Data Breach Today
JUNE 3, 2021
Low-Bandwidth Network Can Share Internet Connections Among Amazon Devices Internet of things security professionals are expressing concern over Amazon's new Sidewalk - a low-bandwidth network program that will allow some of the company's connected and IoT devices to share Wi-Fi access even outside an owner's home.
WIRED Threat Level
MAY 31, 2021
From NotPetya to SolarWinds, it’s a problem that’s not going away any time soon.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
eSecurity Planet
JUNE 3, 2021
The National Security Council is sending a memo to U.S. companies urging them to take the ransomware threat more seriously as the Biden Administration ramps up its responses following recent attacks linked to Russia-based hacker groups on two major corporations. In the open letter dated June 3, Anne Neuberger, the NSC’s cybersecurity adviser, said that while the federal government is doing what it can to combat the accelerating threat, private sector organizations also play a crucial role.
Security Affairs
JUNE 4, 2021
Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724 , that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Krebs on Security
MAY 29, 2021
Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
MAY 29, 2021
BravoMovies isn't real. But it puts in a remarkable amount of effort to convince you that it is.
Security Affairs
MAY 31, 2021
A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel. Japanese researcher Kento Oki has discovered a bug in PatchGuard that could be exploited by an attacker to load unsigned malicious code into the Windows operating system kernel. The PatchGuard, also known as Kernel Patch Protection, is a software protection utility that has been designed to forbid the kernel of 64-bit versions of Windows OS from be
The Last Watchdog
JUNE 1, 2021
Cybercriminals use various techniques for conducting cyberattacks. One such popular way to infiltrate a system is Pharming. It is an online scam attack quite similar to Phishing. Related: Credential stuffing explained. The term Pharming is a combination of two words Phishing and Farming. It is a type of social engineering cyberattack in which the website’s traffic is manipulated to steal confidential credentials from the users.
Data Breach Today
JUNE 1, 2021
Vulnerability Affects Siemens SIMATIC S7-1200 and S7-1500 CPU Siemens has released patches for certain automation products that have a critical memory protection vulnerability, which attackers could exploit to run arbitrary code to access memory areas, enabling them to read sensitive data and use it to launch further attacks.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
WIRED Threat Level
JUNE 1, 2021
Hackers targeting JBS USA have disrupted meat processing facilities around the world, just one month after the Colonial Pipeline attack caused fuel distribution havoc.
Security Affairs
JUNE 4, 2021
Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware. Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server.
AIIM
JUNE 1, 2021
What is the future of work? That’s hard to say. But one thing seems certain: Disruption lies ahead. Driven by innovations in technology, shifting business strategies, and evolving definitions of success, the workplace is changing fast. As the adoption of things like process automation, AI, and Machine Learning continue to accelerate, so will the pace of change in the workplace.
Data Breach Today
MAY 29, 2021
2022 Budget Proposal Seeks $750 Million for 'Lessons Learned' From SolarWinds The White House officially released its 2022 federal budget proposal on Friday, and the Biden administration is seeking to spend billions on cybersecurity next year, including $750 million for "lessons learned" from the SolarWinds attack. Officials also want to boost CISA's budget by $110 million.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
MAY 29, 2021
Plus: A major hack in Japan, Citizen app run amuck, and more of the week's top security news.
Security Affairs
MAY 30, 2021
Qihoo 360 NETLAB spotted a new backdoor dubbed Facefish that could allow attackers to take over Linux systems and steal sensitive data. Cybersecurity experts from Qihoo 360 NETLAB published details about a new backdoor, dubbed Facefish, which can be used by threat actors to steal login credentials and executing arbitrary commands on Linux systems. The malware was also analyzed by Juniper researchers who observed the use of an exploit against the Control Web Panel (CWP) server administration we
The Last Watchdog
JUNE 2, 2021
The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. Related: The importance of basic research. We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google.
Data Breach Today
JUNE 1, 2021
World's Largest Meat Supplier Says Servers Hit in North America and Australia The world's largest meat supplier, JBS, says an "organized cybersecurity attack" has led it to shut down servers in North America and Australia. Experts say a prolonged outage could have a noticeable impact on the global supply of meat. The company has yet to disclose if the attack involved ransomware.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
MAY 30, 2021
The covert channel bug demonstrates a fundamental fact of CPUs: even new ones have vulnerabilities.
Security Affairs
JUNE 2, 2021
Zero-day exploit broker Zerodium is looking for 0day exploits affecting the IM client tool Pidgin on Windows and Linux. Zero-day exploit broker Zerodium announced it is looking for 0day exploits affecting the IM client tool Pidgin on Windows and Linux. The company will pay up to $100,000 for zero-days in Pidgin, which is a free and open-source multi-platform instant messaging client.
AIIM
JUNE 3, 2021
The National Archives and Records Administration ( NARA ) and Office of Management and Budget ( OMB ) set forth the government-wide policy M-19-21 as a directive to progress how government records are managed. Read on to learn what this directive is, who it impacts, and seven factors necessary to achieve compliance. What Is M-19-21? Who Does M-19-21 Impact?
Data Breach Today
JUNE 2, 2021
FireEye to Sell Product Line, Name to Private Equity FireEye announced on Wednesday the sale of its product line and name to Symphony Technology Group, a private equity group based in Palo Alto, for $1.2 billion. The deal means FireEye will be separated from Mandiant Solutions, its forensics unit that's often called upon after a data breach.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
WIRED Threat Level
JUNE 3, 2021
Hart InterCivic will be the first private vendor to partner with the company on using its open-source ElectionGuard system.
Security Affairs
JUNE 3, 2021
Cisco addressed multiple security flaws, including high-severity vulnerabilities, in Webex Player, SD-WAN software, and ASR 5000 series software. Cisco has addressed multiple vulnerabilities in its products , including high-risk flaws in Webex Player, SD-WAN software, and ASR 5000 series software. The IT giant fixed three high-severity vulnerabilities (CVE-2021-1503, CVE-2021-1526, CVE-2021-1502) affecting Webex Player for Windows and macOS.
Schneier on Security
JUNE 2, 2021
The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ran
Data Breach Today
JUNE 3, 2021
Ransomware-as-a-Service Operation REvil - aka Sodinokibi - Has Been Making a Killing The FBI has attributed the ransomware attack against meat processing giant JBS to the REvil - aka Sodinokibi - ransomware-as-a-service operation. Security experts say the operation, which dates from 2019, appears to be run from Russia, and has been hitting increasingly large targets.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
JUNE 3, 2021
Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments.
Security Affairs
JUNE 2, 2021
A critical zero-day vulnerability in the Fancy Product Designer WordPress plugin exposes more than 17,000 websites to attacks. Researchers from the Wordfence team at WordPress security company Defiant warn that a critical zero-day vulnerability, tracked as CVE-2021-24370, in the Fancy Product Designer WordPress plugin is actively exploited in the wild.
Schneier on Security
JUNE 1, 2021
The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through to the end.
Expert insights. Personalized for you.
251 
Let's personalize your content