January, 2021

SolarWinds Hires Chris Krebs to Reboot Its Cybersecurity

Data Breach Today

Hacked Firm Also Taps Former Facebook CSO as It Responds to Supply Chain Attack As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S.

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

The Last Watchdog

Today’s children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come. Related: Web apps are being used to radicalize youth. The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime. For adults doing the teaching, it’s no easy task.

Two kids found a screensaver bypass in Linux Mint

Security Affairs

The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver.

Access 113

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

An Absurdly Basic Bug Let Anyone Grab All of Parler's Data

WIRED Threat Level

The “free speech” social network also allowed unlimited access to every public post, image, and video. Security Security / Privacy

Access 114

More Trending

Defining and Refining Next-Gen AML

Data Breach Today

David Stewart of SAS on the Tools and Technologies Deployed to Fight Financial Crimes As the financial payments landscape shifts, and as fraudsters employ new technologies and techniques, institutions are deploying a next generation of anti-money laundering defenses.

IT 259

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication.

Successful Malware Incidents Rise as Attackers Shift Tactics

Dark Reading

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials.

Mining 112

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

WhatsApp Has Shared Your Data With Facebook for Years

WIRED Threat Level

A pop-up notification has alerted the messaging app's users to a practice that's been in place since 2016. Security Security / Privacy

Changes in WhatsApp’s Privacy Policy

Schneier on Security

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that.

Analysis: 2020 Health Data Breach Trends

Data Breach Today

Ransomware, Phishing Incidents, Vendor Hacks Prevail Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020

SolarWinds: What Hit Us Could Hit Others

Krebs on Security

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

More SolarWinds Attack Details Emerge

Dark Reading

A third piece of malware is uncovered, but there's still plenty of unknowns about the epic attacks purportedly out of Russia

104
104

Expert discovered a DoS vulnerability in F5 BIG-IP systems

Security Affairs

A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks.

Access 106

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

WIRED Threat Level

Wednesday's insurrection could have exposed congressional data and devices in ways that have yet to be appreciated. Security Security / National Security

IT 108

Extracting Personal Information from Large Language Models Like GPT-2

Schneier on Security

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.”

Paper 99

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Federal Courts Investigate 'Apparent Compromise' of System

Data Breach Today

Meanwhile, Courts Suspend Use of SolarWinds, Adopt New Document Security Measures The U.S. federal court system is investigating an "apparent compromise" of a confidential electronic filing system used for sensitive legal documents.

IT 247

Microsoft Patch Tuesday, January 2021 Edition

Krebs on Security

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today.

Microsoft Source Code Exposed: What We Know & What It Means

Dark Reading

Microsoft says there is no increase in security risk; however, experts say access to source code could make some steps easier for attackers

Risk 108

Facebook ads used to steal 615000+ credentials in a phishing campaign

Security Affairs

Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims’ login credentials. Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The FBI Has Made Over 100 Arrests Related to the Capitol Riot

WIRED Threat Level

Plus: A dark web takedown, a bitcoin scam, and more of the week's top security news. Security Security / Security News

Cell Phone Location Privacy

Schneier on Security

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. Pretty Good Phone Privacy” (PGPP) protects both user identity and user location using the existing cellular networks.

Biden Inauguration: Defending Against Cyberthreats

Data Breach Today

Experts Warn of an Elevated Risk of Attack From Domestic, Foreign Actors As thousands of National Guard troops pour into Washington to provide security for the Jan.

List of data breaches and cyber attacks in December 2020 – 148 million records breached

IT Governance

What else would you expect from the final month of 2020 than the highest number of publicly disclosed incidents we’ve ever recorded? We logged 134 security incidents in December, which accounted for 148,354,955 breached records. That brings the total for 2020 to more than 20 billion.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Malware Developers Refresh Their Attack Tools

Dark Reading

Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features

IT 104

CAPCOM: 390,000 people impacted in the recent ransomware Attack

Security Affairs

Capcom revealed that the recent ransomware attack has potentially impacted 390,000 people, an increase of approximately 40,000 people from the previous report. In November, Japanese game developer Capcom admitted to have suffered a cyberattack that is impacting business operations.

How Law Enforcement Gets Around Your Smartphone's Encryption

WIRED Threat Level

New research has dug into the openings that iOS and Android security provide for anyone with the right tools. Security Security / Privacy