2021

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

Cloudflare Thwarts Largest Ever HTTP DDoS Attack

Data Breach Today

Million RPS Attack Originated From Over 20,000 Bots In 125 Countries Security firm Cloudflare says it detected and mitigated a 17.2 million request-per-second (rps) distributed denial of service attack, almost three times larger than any previously reported HTTP DDoS attack

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information.

‘Trojan Source’ Bug Threatens the Security of All Code

Krebs on Security

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns.

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

NY Man Pleads Guilty in $20 Million SIM Swap Theft

Krebs on Security

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud.

More Trending

Cybersecurity M&A Update: Five Firms Make Moves

Data Breach Today

Ivanti, Sophos, Deloitte, Cerberus Sentinel and Feedzai Announce Deals Cybersecurity acquisitions continue at an intense pace, with Ivanti, Sophos, Deloitte Risk & Financial Advisory, Cerberus Sentinel and Feedzai all making moves to bolster their security portfolios

Physical destruction of data storage – Things to consider

Architect Security

I was asked recently to provide some thoughts on physical data destruction for an article David Spark ( CISOseries.com, Twitter: @dspark , LinkedIn) was working on. Here are my complete musings on the subject: The initial step when considering data destruction is basically the same first step in data protection: Take time to understand what kind of data you’re working with. Policy around data classification is going to dictate certain aspects of how that data must be treated.

Risk 40

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills.

Cybercriminals Reportedly Created Blockchain Analytics Tool

Data Breach Today

Researchers Say the Tool Is Designed To Help Gangs Launder Bitcoin Cybercriminals have developed a blockchain analytics tool on the darknet that could help a gang launder illegally obtained bitcoin, and they are actively marketing it, according to the cryptocurrency analytics firm Elliptic.

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Mercenary Hacking Group Deploys Android Malware

Data Breach Today

StrongPity Campaign Targeted Syrian E-Governance Website Hack-for-hire group StrongPity deployed Android malware to target Syria's e-government site visitors as part of its latest cyberespionage campaign, a new report by security firm Trend Micro details

SolarWinds Issues Patches in Wake of Zero-Day Attacks

Data Breach Today

Flaw in Serv-U File-Transfer Software Unconnected to Orion Supply-Chain Attack Attackers have been actively exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns.

Facebook Disrupts Iranian APT Campaign

Data Breach Today

Tortoiseshell' Group Used the Social Network to Contact Targets Facebook's threat intelligence team says it has disrupted an Iranian advanced persistent threat group that was using the social network as part of an effort to spread malware and conduct cyberespionage operations, primarily in the U.S.

IT 285

Kaseya Attack: REvil Offers $70 Million 'Super Decryptor'

Data Breach Today

Yet Another Ransomware Attack Targets Managed Service Providers to Maximize Profits The REvil ransomware operation behind the massive attack centering on Kaseya, which develops software used by managed service providers, has offered to decrypt all victims - MSPs as well as their customers - for $70 million in bitcoins.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Biden Orders Investigation of Kaseya Ransomware Attack

Data Breach Today

REvil Malware Suspected of Infecting Scores of IT Management Companies, Clients U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya.

Alert for Ransomware Attack Victims: Here's How to Respond

Data Breach Today

As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery

FBI Issues Alert on Hive Ransomware

Data Breach Today

Uptick in Hive Ransomware Activity Spotted The US Federal Bureau of Investigation has issued a warning about Hive ransomware after the group took down Memorial Health System last week.

Congress Focuses on Industrial Control System Security

Data Breach Today

Senate Bill Would Require CISA to Identify and Respond to ICS Threats A bipartisan group of senators is pushing a bill that would require CISA to identify and respond to vulnerabilities and threats that target industrial control systems. The House has already passed a similar measure

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Ransomware Landscape: REvil Is One of Many Operators

Data Breach Today

Biden Administration Says Attempted Ransomware Disruption Efforts Won't Be Immediate As the Biden administration attempts to force Russia to crack down on its domestic cybercriminals, one challenge will be the sheer diversity of attack code being wielded and individuals involved.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast.

REvil's Ransomware Success Formula: Constant Innovation

Data Breach Today

Affiliate-Driven Approach and Regular Malware Refinements Are Key, Experts Say REvil, aka Sodinokibi, is one of today's most notorious - and profitable - ransomware operations, driven by highly skilled affiliates who share profits with the operators.

BlackMatter Group Debuts Linux-Targeting Ransomware

Data Breach Today

VMware ESXi Servers Targeted by Crypto-Locking Malware, MalwareHunterTeam Warns The new BlackMatter Russian-speaking ransomware-as-a-service group, which announced its launch last month, has created a Linux version of its malware designed to target VmWare's ESXi servers hosting virtual machines, according to MalwareHunterTeam.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

UK Cyber Security Council to Tackle Education, Standards

Data Breach Today

Claudia Natanson Describes Vision of U.K.’s s New Self-Regulatory Body U.K. Cyber Security Council is a new self-regulatory body for the profession. It is tasked by the U.K. Government to execute their vision for the U.K.

Kaseya Says It Did Not Pay Ransom to Obtain Universal Decryptor

Data Breach Today

Software Firm Continues Helping Ransomware Victims to Recover Remote management software company Kaseya said Monday that it obtained a universal decryptor key without paying a ransom to the REvil - aka Sodinokibi - gang that hit the firm with a ransomware attack.

Biden Warns Putin of Cyber Retaliation

Data Breach Today

Wants 16 Critical Infrastructure Entities Off-Limits to Attack At their Geneva summit meeting Wednesday, U.S. President Joe Biden told Russian President Vladimir Putin that if Russia continued to wage cyberattacks against the U.S., it would face retaliation

IT 283

Video Game Streamer 'Twitch' Confirms Massive Data Breach

Data Breach Today

Reports: Platform's Entire Source Code Compromised in 125GB Leak Amazon-owned video streaming service Twitch, which focuses on video games and e-sports broadcasts, reportedly suffered a massive data breach, which the company vaguely confirmed via Twitter.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Flaws in John Deere Systems Show Agriculture's Cyber Risk

Data Breach Today

John Deere, Researchers Spar Over Impact of Vulnerabilities Flaws uncovered in tractor manufacturer John Deere's systems underscore the cyber risks that come in tandem with the productivity gains from high-tech farming.

UC San Diego: Phishing Leads to Account Access for Months

Data Breach Today

Intrusion Affects Patients, Employees and Students UC San Diego Health says a phishing incident led to unauthorized access to an undisclosed amount of information on patients, employees and students for at least four months

Access 280

Saudi Aramco Says Supplier Leaked Company Data

Data Breach Today

Cybercriminals Reportedly Demanding $50 Million Payment From Oil Giant Saudi Aramco, one of the world's largest oil and natural gas firms, has confirmed that company data was leaked after one of its suppliers was breached.

IT 280