Sat.Jan 16, 2021 - Fri.Jan 22, 2021

Biden's $10 Billion Cybersecurity Proposal: Is It Enough?

Data Breach Today

Security Experts Say Proposal Amounts to a 'Down Payment' President-elect Joe Biden's $1.9 trillion plan for COVID-19 relief includes nearly $10 billion in cybersecurity and IT spending. Some security experts hope the amount as just a "down payment" toward a broader effort

Parler Finds a Reprieve in Russia—but Not a Solution

WIRED Threat Level

The far-right platform still hasn't found a US-based home. Where it lands could have serious consequences for its users' privacy. Security Security / Security News

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

What is a DoS (Denial-of-Service) Attack?

IT Governance

Denial-of-service (DoS) attacks are intended to shut down or severely disrupt an organisation’s systems. Unlike most cyber attacks, the goal isn’t to steal sensitive information but to frustrate the victim by knocking their website offline.

Risk 86

New Charges Derail COVID Release for Hacker Who Aided ISIS

Krebs on Security

A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Chinese Hacking Group Targets Airlines, Semiconductor Firms

Data Breach Today

Chimera' Exfiltrates Intellectual Property, Personal Data A hacking group with apparent ties to China is targeting airlines and semiconductor firms to steal intellectual property and personal data in repeated exfiltration efforts, according to the NCC Group

More Trending

A Site Published Every Face From Parler's Capitol Riot Videos

WIRED Threat Level

Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6. Security Security / Privacy

Joker’s Stash Carding Market to Call it Quits

Krebs on Security

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S.

Privacy Fines: Total GDPR Sanctions Reach $331 Million

Data Breach Today

But Across Europe, Total Fines and Breach Reports Continue to Vary Widely by Country Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper.

GDPR 231

Why North Korea Excels in Cybercrime

Dark Reading

North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it

IT 112

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Two kids found a screensaver bypass in Linux Mint

Security Affairs

The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver.

Access 114

The FBI Has Made Over 100 Arrests Related to the Capitol Riot

WIRED Threat Level

Plus: A dark web takedown, a bitcoin scam, and more of the week's top security news. Security Security / Security News

Fueled by Record Profits, Ransomware Persists in New Year

Data Breach Today

Increasing Ransomware Varieties and Attack Volume Look Set to Continue, Experts Warn Ransomware dominated the cybercrime landscape in 2020 and looks set to do so again this year, as criminals seek fresh new ways to make victims pay.

Microsoft Releases New Info on SolarWinds Attack Chain

Dark Reading

Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

KindleDrip : Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims’ devices.

How Many COBOL Programmers Does it Take to Change a Lightbulb?

Micro Focus

COBOL’s continued popularity receives further evidence. Digital Marketing expert and avid COBOL fan Mark Plant reports that another major milestone has been met – this time on Facebook. The answer to the jokey headline is: None – that’s a hardware problem of course!

Fueled by Profits, Ransomware Persists in New Year

Data Breach Today

Increasing Ransomware Varieties and Attack Volume Look Set to Continue, Experts Warn Ransomware dominated the cybercrime landscape in 2020 and looks set to do so again this year, as criminals seek fresh new ways to make victims pay.

Hacker Pig Latin: A Base64 Primer for Security Analysts

Dark Reading

The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

OpenWRT forum hacked, intruders stole user data

Security Affairs

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.

Injecting a Backdoor into SolarWinds Orion

Schneier on Security

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points. SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product.

IT 94

'Raindrop' Is Latest Malware Tied to SolarWinds Hack

Data Breach Today

Researchers: Backdoor Is Fourth Malware Variant Used During Attacks Symantec Threat Intelligence says it's uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed "Raindrop" that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.

IT 216

Speed of Digital Transformation May Lead to Greater App Vulnerabilities

Dark Reading

The fastest-moving industries are struggling to produce secure code, according to AppSec experts

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Abusing Windows RDP servers to amplify DDoS attacks

Security Affairs

Threat actors are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. Attackers are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks.

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. And that boom in devices shows no signs of stopping. In 2019, there were an estimated 9.9 billion Internet of Things (IoT) devices. By 2025, we expect 21.5 billion.

IoT 91

Texas Medical Center Breach Affects 640,000

Data Breach Today

Apparent Ransomware Attack Exposed Patient Information An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals

Breach Data Shows Attackers Switched Gears in 2020

Dark Reading

Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Raindrop, a fourth malware employed in SolarWinds attacks

Security Affairs

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads.

SVR Attacks on Microsoft 365

Schneier on Security

Biden Fills 3 Cybersecurity Positions

Data Breach Today

Senior Director for Cyber and Others Announced President Joe Biden's cybersecurity team is beginning to take shape, with three appointments recently announced, including Michael Sulmeyer as senior director for cyber