploited in the wild.

DDoS Attack Disrupts New Zealand Banks, Post Office

Data Breach Today

NZ CERT: Intermittent Disruptions at Financial Organizations New Zealand's Computer Emergency Response Team says it is aware of ongoing distributed denial-of-service attacks that have disrupted services at several organizations in the country, including some financial institutions and the national postal service.

WhatsApp Fixes Its Biggest Encryption Loophole

WIRED Threat Level

The ubiquitous messaging service will add end-to-end encryption to backups, keeping your chats safe no matter whose cloud they're stored in. Security Security / Privacy