Sat.Feb 27, 2021 - Fri.Mar 05, 2021

Microsoft's Dream of Decentralized IDs Enters the Real World

WIRED Threat Level

The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service. Security Security / Privacy

IT 101

The What & Why of Data Governance

erwin

Modern data governance is a strategic, ongoing and collaborative practice that enables organizations to discover and track their data, understand what it means within a business context, and maximize its security, quality and value.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Mobile Adware Booms, Online Banks Become Prime Target for Attacks

Threatpost

A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks. Malware Mobile Security Vulnerabilities

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Researchers Disclose More Malware Used in SolarWinds Attack

Data Breach Today

Microsoft, FireEye Find Additional Payloads Used During Supply Chain Attack Researchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds last December.

223
223

More Trending

National Security Risks of Late-Stage Capitalism

Schneier on Security

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds.

Risk 113

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked.

Ryuk Ransomware Updated With 'Worm-Like Capabilities'

Data Breach Today

Prolific Ransomware Can 'Spread Automatically' Inside Networks, CERT-FR Warns Prolific Ryuk ransomware has a new trick up its sleeve. "A

Far-Right Platform Gab Has Been Hacked—Including Private Data

WIRED Threat Level

The transparency group DDoSecrets says it will make the 70GB of passwords, private posts, and more available to researchers, journalists, and social scientists. Security Security / Cyberattacks and Hacks

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

Security Affairs

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ?A

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Krebs on Security

Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products.

Exchange Server Attacks Spread After Disclosure of Flaws

Data Breach Today

Forecast Calls for Backdoored Email and Possibly Ransomware, Cryptominers One day after Microsoft disclosed four serious flaws in Microsoft Exchange email servers, attackers are going on a wide hunt for vulnerable machines, experts say.

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true. Related: Companies must bear a broad security burden.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Cybercrime 'Help Wanted': Job Hunting on the Dark Web

Dark Reading

How's your 'Probiv'? How about customer service? Here's how Dark Web forums connect cybercriminals looking for talent with those looking for work -- and which skills are hot right now

100
100

Payroll/HR Giant PrismHR Hit by Ransomware?

Krebs on Security

PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based

Indian Vaccine Makers, Oxford Lab Reportedly Hacked

Data Breach Today

Incidents Spotlight Growing COVID-19-Related Cyberthreats Two Indian vaccine makers and an Oxford University lab are reportedly among the latest targets of hackers apparently seeking to steal COVID-19 research data

223
223

List of data breaches and cyber attacks in February 2021 – 2.3 billion records breached

IT Governance

The cyber security industry was rocked in February after a ransomware attack against the Cloud service provider Accellion. Dozens of organisations that used the software reported incidents in one of the worst months we’ve ever recorded.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

Policy Group Calls for Public-Private Cyber-Defense Program

Dark Reading

The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack

The SolarWinds Body Count Now Includes NASA and the FAA

WIRED Threat Level

Plus: Firefox blocks more tracking, how to fight a robodog, and more of the week’s top security news. Security Security / Security News

Researchers Disclose More Malware Used in SolarWinds Hack

Data Breach Today

Microsoft, FireEye Find Additional Payloads Used During Supply Chain Attack Researchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds in December.

205
205

Four Microsoft Exchange Zero-Days Exploited by China

Schneier on Security

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. Uncategorized China Microsoft patching vulnerabilities zero-day

86

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers

Dark Reading

The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week

GRUB2 boot loader maintainers fixed hundreds of flaws

Security Affairs

Now maintainers at the GRUB project have released security updates to address more than 100 vulnerabilities. GRUB2 (the GR and U nified B ootloader version 2 ) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”.

Lesson From SolarWinds Attack: It's Time to Beef Up IAM

Data Breach Today

NIST, CISA Call for Rethinking Security in Wake of Supply Chain Attack The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues - especially identity and access management, according to a breakdown of the attack presented this week by NIST and CISA.

IT 196

Chinese Hackers Stole an NSA Windows Exploit in 2014

Schneier on Security

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Attacker Expands Use of Malicious SEO Techniques to Distribute Malware

Dark Reading

The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says

93

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

WIRED Threat Level

A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught. Security Security / Cyberattacks and Hacks

Ransomware Attack's Economic Impact: $67 Million

Data Breach Today

Universal Health Services' Financial Statement Spells Out the Effects In an eye-opening look at the cost burden of a ransomware attack, Universal Health Services reports that an incident last September had a $67 million economic impact - citing, for example, the need to divert patients to competing facilities for urgent care.