Sat.Jul 30, 2022 - Fri.Aug 05, 2022

Tracking Ransomware: Here's Everything We Still Don’t Know

Data Breach Today

Known Unknowns Include Count of Victims and Ransoms Paid, Criminal Profits and More How many organizations fall victim to a ransomware outbreak? How many victims pay a ransom? How many victims see stolen data get leaked?

You Need a Password Manager. Here Are the Best Ones

WIRED Threat Level

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers. Security Gear Gear / Buying Guides Security / Security Advice

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Zero-Day Defense: Tips for Defusing the Threat

Dark Reading

Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust

106
106

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Big Clinic Breach Tied to Vendor's 2021 Ransomware Attack

Data Breach Today

Florida Urgent Care Center Says Incident Involved Billing Vendor PracticeMax A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's ransomware attack in May 2021.

More Trending

High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover

Dark Reading

The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users

Class Action Targets Experian Over Account Security

Krebs on Security

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts.

Check Point Execs: Supply Chain Woes Will Persist Into 2023

Data Breach Today

Check Point Beats Q2 Earnings Forecast Despite Spike in Materials, Shipping Costs Continued supply chain costs dampened an otherwise positive Q2 earnings report for Check Point.

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022.

IoT 113

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Chromium Browsers Allow Data Exfiltration via Bookmark Syncing

Dark Reading

"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools

113
113

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet.

Fortinet Looks to Address Rising Costs with Price Increases

Data Breach Today

Fortinet Says Price Hikes Have More Than Offset Supply Chain and Geopolitical Issues Fortinet has raised prices on products and services to address macroeconomic challenges including shipping delays, longer activation timelines, and the suspension of sales in Russia.

Sales 241

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

Dark Reading

SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more

All the Data Amazon's Ring Cameras Collect About You

WIRED Threat Level

The popular security devices are tracking (and sharing) more than you might think. Security Security / Privacy

Ping Identity to Go Private in $2.8B Thoma Bravo Acquisition

Data Breach Today

Thoma Bravo-Ping Deal Comes Just Four Months After Thoma Agreed to Buy SailPoint Thoma Bravo is doubling down on identity, inking a deal to buy Ping Identity for $2.8 billion just four months after agreeing to purchase SailPoint.

Cisco addressed critical flaws in Small Business VPN routers

Security Affairs

Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

For Big Tech, Neutrality Is Not an Option — and Never Really Was

Dark Reading

Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out

Apple Just Patched 37 iPhone Security Bugs

WIRED Threat Level

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws. Security Security / Security Advice

Weary Cybercriminals Turn to Cryptojacking Banks: Report

Data Breach Today

Crackdown on Ransomware has Operators Seeking Alternatives Hackers are turning to cryptojacking to make easy money despite the fall in cryptocurrency valuation, including ransomware cybercriminals attracted by the lower stakes world of cryptojacking, says threat intelligence firm SonicWall.

Google fixed Critical Remote Code Execution flaw in Android

Security Affairs

Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution over Bluetooth. Google has fixed a critical vulnerability, tracked as CVE-2022-20345, that affects the Android System component.

IT 109

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project

Dark Reading

The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times

New Linux Malware Surges, Surpassing Android

eSecurity Planet

Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system.

Nomad Recovers $11M of $190M Stolen in Frenzied Attack

Data Breach Today

3 Crypto Wallets Hold $95M of Stolen Funds; $6M Laundered on Tornado Cash Multiple individuals returned a total of $11.4 million of the $190 million worth of cryptocurrency drained from cross-chain bridge Nomad on Wednesday, blockchain security firm PeckShield tells ISMG.

Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor

Security Affairs

A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

5 Ways Chess Can Inspire Strategic Cybersecurity Thinking

Dark Reading

Rising interest in chess may feed the next generation of cybersecurity experts

Surveillance of Your Car

Schneier on Security

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it.

Sales 100

Two Vendor Hacks Affect Nearly 1.5 Million and Counting

Data Breach Today

The Business Associates Also List Dozens of Affected Covered Entity Clients Two hacking incidents involving vendors providing important IT-related and other services to dozens of covered entity clients are among the latest breaches affecting hundreds of thousands of individuals' data