October, 2021

Ransomware: No Decline in Victims Posted to Data-Leak Sites

Data Breach Today

Count of Victims - Listed on Leak Sites or Not - Appears To Be Holding Steady One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data-leak sites, as part of their so-called double extortion tactics.

What Happened to Facebook, Instagram, & WhatsApp?

Krebs on Security

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages.

Sales 269
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: How SPDX helps reconcile interdependencies of open, proprietary software

The Last Watchdog

Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace.

Unnamed Ransomware gang uses a Python script to encrypt VMware ESXi servers

Security Affairs

An unnamed ransomware gang used a custom Python script to target VMware ESXi and encrypt all the virtual machines hosted on the server.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Security Risks of Client-Side Scanning

Schneier on Security

Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption.

Risk 96

More Trending

New File-Locking Malware With No Known Decryptor Found

Data Breach Today

DSCI: Ransomware Alkhal Likely Spread Via Phishing, Malicious URLs The Data Security Council of India has issued an advisory about newly discovered ransomware Alkhal, which uses a strong encryption tool and has no known decryptor to recover lost data. The ransomware was likely discovered on Oct.

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.

GUEST ESSAY: What it will take to train the next generation of cybersecurity analysts

The Last Watchdog

It is no secret that there is, and has been for some time, a shortage of trained cyber security professionals in corporate IT Security teams. The Wharton School of the University of Pennsylvania observed that “nowhere is the workforce-skills gap more pronounced than in cybersecurity.”. Related: Deploying ‘human’ sensors’ According to data gathered by CyberSeek under a Commerce Department grant, there are currently nearly 465,000 unfilled cyber jobs across the US alone.

Security expert published NMAP script for Apache CVE-2021-41773 vulnerability

Security Affairs

Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

The European Parliament Voted to Ban Remote Biometric Surveillance

Schneier on Security

It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.

IT 100

VirusTotal Shares Data on Ransomware Activity

Dark Reading

Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half

Video Game Streamer 'Twitch' Confirms Massive Data Breach

Data Breach Today

Reports: Platform's Entire Source Code Compromised in 125GB Leak Amazon-owned video streaming service Twitch, which focuses on video games and e-sports broadcasts, reportedly suffered a massive data breach, which the company vaguely confirmed via Twitter.

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

In recent years, brands have started butting up against the line between convenience and privacy. Shoppers love the convenience of personalized experiences that their data powers, but then horror stories such as the Cambridge Analytica scandal make people skeptical about how much information companies should be collecting and sharing. Related: Apple battles Facebook over consumer privacy.

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

Resecurity researchers dumped Gigabytes of data from Agent Tesla C2Cs, one of the most well-known cyberespionage tools suffers a data leakage.

Retail 105

5 Good Reasons to Hire a Ransomware Recovery Expert

eSecurity Planet

Spending money you hadn’t budgeted to hire experts to clean up an unexpected mess is at the bottom of every manager’s wish list, but in the case of a cyber attack as damaging as ransomware , turning incident response over to a pro may be the best thing you can do.

A Close Look at Russia's Ghostwriter Campaign

Dark Reading

The group, which conducts espionage and sows disinformation, is larger than previously thought and has shifted tactics

95

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Medtronic Insulin Pump Devices Recalled Due to Serious Risks

Data Breach Today

FDA Warns Exploitation of Security Flaw Could Cause Death The Food and Drug Administration on Tuesday issued a warning notifying patients that medical device maker Medtronic has expanded a recall of remote controllers for certain wireless insulin pumps that were part of an earlier recall.

Risk 268

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

The U.S.

Missouri Threatens to Sue a Reporter Over a Security Flaw

WIRED Threat Level

The governor warned that he would take legal action against a journalist who identified a vulnerability that exposed teachers' Social Security numbers. Security Security / Security News

NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

Security Affairs

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Airline Passenger Mistakes Vintage Camera for a Bomb

Schneier on Security

I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday.

IT 89

Top 5 Skills Modern SOC Teams Need to Succeed

Dark Reading

From basic coding to threat hunting, here are five skills modern SOC teams need to successfully navigate the future of high-scale detection and response

100
100

Hackers Impersonate Amnesty International to Spread Malware

Data Breach Today

Sarwent Malware Can Execute Remote Tasks Fraudsters are impersonating Amnesty International by building a fake site to distribute malware purporting to be an anti-virus tool to protect against the NSO Group's Pegasus tool, according to researchers at Cisco Talos

269
269

Patch Tuesday, October 2021 Edition

Krebs on Security

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

How to Permanently Delete Your Facebook Account

WIRED Threat Level

If you've finally hit your breaking point, here's how to say goodbye to Mark Zuckerberg's empire. Security Security / Security Advice

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates.

A Death Due to Ransomware

Schneier on Security

The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing.