Sat.Feb 13, 2021 - Fri.Feb 19, 2021

How to Avoid Phishing Emails and Scams

WIRED Threat Level

It's is a bigger threat than ever. Here are some ways you can defend yourself. Security Security / Security Advice

Privacy Legislation Progresses in 5 More States

Data Breach Today

States Would Join 3 Others That Have Already Enacted Laws Five states are making progress this year toward passing privacy legislation along the lines of California's Consumer Privacy Act, according to the International Association of Privacy Professionals. Here's a status report

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Achieving Seamless eDiscovery

OpenText Information Management

Business and litigation go hand in hand in the 21st century. From litigation support personnel to the lawyers themselves, organizations face a common challenge: how to streamline processes and procedures to simplify and thoroughly respond to on-going litigation requests.

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Krebs on Security

The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so. In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention. Related: Mock attack help schools prepare for hackers.

More Trending

Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed

Schneier on Security

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside.

Bluetooth Overlay Skimmer That Blocks Chip

Krebs on Security

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores.

Retail 222

The malicious code in SolarWinds attack was the work of 1,000+ developers

Security Affairs

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack. Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers.

White House Preparing 'Executive Action' After SolarWinds Attack

Data Breach Today

Deputy National Security Adviser Anne Neuberger Offers an Update on Investigation In an update on the investigation into the SolarWinds supply chain attack, Deputy National Security Adviser Anne Neuberger said the Biden administration is preparing "executive action" to address security shortcomings that have come to light.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Chinese Supply-Chain Attack on Computer Systems

Schneier on Security

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008.

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

The U.S.

Malware Is Now Targeting Apple’s New M1 Processor

WIRED Threat Level

Two distinct strains of malware have already adjusted to the new silicon just months after its debut. Security Security / Cyberattacks and Hacks

IT 108

France Ties 3-Year Hacking Campaign to Russia's Sandworm

Data Breach Today

Unpatched, Open-Source Versions of Centreon IT Monitoring Tool Hacked, CERT-FR Says French cybersecurity authorities are warning that widely used, open-source IT monitoring software called Centreon appears to have been hit by Russian hackers.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Router Security

Schneier on Security

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices.

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords.

Kia Denies Ransomware Attack as IT Outage Continues

Dark Reading

Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack

South Korea Claims North Korea Tried Hacking Pfizer

Data Breach Today

Reported Attempt at Stealing COVID-19 Data Comes in Wake of Global Warnings South Korean intelligence officials allege that North Korean hackers attempted to steal COVID-19 vaccine and treatment data by hacking the U.S. pharmaceutical firm Pfizer

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

France Ties Russia's Sandworm to a Multiyear Hacking Spree

WIRED Threat Level

A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon. Security Security / Cyberattacks and Hacks

IT 106

Court documents show FBI could use a tool to access private Signal messages on iPhones

Security Affairs

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages.

Access 105

Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees

Dark Reading

Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities

Yandex Insider Causes Breach Involving 4,887 Customers

Data Breach Today

Breach Occurred After System Admin Granted Unauthorized Access Russian-Dutch multinational eCommerce company Yandex sustained a data breach in which 4,887 customer accounts were compromised after an unidentified employee with systems admin privileges gave unauthorized access to attackers

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

The Untold History of America’s Zero-Day Market

WIRED Threat Level

The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now. Security Security / National Security

Browser Tracking Using Favicons

Schneier on Security

Interesting research on persistent web tracking using favicons. For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.).

Paper 99

Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider

Security Affairs

A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users. A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users.

Microsoft Patches 12-Year-Old Vulnerability

Data Breach Today

Flaw Was Present in Microsoft Defender Since 2009, SentinelOne Finds Microsoft has patched a 12-year-old vulnerability in Microsoft Defender that, if exploited, could enable nonadministrative users to escalate privilege in the application.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Attackers Already Targeting Apple's M1 Chip with Custom Malware

Dark Reading

A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality

95

A Billion-Dollar Dark Web Crime Lord Calls It Quits

WIRED Threat Level

The “big hack” redux, riot planning on Facebook, and more of the week's top security news. Security Security / Security News

IT 84

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems.