Data Breach Today
DECEMBER 17, 2020
Devastating Scope of Hacking Campaign Expands Microsoft says on Thursday it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies. Meanwhile, CISA warns the SolarWinds Orion supply chain compromise may not be the only infection vector.
Dark Reading
DECEMBER 21, 2020
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 4, 2020
Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.
Krebs on Security
DECEMBER 14, 2020
Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
DECEMBER 18, 2020
The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” This is related to the SolarWinds hack I have previously written about , and represents one of the techniques the SVR is using once it has gained access to target networks.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
DECEMBER 11, 2020
Researchers: Attackers Also Selling Access to Over 250,000 Stolen Databases Hackers are targeting thousands of vulnerable MySQL servers around the world, using ransomware to exfiltrate data from organizations and then demanding payment, according to Guardicore Labs. The attackers are also selling access to over 250,000 stolen databases.
erwin
DECEMBER 3, 2020
As the amount of data grows exponentially, organizations turn to data intelligence to reach deeper conclusions about driving revenue, achieving regulatory compliance and accomplishing other strategic objectives. It’s no secret that data has grown in volume, variety and velocity, with 2.5 quintillion bytes generated every day and 90 percent of the world’s data volume created just in the last two years.
Security Affairs
DECEMBER 31, 2020
Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since early December targeting public-facing services, including MySQL, Tomcat admin panel and Jenkins that are protected with weak passwords.
Krebs on Security
DECEMBER 18, 2020
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware , which the U.S.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Schneier on Security
DECEMBER 31, 2020
In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information. The protocol s/MIME (V3) allows signed receipts, security labels, and secure mailing lists… The underlying certificate used by s/MIME mechanism has to be in compliance with X.509 standard… The processing rules for s/MIM
Threatpost
DECEMBER 23, 2020
Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.
Data Breach Today
DECEMBER 14, 2020
Fellow Victim FireEye Traces Breaches to Trojanized SolarWinds Software Updates The U.S. Commerce Department confirmed on Sunday it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck. The intrusions appear linked to subverted software updates for SolarWinds' Orion network monitoring product, which is widely used by companies and the U.S. government.
Hunton Privacy
DECEMBER 3, 2020
On November 26, 2020, the Belgian Data Protection Authority (“Belgian DPA”) signed a cooperation agreement with DNS Belgium, the organization managing the “.be” country code top-level domain name. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be” websites that are linked to infringements of the EU General Data Protection Regulation (the “GDPR”).
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
DECEMBER 21, 2020
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor.
Krebs on Security
DECEMBER 16, 2020
A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. Austin, Texas-based SolarWinds disclosed this week that a compromise of its software update servers earlier this year may have resulted in malicious code
Schneier on Security
DECEMBER 18, 2020
Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology. Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices.
IT Governance
DECEMBER 1, 2020
We recorded 103 cyber security incidents in November, which accounted for 586,771,602 leaked records. The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below. Here is our complete list of November’s cyber attacks and data breaches. As usual, incidents affecting UK organisations are in bold.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Data Breach Today
DECEMBER 21, 2020
Suspected Cyber Espionage Prioritized Biggest Targets, Says FireEye CEO Kevin Mandia Hackers who infiltrated government and business networks via a stealthy backdoor added to SolarWinds' Orion software appear to have focused on only the most high-value of targets, leading to about 50 organizations being "genuinely impacted," says FireEye CEO Kevin Mandia.
WIRED Threat Level
DECEMBER 30, 2020
This year saw plenty of destructive hacking and disinformation campaigns—but amid a pandemic and a historic election, the consequences have never been graver.
Security Affairs
DECEMBER 12, 2020
Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched.
Krebs on Security
DECEMBER 10, 2020
Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Schneier on Security
DECEMBER 17, 2020
The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update – a Trojan horse of sorts – that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised. Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies.
Dark Reading
DECEMBER 14, 2020
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
Data Breach Today
DECEMBER 7, 2020
Such Specialization Highlights Ransomware Operators' Increasing Business Savvy Ransomware innovation seems to know no bounds, as crime gangs seek new ways to make crypto-locking malware ever more profitable. Beyond data-leak sites and affiliate programs, gangs have also been using call centers to cold-call victims, tell them they've been hit by ransomware, and request payment.
erwin
DECEMBER 10, 2020
Learn. Transform. Advance. That was the theme of the global conference we produced in October, but I’d venture to say it’s the mantra global organizations need to adopt as we continue to deal with the most disruptive event of our lifetime: COVID-19. Learn. When I look back, I should not be surprised that 2020 has been incredibly busy for us here at erwin.
Advertisement
Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.
Security Affairs
DECEMBER 8, 2020
The OpenSSL Project disclosed a serious security vulnerability in TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The OpenSSL Project warned of a ‘high-severity’ security vulnerability in the TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The flaw is a null pointer dereference, successful exploitation could trigger denial-of-service conditions.
Krebs on Security
DECEMBER 4, 2020
The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.
Schneier on Security
DECEMBER 24, 2020
Interesting analysis of China’s efforts to identify US spies: By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence program, developing databases that tracked flights and passenger lists for espionage purposes. “We looked at it very carefully,” said the former senior CIA official.
Expert insights. Personalized for you.
361 
Let's personalize your content