Sat.May 01, 2021 - Fri.May 07, 2021

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom.

NSA: OT Security Guidance in Wake of SolarWinds Attack

Data Breach Today

Agency Warns Attackers Could Use IT Exploits to Pivot to OT Systems The NSA is offering operational technology security guidance for the Defense Department as well as third-party military contractors and firms in the wake of the attack that targeted SolarWinds in 2020.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Deepfake Attacks Are About to Surge, Experts Warn

Threatpost

New deepfake products and services are cropping up across the Dark Web. Web Security

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

Encryption agility is going to be essential as we move forward with digital transformation. Refer: The vital role of basic research. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. But cryptography historically has been anything but agile; major advances require years, if not decades, of inspired theoretical research.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page.

More Trending

19 petabytes of data exposed across 29,000+ unprotected databases

Security Affairs

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information.

It's Time to Ditch Celebrity Cybersecurity

Dark Reading

High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection

Investment Scammer John Davies Reinvents Himself?

Krebs on Security

John Bernard , a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here.

Sales 178

NIST Seeks Input on HIPAA Security Rule Guidance Update

Data Breach Today

But Is It Time to Overhaul the Rule Itself? The National Institute of Standards and Technology is seeking public comment as it plans to update its 2008 guidance for implementing the HIPAA Security Rule. But is it time to update the security rule itself

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Tesla Remotely Hacked from a Drone

Schneier on Security

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc.

Cloud-Native Businesses Struggle with Security

Dark Reading

More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them

Cloud 110

Then a Hacker Began Posting Patients’ Deepest Secrets Online

WIRED Threat Level

A family-run psychotherapy startup grew into a health care giant. It was a huge success—until the data breach and the anonymous ransom notes sent to clients. Backchannel Security Security / Cyberattacks and Hacks

Chinese Group Apparently Targeted Russian Defense Contractor

Data Breach Today

Cybereason: Attack Used Previously Undocumented PortDoor Malware An attack group, likely based in China, recently conducted a spear-phishing attack against a defense contractor that develops nuclear submarine technology for the Russian Navy, according to the security firm Cybereason

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Teaching Cybersecurity to Children

Schneier on Security

Researchers Explore Active Directory Attack Vectors

Dark Reading

Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems

109
109

Russia-linked APT29 group changes TTPs following April advisories

Security Affairs

The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear).

Risk 105

Newly Patched Peloton API Flaws Exposed Users' Private Data

Data Breach Today

Pen Test Partners: Millions Could Have Had Data Exposed Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they were recently patched

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Latest MITRE EDR Evaluations Contain Some Surprises

eSecurity Planet

MITRE Engenuity last month released the latest MITRE ATT&CK evaluations of endpoint security products, and the results contain some pretty big surprises.

The Edge Pro Quote: Password Empowerment

Dark Reading

Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account

Cloud hosting provider Swiss Cloud suffered a ransomware attack

Security Affairs

Swiss cloud hosting provider Swiss Cloud has suffered a ransomware attack that seriously impacted its server infrastructure. On April 27 the Swiss cloud hosting provider was hit by a ransomware attack that brought down the company’s server infrastructure.

Cloud 104

3 Bills Focus on Enhancing Electrical Grid Cybersecurity

Data Breach Today

Each Proposal Calls for a Different Approach to Mitigating Risks Lawmakers in the Senate and House have introduced legislation designed to improve and enhance the nation's electrical grid and respond to concerns that the country's power system is prone to cyberthreats

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

A Ransomware Group Hit DC Police—Then Pivoted to Extortion

WIRED Threat Level

Warrantless searches, tracking troops, and more of the week’s top security news. Security Security / Security News

More Companies Adopting DevOps & Agile for Security

Dark Reading

Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds

Flaws in the BIND software expose DNS servers to attacks

Security Affairs

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws.

Hybrid Work Means SASE: Rethinking Traditional Network and Security Architecture

Data Breach Today

Having a VPN Isn't Enough Anymore

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

New Spectre-Like Attacks

Schneier on Security

There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago.

Paper 93

Planning Our Passwordless Future

Dark Reading

All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. Part one of a two-part series

Babuk crew announced it will stop ransomware attacks

Security Affairs

Babuk ransomware operators shut down their affiliate program and announced to stop using ransomware, the group plans to move on data theft. Recently the Babuk ransomware operators made the headlines for the ransomware attack against the DC Police Department.