Sat.May 15, 2021 - Fri.May 21, 2021

Taking on SOAR: The Challenges and Opportunities

Data Breach Today

Experts Say the Technologies Won't Mean Fewer SOC Analyst Jobs Security orchestration, automation and response technologies, or SOAR, give organizations the ability to manage an increasing number of alerts. But security experts say there's no worry that SOAR will replace people.

Ransomware’s Dangerous New Trick: Double-Encrypting Your Data

WIRED Threat Level

Even when you pay for a decryption key, your files may still be locked up by another strain of malware. Security Security / Security News

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cost Savings, Better Security Drive Adoption of Emerging Technologies

Dark Reading

However, senior technology managers express concerns about whether their current infrastructure can properly safeguard them

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns.

IT 285

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Colonial Pipeline CEO Confirms $4.4 Million Ransom Payment

Data Breach Today

It Was the Right Thing to Do for the Country' Colonial Pipeline Co.'s s CEO, Joseph Blount, said Wednesday that he authorized the payment of a $4.4

More Trending

The Full Story of the Stunning RSA Hack Can Finally Be Told

WIRED Threat Level

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened. Backchannel Security Security / Cyberattacks and Hacks

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents.

Introducing MITRE ATT&CK Defender

Data Breach Today

Rick Gordon of MITRE Engenuity Details New Training, Certification A recent study showed that even though 82% of cybersecurity professionals are familiar with the MITRE ATT&CK framework, only 8% said they used it regularly.

ROUNDTABLE: Experts react to President Biden’s exec order in the aftermath of Colonial Pipeline hack

The Last Watchdog

As wake up calls go, the Colonial Pipeline ransomware hack was piercing. Related: DHS embarks on 60-day cybersecurity sprints. The attackers shut down the largest fuel pipeline in the U.S., compelling Colonial to pay them 75 bitcoins , worth a cool $5 million.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Welcoming the Swedish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden.

Try This One Weird Trick Russian Hackers Hate

Krebs on Security

RSA Conference 2021 Emphasizes 'Resilience' Theme

Data Breach Today

The latest edition of the ISMG Security Report features highlights from RSA Conference 2021 conference, including the emphasis on "resilience

GUEST ESSAY: 3 sure steps to replace legacy network security systems — in a measured way

The Last Watchdog

Keeping up with the pace of technology, information, and the evolving threat landscape is a challenge for all enterprises. Related: DHS launches 60-day cybersecurity sprints. To make matters more difficult, implementing new security software and processes to address these issues is another big hurdle, often causing disruption—and not the good kind.

Cloud 131

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Cloud Security Blind Spots: Where They Are and How to Protect Them

Dark Reading

Security experts discuss oft-neglected areas of cloud security and offer guidance to businesses working to strengthen their security posture

Cloud 112

Adding a Russian Keyboard to Protect against Ransomware

Schneier on Security

A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed.

Ransomware Gang Provides Irish Health System With Decryptor

Data Breach Today

Conti Group Still Threatens Data Release Unless Ransom Paid A week after Ireland's health services provider was hit by a ransomware attack, the Conti gang has provided a decryptor, which officials are now testing to determine whether to use it, Reuters reports.

RSAC insights: Deploying SOAR, XDR along with better threat intel stiffens network defense

The Last Watchdog

Much attention has been paid to the widespread failure to detect the insidious Sunburst malware that the SolarWinds hackers managed to slip deep inside the best-defended networks on the planet. Related: The undermining of the global supply chain. But there’s also an encouraging ‘response’ lesson SolarWinds teaches us, as well.

IoT 131

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

PowerShell Is Source of More Than a Third of Critical Security Threats

eSecurity Planet

PowerShell was the source of more than a third of critical threats detected on endpoints in the second half of 2020, according to a Cisco research study released at the RSA Conference today.

MSBuild tool used to deliver RATs filelessly

Security Affairs

Hackers abuses Microsoft Build Engine (MSBuild) to filelessly deliver malware on targeted Windows systems, including RAT and password-stealer.

Air India: Data Processor Breach Affected Millions

Data Breach Today

Passport, Credit Card Information Exposed Air India says millions of its customers were affected by a February data breach at SITA, a third-party data processing service based in Switzerland that serves many airlines

MY TAKE: How SASE has begun disrupting IT — by shifting cybersecurity to the ‘services edge’

The Last Watchdog

One of the hottest topics at RSA Conference 2021 taking place virtually this week is the Secure Access Services Edge ( SASE ) security framework. Related: Cybersecurity experts react to Biden’s EO. SASE (pronounced sassy) essentially is a roadmap for infusing privacy and security deeply into the software coding that gives life to our smartphones, IoT devices and cloud infrastructure, i.e. at the “services edge,” where all the action is taking place.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Double-Encrypting Ransomware

Schneier on Security

This seems to be a new tactic : Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B.

Microsoft SimuLand, an open-source lab environment to simulate attack scenarios

Security Affairs

Microsoft released SimuLand, an open-source tool that can be used to build lab environments to simulate attacks and verify their detection. Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used in real attack scenarios.

Attackers Were Inside SolarWinds in January 2019

Data Breach Today

CEO Sudhakar Ramakrishna Says Clues Come From Analysis of Virtual Builds SolarWinds has uncovered evidence that intruders were in its systems in January 2019, about eight months earlier than originally believed.

IT 194

Don't Let Scary Headlines Shape Your Company's Cyber-Resilience Strategy

Dark Reading

Resilience planning should be based on data and backed by technology, cybersecurity pros agreed at this week's RSA Conference

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Is 85% of US Critical Infrastructure in Private Hands?

Schneier on Security

Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio — up against the Russian cybercommand, which isn’t a fair fight.

IT 103

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Security Affairs

Avaddon ransomware gang has breached the France-based financial consultancy firm Acer Finance. Avaddon ransomware gang made the headlines again, the cybercrime gang has breached the France-based financial consultancy firm Acer Finance. Acer Finance operates as an investment management company.

2 Bills Introduced in Wake of Colonial Pipeline Attack

Data Breach Today

Ransomware Incident Prompts Critical Infrastructure Measures The ransomware attack that targeted Colonial Pipeline Co.