Sat.Sep 04, 2021 - Fri.Sep 10, 2021

IoT Attacks Skyrocket, Doubling in 6 Months

Threatpost

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets. IoT Most Recent ThreatLists

Mining 106

Preparing for Ransomware: Are Backups Enough?

eSecurity Planet

In a year where ransomware has raised the alert levels everywhere, the go-to answer from many is redundancy through offline, remote backups – but are they enough? Backups are a critical component of any enterprise cybersecurity posture, but they are not an airtight strategy.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence.

The Cost of Cloud Compromise and Shadow IT

Data Breach Today

Cloud 277

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website.

More Trending

A new botnet named M?ris is behind massive DDoS attack that hit Yandex

Security Affairs

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as M?ris.

IoT 110

Criminals' Wish List: Who's Their Ideal Ransomware Victim?

Data Breach Today

Revenue, Size, Geography and Level of Access Help Determine Sale Price for Access The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack.

IoT 190

GUEST POST: How China’s updated digital plans impacts U.S. security and diplomacy

The Last Watchdog

In May 2021, China unveiled their updated Five-Year Plan to the world. This plan marks the 14th edition of their socioeconomic, political, and long-range objectives, and has set the tone for a Chinese-dominated supply chain that will be accomplished using antitrust, intellectual property, and standards tools to promote industrial policies. Their plan poses a grave threat to the US.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

ProtonMail Now Keeps IP Logs

Schneier on Security

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.” ” Uncategorized anonymity courts data collection data protection e-mail privacy

Zero-Day Attacks Exploit MSHTML Flaw in Microsoft Windows

Data Breach Today

Workarounds Detailed to Block Active Attack; Microsoft Has Yet to Release Patches Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available.

257
257

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email.

WhatsApp fined €225M over GDPR issues

Security Affairs

The Irish Data Protection Commission has fined WhatsApp €225 million over data sharing transparency for European Union users’ data with Facebook.

GDPR 104

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Tracking People by their MAC Addresses

Schneier on Security

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones.

SEC Warns of Fraudulent Cryptocurrency Schemes

Data Breach Today

Experts Say Social Engineering Continues to Drive Illicit Activity The U.S. SEC in a new advisory warns against schemes targeting digital assets.

Palo Alto Enters Small Business, Remote and Home Markets with Okyo

eSecurity Planet

Palo Alto Networks (PANW) is bringing its enterprise-class security to small business and home markets with Okyo , a Wi-Fi 6 hardware device announced today.

International money launderer sentenced to more than 11 years

Security Affairs

A Canadian man, who helped North Korean threat actors to launder stolen funds, plead guilty to laundering tens of millions of dollars stolen in bank fraud schemes. A Canadian man who conspired to launder tens of millions of dollars stolen bank fraud schemes has been sentenced to 140 months in prison.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Lightning Cable with Embedded Eavesdropping

Schneier on Security

Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network. I blogged about a previous prototype here. Uncategorized Apple eavesdropping hacking key logging Wi-Fi

96

United Nations Says Intruders Breached Its Systems

Data Breach Today

Threat Actors Offered Credentials for UN's ERP Software; NATO Hit as Well The United Nations says on Thursday that its networks were accessed by intruders earlier this year, which lead to follow-on intrusions. Cybercrime analysts say they warned the agency when access credentials to a U.N.

IT 232

A Texas Abortion ‘Whistleblower’ Site Still Can't Find a Host

WIRED Threat Level

Even the most extreme internet infrastructure providers have turned their backs on the website for violating their terms of service. Security Security / Security News

Yandex is under the largest DDoS attack in the history of Runet

Security Affairs

The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week.

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

More Detail on the Juniper Hack and the NSA PRNG Backdoor

Schneier on Security

We knew the basics of this story , but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor. Uncategorized backdoors China firewall hacking Juniper NSA random numbers

IT 89

Howard University Hit With Ransomware Attack

Data Breach Today

Classes Canceled as the University's IT Staff Repairs Damage Howard University canceled classes Tuesday in the wake of a ransomware attack it first detected on Friday, the university has announced. There is no evidence the attackers accessed or exfiltrated personal information, the school says

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API.

Experts confirmed that the networks of the United Nations were hacked earlier this year

Security Affairs

The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg. The United Nations on Thursday confirmed that its computer networks were hit by a cyberattack earlier this year. “We

Sales 97

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Security Risks of Relying on a Single Smartphone

Schneier on Security

Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse.

DDoS Attack Disrupts New Zealand Banks, Post Office

Data Breach Today

NZ CERT: Intermittent Disruptions at Financial Organizations New Zealand's Computer Emergency Response Team says it is aware of ongoing distributed denial-of-service attacks that have disrupted services at several organizations in the country, including some financial institutions and the national postal service.

IT 234

The costly goldilocks approach to Energy maintenance

OpenText Information Management

For Energy companies, providing reliable and effective services depends on reliable and effective maintenance to ensure assets are — you guessed it — reliable and effective.