Data Breach Today
SEPTEMBER 24, 2021
The latest edition of the ISMG Security Report features an analysis of how the U.S. government has been tracking an increase in the pace of attacks tied to Conti ransomware. Also featured are what "protection" means today and building a new cybersecurity operating model.
Krebs on Security
SEPTEMBER 20, 2021
It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
SEPTEMBER 23, 2021
Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of the flaws was exploited by threat actors to infect the device with the NSO Pegasus spyware.
WIRED Threat Level
SEPTEMBER 21, 2021
Apple’s latest software update has a bunch of new security features. Here's how to put them to use.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Data Breach Today
SEPTEMBER 19, 2021
Matthew Gatrel Offered Subscription-Based Computer Attack Platforms An Illinois man has been found guilty of running subscription-based distributed denial of service attacks that enabled customers to launch DDoS strikes of their own. He is now facing a statutory maximum sentence of 35 years in federal prison when sentenced in January 2022.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 21, 2021
Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on Macs. Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple’s macOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any macOS version.
WIRED Threat Level
SEPTEMBER 18, 2021
Plus: Remote learning spyware, an AT&T bribery scandal, and more of the week's top security news.
Data Breach Today
SEPTEMBER 24, 2021
The Ad, Now Deleted, Lured Users to a Phishing Website to Harvest Credentials Chinese security researcher Zhi has discovered a malware targeting Mac users. The malware, spread via a paid advertisement on search engine Baidu, is intended to harvest user credentials, he says. The advertisement has now been taken down.
Schneier on Security
SEPTEMBER 24, 2021
This isn’t the first time I’ve received an e-mail like this: Hey! I’ve done my research and looked at a lot of facts and old forgotten archives. I know that you are Satoshi, I do not want to tell anyone about this. I just wanted to say that you created weapons of mass destruction where niches remained poor and the rich got richer! When bitcoin first appeared, I was small, and alas, my family lost everything on this, you won’t find an apple in the winter garden, people onl
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Security Affairs
SEPTEMBER 19, 2021
The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. Kape announced that the acquisition will more than double its overall customer base, from almost 3 million customers to more than 6 million.
WIRED Threat Level
SEPTEMBER 19, 2021
From file backups to movie streaming, network attached storage drives offer plenty of functions and features.
Data Breach Today
SEPTEMBER 20, 2021
Researchers Believe NEW Cooperative Targeted By BlackMatter Gang NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports. The cooperative is working with law enforcement.
Schneier on Security
SEPTEMBER 22, 2021
The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
SEPTEMBER 20, 2021
Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand.
WIRED Threat Level
SEPTEMBER 23, 2021
DeSnake apparently eluded the DOJ's takedown of AlphaBay. The admin talked to WIRED about his return—and the resurrection of the notorious underground marketplace.
Data Breach Today
SEPTEMBER 24, 2021
Jen Easterly Offered Details of Investigation That Led to Joint Security Alert During testimony before a U.S. Senate committee hearing Thursday, CISA Director Jen Easterly told lawmakers that a recent joint alert issued by her agency, the FBI and the Coast Guard Cyber Command stemmed from an attempted attack against the Port of Houston in August.
Schneier on Security
SEPTEMBER 23, 2021
ROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that is).
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
SEPTEMBER 22, 2021
CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices.
WIRED Threat Level
SEPTEMBER 23, 2021
A recent wave of attacks belies an apparent lull toward the end of the summer.
Data Breach Today
SEPTEMBER 20, 2021
Nation-State Chinese Groups APT27, APT41 Likely Candidates Earlier this month, McAfee Enterprise's Advanced Threat Research team, working with McAfee's Professional Services IR team, reported that an APT campaign dubbed Operation Harvest had been in operation for years. Their analysis provides insight into the group's tools, tactics and techniques.
eSecurity Planet
SEPTEMBER 21, 2021
Effective encryption has long been critical for protecting sensitive enterprise data, but as hackers increasingly leverage encrypted channels to access and traverse enterprise networks, secure traffic decryption is also key to assessing potential threats. Mike Campfield, vice president of global security programs at ExtraHop, spoke with eSecurity Planet about the importance of a comprehensive decryption and monitoring strategy to ensure enterprise security.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Security Affairs
SEPTEMBER 19, 2021
Numando, a new banking Trojan that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. ESET researchers spotted a new LATAM banking trojan, tracked as Numando, that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. The threat actor behind this banking Trojan has been active since at least 2018, it focuses almost exclusively on Brazil but experts spotted rare attacks against users in Mexico and Spain.
Threatpost
SEPTEMBER 24, 2021
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
Data Breach Today
SEPTEMBER 24, 2021
Discussion Also Tackles Kaseya Ransomware Decryption Key, Raising Enterprise Security Posture Four editors at Information Security Media Group discuss important cybersecurity issues, including the rise of quadruple extortion attacks employed by ransomware gangs, the FBI reportedly withholding the Kaseya ransomware decryption key for weeks, and raising security posture during a pandemic.
eSecurity Planet
SEPTEMBER 22, 2021
Ransomware is one of the fastest-growing and most destructive cyber threats today. Cybersecurity researchers largely agree that ransomware growth has been astronomical; the only question is by how much. A recent Positive Technologies report found that 69% of all malware attacks now involve ransomware, and with the sums involved, it’s easy to see why malicious actors would eschew less lucrative cyber attack methods.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
SEPTEMBER 22, 2021
VMware addressed a critical arbitrary file upload vulnerability that affects the default configuration of vCenter Server 6.7 and 7.0 deployments. VMware addressed a critical arbitrary file upload vulnerability, tracked as CVE-2021-22005, that impacts appliances running default vCenter Server 6.7 and 7.0 deployments. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized
Schneier on Security
SEPTEMBER 24, 2021
The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards. At the top of the food chain are the government-sponsored hackers.
Data Breach Today
SEPTEMBER 23, 2021
Advisory Urges Multifactor Authentication, Network Segmentation, Patching and More The pace of Conti ransomware attacks has been increasing, with more than 400 organizations globally having fallen victim, warns a joint cybersecurity advisory from the U.S. Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency, which details essential defenses.
Expert insights. Personalized for you.
297 
Let's personalize your content