Data Breach Today
DECEMBER 29, 2020
Both Strains of Malware Among Multiple Tactics Being Used by Supply Chain Attackers Software vendor SolarWinds has updated multiple versions of its Orion network-monitoring software to address the Sunburst backdoor that was added to its code, and to block Supernova malware that exploited a vulnerability in Orion. But incident response experts have warned that full cleanup may take years.
Dark Reading
DECEMBER 29, 2020
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Threatpost
DECEMBER 28, 2020
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.
Krebs on Security
DECEMBER 29, 2020
Today marks the 11th anniversary of KrebsOnSecurity! Thank you, Dear Readers, for your continued encouragement and support! With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. And it’s perhaps fitting that this was also a leap year, piling on an extra day to a solar rotation that most of us probably can’t wait to see in the rearview mirror.
Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage
Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into
Data Breach Today
DECEMBER 29, 2020
RiskIQ CEO Lou Manousos Details Lessons to Learn in Supply-Chain Attack Aftermath The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Schneier on Security
DECEMBER 31, 2020
In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information. The protocol s/MIME (V3) allows signed receipts, security labels, and secure mailing lists… The underlying certificate used by s/MIME mechanism has to be in compliance with X.509 standard… The processing rules for s/MIM
WIRED Threat Level
DECEMBER 30, 2020
This year saw plenty of destructive hacking and disinformation campaigns—but amid a pandemic and a historic election, the consequences have never been graver.
Data Breach Today
DECEMBER 31, 2020
The Ticket Seller Used Credentials Supplied by a Competitor's Former Staffer Ticketmaster has agreed to pay a $10 million criminal fine to resolve charges that the company illegally accessed an unnamed competitor's computer system on at least 20 separate occasions, using stolen passwords to conduct a cyber espionage operation.
Security Affairs
DECEMBER 31, 2020
Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since early December targeting public-facing services, including MySQL, Tomcat admin panel and Jenkins that are protected with weak passwords.
Advertisement
Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?
Threatpost
DECEMBER 30, 2020
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.
Hunton Privacy
DECEMBER 28, 2020
On December 24, 2020, the European Union and the United Kingdom reached an agreement in principle on the historic EU-UK Trade and Cooperation Agreement (the “Trade Agreement”). For data protection purposes, there is a further transition period of up to six months to enable the European Commission to complete its adequacy assessment of the UK’s data protection laws.
Data Breach Today
DECEMBER 31, 2020
Nefilim Ransomware Gang Takes Responsibility, Posts Allegedly Stolen Data The major appliances giant Whirlpool acknowledges it was hit with a ransomware attack in November, with the cyber gang Nefilim taking responsibility for the cyber incident and claiming to have stolen company data.
Security Affairs
JANUARY 1, 2021
Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, it could be exploited by an attacker to login with administrative privileges and take over the networking devices. “Firmw
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Dark Reading
DECEMBER 31, 2020
Variety is the spice of life, and it's also the perfect analogy for the article topics that resonated most with Edge readers this past year.
Troy Hunt
JANUARY 1, 2021
It's a new year! With lots of breaches to discuss already ? Ok, so these may not be 2021 breaches but I betcha that by next week's update there'll be brand new ones from the new year to discuss. I managed to get enough connectivity in the middle of the Australian outback in front of Uluru to do the live stream this week, plus talk a bunch more about what we've been doing on our epic Australian journey.
Data Breach Today
DECEMBER 30, 2020
Compromised Information Includes Phone Numbers and Call-Related Information T-Mobile on Tuesday began informing a portion of its customers that some of their mobile phone account information may have been compromised in a data breach that took place in early December. About 200,000 customers are affected.
Security Affairs
DECEMBER 29, 2020
Japanese giant Kawasaki Heavy Industries discovered unauthorized access to a Japanese company server from multiple overseas offices. Kawasaki Heavy Industries disclosed a security breach, the company discovered unauthorized access to a Japanese company server from multiple overseas offices. Information from its overseas offices might have been stolen as a result of a security breach that took place earlier this year.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
IT Governance
DECEMBER 29, 2020
With data breaches soaring over the past two years and organisations struggling with the technical demands of the coronavirus pandemic, PwC has declared this a critical point for the cyber security industry. Its Cyber security strategy 2021: An urgent business priority report notes that the pandemic means organisations can no longer ignore the importance of cyber security.
Adam Levin
DECEMBER 30, 2020
Hackers are using internet-connected home devices to livestream “swatting” attacks, according to the FBI. Swatting is a dangerous prank where emergency services are called to respond to a life threatening situation that requires immediate intervention by police and/or S.W.A.T. teams. In a public service announcement issued December 29, the FBI warned that “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.
Data Breach Today
DECEMBER 28, 2020
NCA: Now-Defunct Website Sold Access to 12 Billion Personal Records Police in the U.K. have arrested 21 people who were customers of the now-defunct WeLeakInfo website that provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches, according to Britain's National Crime Agency. Other investigations are still underway.
Security Affairs
DECEMBER 31, 2020
The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products. The threat actors behind the SolarWinds attack could have compromised a small number of internal accounts and used at least one of them to view source code in a number of source code repositories. Shortly after the disclosure of the SolarWinds attack, Microsoft confirmed that it was one of the companies breached in the recent supply chain attack, but the IT giant de
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
WIRED Threat Level
DECEMBER 29, 2020
2020 was a great year for ransomware gangs. For hospitals, schools, municipal governments, and everyone else, it’s going to get worse before it gets better.
Threatpost
DECEMBER 29, 2020
David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses.
Data Breach Today
DECEMBER 29, 2020
Attackers Gained Access to Company's Network Through Remote, Overseas Servers Kawasaki Heavy Industries is reporting that an unknown threat actor gained access to its internal network through servers located in an overseas office, according to a company statement. The result: Some corporate data may have leaked to a third party.
Security Affairs
DECEMBER 28, 2020
The American multinational manufacturer and marketer of home appliances Whirlpool was hit by the Nefilim ransomware gang. The American multinational manufacturer and marketer of home appliances Whirlpool suffered a ransomware attack, Nefilim ransomware operators claim to have stolen data from the company and threaten to release the full dump if the company will not pay the ransom.
Advertisement
Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.
Dark Reading
DECEMBER 29, 2020
Eight cybersecurity leaders go deep on their most valuable (and very human) takeaways from a year like no other we've known.
Hunton Privacy
DECEMBER 29, 2020
On December 22, 2020, New York Governor Andrew Cuomo signed into law legislation that temporarily bans the use or purchase of facial recognition and other biometric identifying technology in public and private schools until at least July 1, 2022. The legislation also directs the New York Commissioner of Education (the “Commissioner”) to conduct a study on whether this technology is appropriate for use in schools.
Data Breach Today
DECEMBER 31, 2020
Hackers Use Stolen Email Credentials to Takeover a Home Smart Devices The FBI is warning of a rise in "swatting attacks," which see hackers use compromised email accounts to access poorly-secured home smart devices that are equipped with cameras and voice capabilities to make hoax calls to emergency services.
Expert insights. Personalized for you.
288 
Let's personalize your content