Sat.Oct 23, 2021 - Fri.Oct 29, 2021

6 Eye-Opening Statistics About Software Supply Chain Security

Dark Reading

The latest facts and figures on the state of software supply chain security in the enterprise

SBOMs: Securing the Software Supply Chain

eSecurity Planet

As threat actors aim at IT supply chains , enhanced cybersecurity has been the recent driving force for industry adoption of the Software Bill of Materials (SBOM) framework.

MDM 86

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Why Healthcare Entities Fall Short Managing Security Risk

Data Breach Today

Why do so many HIPAA -covered entities and their vendors do such a poor job managing security risk and safeguarding patient's protected health information? Many critical factors come into play, say Roger Severino, ex- director of HHS OCR, and Bob Chaput, founder of security consultancy Clearwater

Risk 207

Conti Ransom Gang Starts Selling Access to Victims

Krebs on Security

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold.

Access 176

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

The Last Watchdog

Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “ 51% attacks ” resulting in the theft of over $30 million worth of cryptocurrency to date. Related: Wildland restores control of data to individuals. However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.

More Trending

Memo to Ransomware Victims: Seeking Help May Save You Money

Data Breach Today

Flaw in DarkSide and BlackMatter Enabled Security Firm to Decrypt Files for Free While ransomware might be today's top cybercrime boogeyman, attackers aren't infallible. Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary updated its website to remediate a nearly identical customer data exposure.

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

The Last Watchdog

When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home. Related: T-Mobile breach reflects rising mobile device attacks. For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going. Not familiar with Grand Theft Auto? Let’s try Super Mario Bros.

Identity-Focused Security Controls Prevail

Dark Reading

How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map

Access 106

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

Enterprise Backups Are Becoming Targets for Cybercriminals

Data Breach Today

VMware’s Tom Kellermann on Defending Against Ransomware Attacks In ransomware attacks, cybercriminals attack through the backups because they know that security practitioners rely on backups to save themselves after a ransomware attack.

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S.

Mining 104

SHARED INTEL: Automating PKI certificate management alleviates outages caused by boom

The Last Watchdog

Our Public Key Infrastructure is booming but also under a strain that manual certificate management workflows are not keeping up with. Related: A primer on advanced digital signatures. PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce.

Cybersecurity Talent Gap Narrows as Workforce Grows

Dark Reading

Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Troublemaker CISO: Do You Know What You Should Be Doing?

Data Breach Today

The Rant of the Day From Ian Keller, Ericsson In his second Rant of the Day for the CyberEdBoard Profiles in Leadershop blog, Ian Keller, security director at Ericsson and CyberEdBoard executive member, talks about what a CISO does - and what a CISO should do

Cyber security horror stories to scare you this Halloween

IT Governance

This Sunday is both Halloween and the end of National Cyber Security Awareness Month – and what better way to mark the occasion than with some cyber security horror stories? In this blog, we look at three ways in which fraudsters trick victims into handing over their sensitive data.

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Security Affairs

Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution.

You've Just Been Ransomed. Now What?

Dark Reading

Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack

LinkedIn + ZoomInfo Recruiter: Better Data for Better Candidates

Check out our latest ebook for a guide to the in-depth, wide-ranging candidate and company data offered by ZoomInfo Recruiter — and make your next round of candidate searches faster, more efficient, and ultimately more successful.

REvil's Cybercrime Reputation in Tatters - Will It Reboot?

Data Breach Today

Rebranding Remains Easy for Ransomware Groups, While Affiliates Already Come and Go Will the notorious ransomware operation known as REvil, aka Sodinokibi, reboot yet again after someone apparently messed with its infrastructure?

How the FBI Gets Location Information

Schneier on Security

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation. Uncategorized cell phones FBI geolocation law enforcement leaks privacy surveillance tracking

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year.

US to Create Diplomatic Bureau to Lead Cybersecurity Policy

Dark Reading

As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

PHI Stolen in Practice Management Firm's Ransomware Attack

Data Breach Today

Incident Is Among Latest Involving Healthcare Supply Chain Vendors A ransomware attack on a medical practice management services firm that included the theft of files containing patient information is among the latest security incidents involving similar third-party vendors

More Russian SVR Supply-Chain Attacks

Schneier on Security

Microsoft is reporting that the same attacker that was behind the SolarWinds breach — the Russian SVR, which Microsoft is calling Nobelium — is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.

Cloud 94

International Operation Knocks Notorious REvil Group Offline

WIRED Threat Level

Plus: Data theft in Argentina, a Sinclair Broadcast Group hack, and more of the week’s top security news. Security Security / Security News

6 Ways to Rewrite the Impossible Job Description

Dark Reading

It's hard enough to fill a cybersecurity position given the talent shortage. But you may be making it harder with a poor job description that turns off would-be candidates

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

NRA Reportedly Hit By Russia-Linked Ransomware Attack

Data Breach Today

Security Experts: 'Grief' Ransomware Gang Leaks Alleged NRA Data on Darknet The National Rifle Association has reportedly fallen victim to a ransomware attack at the hands of a Russian cybercriminal gang known as Grief.

German investigators identify crypto millionaire behind REvil operations

Security Affairs

German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the REvil ransomware gang. REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds of organizations worldwide.

The Pixel 6 Chip’s Best Upgrade Isn’t Speed. It’s Security

WIRED Threat Level

Google’s new flagship smartphone is its most secure yet, thanks to a little vertical integration. Security Security / Security News

IT 88