Data Breach Today
SEPTEMBER 24, 2021
The latest edition of the ISMG Security Report features an analysis of how the U.S. government has been tracking an increase in the pace of attacks tied to Conti ransomware. Also featured are what "protection" means today and building a new cybersecurity operating model.
Krebs on Security
SEPTEMBER 20, 2021
It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
SEPTEMBER 23, 2021
Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of the flaws was exploited by threat actors to infect the device with the NSO Pegasus spyware.
The Last Watchdog
SEPTEMBER 20, 2021
An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
SEPTEMBER 19, 2021
Matthew Gatrel Offered Subscription-Based Computer Attack Platforms An Illinois man has been found guilty of running subscription-based distributed denial of service attacks that enabled customers to launch DDoS strikes of their own. He is now facing a statutory maximum sentence of 35 years in federal prison when sentenced in January 2022.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 19, 2021
The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. Kape announced that the acquisition will more than double its overall customer base, from almost 3 million customers to more than 6 million.
AIIM
SEPTEMBER 21, 2021
I’ll save you from having to read another contrived word about how difficult the last year was. And it was, without a doubt, difficult. Instead, I want to focus on one of my favorite positives to come out of the pandemic – the “Covid Hobby” phenomenon. Many of us used our newfound downtime to take on new challenges and adopt new skills. Bicycle shops had waiting lists a mile long, baseball cards were sold out at stores everywhere, and the language-learning app Duolingo saw a 101% increase in new
Data Breach Today
SEPTEMBER 24, 2021
The Ad, Now Deleted, Lured Users to a Phishing Website to Harvest Credentials Chinese security researcher Zhi has discovered a malware targeting Mac users. The malware, spread via a paid advertisement on search engine Baidu, is intended to harvest user credentials, he says. The advertisement has now been taken down.
eSecurity Planet
SEPTEMBER 24, 2021
Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? While InsightIDR functions as a security information and event management (SIEM) solution, its functionality goes far beyond traditional SIEM products and extends to the budding XDR space.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
SEPTEMBER 22, 2021
CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices.
Threatpost
SEPTEMBER 24, 2021
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
Data Breach Today
SEPTEMBER 20, 2021
Researchers Believe NEW Cooperative Targeted By BlackMatter Gang NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports. The cooperative is working with law enforcement.
IT Governance
SEPTEMBER 21, 2021
For years, cyber security experts have predicted a shift towards hybrid working – but they weren’t expecting it to come so suddenly and as a result of a global crisis. Nonetheless, they have been proven right, with millions of organisations deciding to keep their remote set-up even as the pandemic subsides. To make hybrid work a success, though, organisations must regularly evaluate their IT processes.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
SEPTEMBER 20, 2021
Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand.
Schneier on Security
SEPTEMBER 22, 2021
The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.
Data Breach Today
SEPTEMBER 24, 2021
Jen Easterly Offered Details of Investigation That Led to Joint Security Alert During testimony before a U.S. Senate committee hearing Thursday, CISA Director Jen Easterly told lawmakers that a recent joint alert issued by her agency, the FBI and the Coast Guard Cyber Command stemmed from an attempted attack against the Port of Houston in August.
Threatpost
SEPTEMBER 23, 2021
Discovery of BulletProofLink—which provides phishing kits, email templates, hosting and other tools—sheds light on how wannabe cybercriminals can get into the business.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
SEPTEMBER 22, 2021
VMware addressed a critical arbitrary file upload vulnerability that affects the default configuration of vCenter Server 6.7 and 7.0 deployments. VMware addressed a critical arbitrary file upload vulnerability, tracked as CVE-2021-22005, that impacts appliances running default vCenter Server 6.7 and 7.0 deployments. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized
eSecurity Planet
SEPTEMBER 22, 2021
Backup has in some sense always been about the security of data. In the event of a data loss or disaster, you could turn to your backup to retrieve the data. But these days, backup must do much more. Not only must it provide a way to restore data in a timely manner, it must do it securely – and increasingly, users are demanding that it also offers protection against the scourge of ransomware. “Even if you have a backup, is it consistent and a copy of good data, or is it simply a copy of ba
Data Breach Today
SEPTEMBER 20, 2021
Nation-State Chinese Groups APT27, APT41 Likely Candidates Earlier this month, McAfee Enterprise's Advanced Threat Research team, working with McAfee's Professional Services IR team, reported that an APT campaign dubbed Operation Harvest had been in operation for years. Their analysis provides insight into the group's tools, tactics and techniques.
Data Protection Report
SEPTEMBER 21, 2021
The U.S. Department of Treasury, Office of Foreign Assets Control (“OFAC”) implemented additional measures today to combat the growing ransomware problem. OFAC’s measures consist of: (1) the designation of the entire SUEX OTC, S.R.O. (“SUEX”) crypto-currency exchange (SUEX) to the SDN List; (2) designating a fairly large number (~25) additional digital currency addresses to the SDN List; and (3) amending its earlier October 1, 2020 guidance to companies on the potential sanctions risks for faci
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
SEPTEMBER 21, 2021
Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on Macs. Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple’s macOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any macOS version.
eSecurity Planet
SEPTEMBER 24, 2021
If May’s endpoint detection and response (EDR) MITRE evaluations weren’t proof enough, Cynet’s flagship platform – also featuring XDR and MDR capabilities – continues to receive industry recognition. Cynet 360 is the all-in-one platform for Cynet’s threat detection and response (DR) technology for networks in need of advanced protection. In under an hour, Cynet says it can deploy, implement, and scan 5,000 hosts, giving network administrators near-immediate visibility into users, devices, events
Data Breach Today
SEPTEMBER 24, 2021
Discussion Also Tackles Kaseya Ransomware Decryption Key, Raising Enterprise Security Posture Four editors at Information Security Media Group discuss important cybersecurity issues, including the rise of quadruple extortion attacks employed by ransomware gangs, the FBI reportedly withholding the Kaseya ransomware decryption key for weeks, and raising security posture during a pandemic.
Threatpost
SEPTEMBER 22, 2021
All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
SEPTEMBER 22, 2021
A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow attackers to take over the devices. The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”.
eSecurity Planet
SEPTEMBER 24, 2021
If you’re looking for a password manager for your business, Bitwarden and LastPass might be on your list of potential solutions. Both vendors will help you and your employees store access credentials, improve password health, and share sensitive information securely. However, there are certain advantages each solution offers that might be better suited to your business’s specific needs.
Data Breach Today
SEPTEMBER 24, 2021
Security Experts on Vulnerabilities, Prevention Steps for State Governments The ransomware attack on Tamil Nadu's Public Department puts the spotlight on the preparedness to identify and stave off attacks. Some security experts say outdated servers, lack of advanced security measures and inadequate cyber laws make state government institutions vulnerable.
Expert insights. Personalized for you.
294 
Let's personalize your content