Sat.Nov 20, 2021 - Fri.Nov 26, 2021

Arrest in ‘Ransom Your Employer’ Email Scheme

Krebs on Security

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company.

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Experts found 11 malicious Python packages in the PyPI repository

Security Affairs

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks.

How Threat Actors Get Into OT Systems

Dark Reading

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems

Risk 114

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

The McDonald’s Ice Cream Machine Hacking Saga Has a New Twist

WIRED Threat Level

The cold war between a startup and a soft-serve machine manufacturer is heating up, thanks to a newly released trove of internal emails. Security Security / Security News

More Trending

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L.

When Will Security Frameworks Catch Up With the New Cybersecurity Normal?

Dark Reading

Standards need to reflect that most endpoints will be remote and/or wireless

Why e-Invoicing has become a global superhero

OpenText Information Management

Who’d have thought the humble invoice was a superhero? Yet, slip a digital cloak on it and it becomes the scourge of tax fraud. Governments worldwide have recognized this; today there are more than 50 e-Invoicing mandates worldwide, and many more coming into force over the next few years.

Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities

WIRED Threat Level

The surprisingly sophisticated attack is “actively spreading” throughout the industry. Security Security / Cyberattacks and Hacks

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Attackers compromise Microsoft Exchange servers to hijack internal email chains

Security Affairs

A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails.

Access 114

Holiday Scams Drive SMS Phishing Attacks

Dark Reading

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well

Top 5 Cloud security challenges, risks and threats

IT Governance

Cloud services are an integral part of modern business. They provide a cost-effective way to store data; and with the rise in hybrid workforces, they deliver a reliable way for employees to access information remotely.

Risk 91

A Canadian Teen Was Arrested in a $36.5M SIM-Swap Heist

WIRED Threat Level

Plus: An FBI email hack, a cam site data leak, and more of the week's top security news. Security Security / Security News

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection.

How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity

Dark Reading

The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place

Proposed UK Law Bans Default Passwords

Schneier on Security

Following California’s lead, a new UK law would ban default passwords in IoT devices

IoT 85

Top 3 Black Friday scams to avoid in 2021

IT Governance

Amid the mad dash for bargains and inevitable stories of shop-floor brawls, Black Friday brings with it a spike in cyber security threats – and it’s easy to see why. Despite being an American import, Black Friday is hugely popular in the UK.

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

New Memento ransomware uses password-protected WinRAR archives to block access to the files

Security Affairs

Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious approach to block access to victims’ files.

Is it OK to Take Your CEO Offline to Protect the Network?

Dark Reading

Are you asking the right questions when developing your incident response playbook? What security tasks are you willing to automate

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery

Threatpost

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices. Malware Mobile Security

Apple Sues NSO Group

Schneier on Security

Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware.

IT 79

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

FBI warns of crooks targeting online shoppers during the holiday season

Security Affairs

The Federal Bureau of Investigation (FBI) warns of cybercriminals targeting online shoppers during the holiday season. The FBI warns of cyber criminals targeting online shoppers during the holiday season.

Retail 111

10 Stocking Stuffers for Security Geeks

Dark Reading

Check out our list of gifts with a big impact for hackers and other techie security professionals

GoDaddy’s Latest Breach Affects 1.2M Customers

Threatpost

The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins. Breach Privacy Web Security

Amazon wages secret war on Americans’ privacy, documents show via Reuters

IG Guru

Amazon launched a “watering the flowers” program to cultivate a “well-tended garden” of VIPs (Very Important Policymakers) through carefully tracked political donations, meetings and Amazon site tours.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

New GoDaddy data breach impacted 1.2 million customers

Security Affairs

GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts. GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment.

Bug Bounties Surge as Firms Compete for Talent

Dark Reading

Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers

IT 110

GoDaddy Breach Widens to Include Reseller Subsidiaries

Threatpost

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen. Breach Hacks Privacy Web Security