2021

Microsoft Will Mitigate Brute-Force Bug in Azure AD

Data Breach Today

Microsoft Sparred with SecureWorks Over Impact But Relents Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory.

Risk 281

What Happened to Facebook, Instagram, & WhatsApp?

Krebs on Security

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages.

Sales 269
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information.

New File-Locking Malware With No Known Decryptor Found

Data Breach Today

DSCI: Ransomware Alkhal Likely Spread Via Phishing, Malicious URLs The Data Security Council of India has issued an advisory about newly discovered ransomware Alkhal, which uses a strong encryption tool and has no known decryptor to recover lost data. The ransomware was likely discovered on Oct.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Ransomware: No Decline in Victims Posted to Data-Leak Sites

Data Breach Today

Count of Victims - Listed on Leak Sites or Not - Appears To Be Holding Steady One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data-leak sites, as part of their so-called double extortion tactics.

More Trending

FTC: Health App, Device Makers Must Report Breaches

Data Breach Today

But Does the 'Policy Statement' Warning Overstep the Intention of the Rule?

282
282

Facebook's WhatsApp Hit With $266 Million GDPR Fine

Data Breach Today

GDPR 284

FBI Issues Alert on Hive Ransomware

Data Breach Today

Uptick in Hive Ransomware Activity Spotted The US Federal Bureau of Investigation has issued a warning about Hive ransomware after the group took down Memorial Health System last week.

Medtronic Insulin Pump Devices Recalled Due to Serious Risks

Data Breach Today

FDA Warns Exploitation of Security Flaw Could Cause Death The Food and Drug Administration on Tuesday issued a warning notifying patients that medical device maker Medtronic has expanded a recall of remote controllers for certain wireless insulin pumps that were part of an earlier recall.

Risk 268

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Cloudflare Thwarts Largest Ever HTTP DDoS Attack

Data Breach Today

Million RPS Attack Originated From Over 20,000 Bots In 125 Countries Security firm Cloudflare says it detected and mitigated a 17.2 million request-per-second (rps) distributed denial of service attack, almost three times larger than any previously reported HTTP DDoS attack

Hackers Impersonate Amnesty International to Spread Malware

Data Breach Today

Sarwent Malware Can Execute Remote Tasks Fraudsters are impersonating Amnesty International by building a fake site to distribute malware purporting to be an anti-virus tool to protect against the NSO Group's Pegasus tool, according to researchers at Cisco Talos

269
269

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills.

Cybercriminals Reportedly Created Blockchain Analytics Tool

Data Breach Today

Researchers Say the Tool Is Designed To Help Gangs Launder Bitcoin Cybercriminals have developed a blockchain analytics tool on the darknet that could help a gang launder illegally obtained bitcoin, and they are actively marketing it, according to the cryptocurrency analytics firm Elliptic.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Hackers Target Critical Infrastructure in Southeast Asia

Data Breach Today

Symantec: China-Linked Actors Investigate SCADA Systems An unidentified hacking group with suspected Chinese ties is targeting critical infrastructure in Southeast Asia as part of a cyberespionage campaign to exfiltrate information about the victim's SCADA systems, says a report by security firm Symantec.

Cybersecurity M&A Update: Five Firms Make Moves

Data Breach Today

Ivanti, Sophos, Deloitte, Cerberus Sentinel and Feedzai Announce Deals Cybersecurity acquisitions continue at an intense pace, with Ivanti, Sophos, Deloitte Risk & Financial Advisory, Cerberus Sentinel and Feedzai all making moves to bolster their security portfolios

2 UK Telecom Firms Under DDoS Attacks

Data Breach Today

Ongoing Attacks Disrupt Voip Unlimited and Voipfone Services Voip Unlimited and Voipfone, two Voice over Internet Protocol-based telecom companies in the U.K., report being victims of ongoing distributed denial-of-service attacks that have disrupted services

278
278

Researcher Finds Malware Targeting Mac Users via Baidu Ad

Data Breach Today

The Ad, Now Deleted, Lured Users to a Phishing Website to Harvest Credentials Chinese security researcher Zhi has discovered a malware targeting Mac users. The malware, spread via a paid advertisement on search engine Baidu, is intended to harvest user credentials, he says.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Ransomware: Average Ransom Payment Drops to $137,000

Data Breach Today

Fewer Victims Paying Attackers Simply to Delete Stolen Data, Coveware Reports Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware.

Kaseya Says It Did Not Pay Ransom to Obtain Universal Decryptor

Data Breach Today

Software Firm Continues Helping Ransomware Victims to Recover Remote management software company Kaseya said Monday that it obtained a universal decryptor key without paying a ransom to the REvil - aka Sodinokibi - gang that hit the firm with a ransomware attack.

Mercenary Hacking Group Deploys Android Malware

Data Breach Today

StrongPity Campaign Targeted Syrian E-Governance Website Hack-for-hire group StrongPity deployed Android malware to target Syria's e-government site visitors as part of its latest cyberespionage campaign, a new report by security firm Trend Micro details

Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?

Data Breach Today

Security Experts Size Up Impact of US Rush to Leave Afghanistan It's unlikely that the U.S. abandoning its embassy and other facilities in Afghanistan poses cyber risks, thanks to the emergency planning that was already in place, some security experts say

Risk 281

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Good News: REvil Ransomware Victims Get Free Decryptor

Data Breach Today

Many Files Crypto-Locked Before July 13 Unlockable via Free Bitdefender Decryptor Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast.

Alert for Ransomware Attack Victims: Here's How to Respond

Data Breach Today

As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery

How 'Mespinoza' Ransomware Group Hits Targets

Data Breach Today

Palo Alto Networks Report Describes Tactics of Group Leveraging Open-Source Tools The gang behind the ransomware strain known as Mespinoza, aka PYSA, is targeting manufacturers, schools and others, mainly in the U.S. and U.K., demanding ransom payments as high as $1.6

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Facebook Disrupts Iranian APT Campaign

Data Breach Today

Tortoiseshell' Group Used the Social Network to Contact Targets Facebook's threat intelligence team says it has disrupted an Iranian advanced persistent threat group that was using the social network as part of an effort to spread malware and conduct cyberespionage operations, primarily in the U.S.

IT 285

Congress Focuses on Industrial Control System Security

Data Breach Today

Senate Bill Would Require CISA to Identify and Respond to ICS Threats A bipartisan group of senators is pushing a bill that would require CISA to identify and respond to vulnerabilities and threats that target industrial control systems. The House has already passed a similar measure

Ransomware Landscape: REvil Is One of Many Operators

Data Breach Today

Biden Administration Says Attempted Ransomware Disruption Efforts Won't Be Immediate As the Biden administration attempts to force Russia to crack down on its domestic cybercriminals, one challenge will be the sheer diversity of attack code being wielded and individuals involved.