September, 2022

Harassment Site Kiwi Farms Breached

Data Breach Today

Assume Password, Email and IPs Leaked as an Attempt to Export User Database Made One of the internet's worst websites is down following a weekend hack that may have exposed the email, password and IP address of Kiwi Farms yses.

Transacting in Person with Strangers from the Internet

Krebs on Security

Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill.

Sales 243
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

The Last Watchdog

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0

The Best VPNs to Protect Yourself Online

WIRED Threat Level

It won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers. Gear Gear / Buying Guides Gear / How To and Advice Security Security / Security Advice

The Top 5 Business Outcomes Companies Can Achieve From Monitoring Consolidation

In this eBook, learn what the top five business outcomes are that organizations see when leveraging Datadog's end-to-end monitoring tool.

FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports

Dark Reading

Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API

More Trending

Uber Ex-CSO's Trial: Who's Responsible for Breach Reporting?

Data Breach Today

While Joe Sullivan Is Accused of Perpetrating Cover-Up, Where Should the Buck Stop? Should the now-former CSO of Uber have reported a security incident to authorities after discovering signs of unusual behavior?

Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

Krebs on Security

A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot.

FIRESIDE CHAT: Why ‘digital resiliency’ has arisen as the Holy Grail of IT infrastructure

The Last Watchdog

Digital resiliency has arisen as something of a Holy Grail in the current environment. Related: The big lesson of Log4j. Enterprises are racing to push their digital services out to the far edge of a highly interconnected, cloud-centric operating environment. This has triggered a seismic transition of company networks, one that has put IT teams and security teams under enormous pressure.

IT 145

Fake Emails Purporting to be from UK Energy Regulator

KnowBe4

A phishing campaign is impersonating UK energy regulator Ofgem, according to Action Fraud, the UK’s cybercrime reporting centre. Phishing

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Russia Planning Cyberattacks on Ukraine's Energy Grid

Dark Reading

Ukraine military intelligence says Russia is planning cyberattacks on the country's energy sector, as well as against allies including Poland and the Baltic states

Google announced the completion of the acquisition of Mandiant for $5.4 billion

Security Affairs

Google completed the acquisition of the threat intelligence firm Mandiant, the IT giant will pay $5.4 billion. Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “ RESTON, Va.,

Cloud 113

Tesla Hack Could Allow Car Theft, Security Researchers Warn

Data Breach Today

Attack Requires 2 People, Customized Gear and Very Close Proximity to the Victim Security researchers revealed yet another method for stealing a Tesla although the brand is one of the least-stolen cars and among the most recovered once pilfered.

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity

The Last Watchdog

The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.

Massive Data Breach at Uber

Schneier on Security

It’s big : The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.

Ransomware: The Latest Chapter

Dark Reading

As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks

Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin

Security Affairs

Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Code42's Joe Payne on Why Source Code Theft Is So Prevalent

Data Breach Today

CEO Shares Strategies to Overcome Technical, Cultural Challenges of This Top Threat Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer.

Botched Crypto Mugging Lands Three U.K. Men in Jail

Krebs on Security

Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes.

GUEST ESSAY: The case for an identity-first approach ‘Zero Trust’ privileged access management

The Last Watchdog

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry.

Access 136

Big California Privacy News: Legislative and Enforcement Updates

Data Matters

Privacy never sleeps in California.

B2B 156

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Don't Wait for a Mobile WannaCry

Dark Reading

Attacks against mobile phones and tablets are increasing, and a WannaCry-level attack could be on the horizon

112
112

Cisco will not fix the authentication bypass flaw in EoL routers

Security Affairs

Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit.

Feds: Chinese Hacking Group Undeterred by Indictment

Data Breach Today

Indictment 'Did Not Hinder APT41’s Operations,' says HHS HC3 Two federal indictments against APT41, a Chinese state-sponsored hacking group, haven't slowed down its operations, the U.S. government acknowledges in a warning telling the healthcare sector to be vigilant about the threat actor.

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Krebs on Security

This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

NEW TECH SNAPSHOT: The role of ‘MSSPs’ in helping businesses manage cybersecurity

The Last Watchdog

Network security has been radically altered, two-plus years into the global pandemic. Related: ‘ Attack surface management’ rises to the fore. The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Criminal hacking collectives are thriving, more than ever.

Unconventional Security Awareness Advice

KnowBe4

October is Cybersecurity Awareness Month, and you are undoubtedly being bombarded with some fantastic advice on how to stay cyber safe. Security Awareness Training Cybersecurity Awareness Month

Most Attackers Need Less Than 10 Hours to Find Weaknesses

Dark Reading

Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days

101
101