Dark Reading

MARCH 22, 2021

Understanding each one can go a long way toward demystifying the topic as a whole - and combatting the threat.

134

134

AIIM

MARCH 23, 2021

Many organizations have an obligation to maintain the information they create and receive as part of regular business activities and to ensure that the information is secured and maintained in official filing systems. But, with an endless amount of information flowing in and out of your business on a daily basis - how do you determine what to capture and what to avoid?

Information capture 211

Information capture Records Management IT Access 211

erwin

MARCH 25, 2021

erwin recently hosted the second in its six-part webinar series on the practice of data governance and how to proactively deal with its complexities. Led by Frank Pörschmann of iDIGMA GmbH, an IT industry veteran and data governance strategist, the second webinar focused on “ The Value of Data Governance & How to Quantify It.”. As Mr. Pörschmann highlighted at the beginning of the series, data governance works best when it is strongly aligned with the drivers, motivations and goals of the bu

Government 109

Government IT Compliance Risk 109

Data Breach Today

MARCH 21, 2021

BIG-IP Server Flaw Ranked 9.8 out of 10 in Severity Threats actors are actively exploiting a critical remote code vulnerability in F5 Networks' BIG-IP server appliances, for which patches were released by the company on March 10. The vulnerability has a CVSS ranking of 9.8 out of 10 - highly critical.

350

350

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.

Phishing 310

Phishing Data breaches Access Passwords 310

AIIM

MARCH 25, 2021

In another post this week, we took a look at the first step in the information lifecycle – information capture. We not only talked about the importance of capture, but we also talked about what you should be capturing and what you should avoid capturing. Today, I’d like to dig a little deeper into that discussion and talk about how to distinguish between a record and a non-record.

Records Management 149

Records Management Information capture IT 149

Data Breach Today

MARCH 21, 2021

PC and Device Maker Appears to Have Been Targeted by REvil Acer, one of the world's largest PC and device makers, has reportedly been targeted by the ransomware gang REvil, aka Sodinokibi, according to multiple published reports. To date, the Taiwanese company has not confirmed it has been attacked, but data has been posted to the gang's darknet site.

Ransomware 350

Ransomware IT 350

Krebs on Security

MARCH 22, 2021

Remember Norse Corp. , the company behind the interactive “pew-pew” cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch , which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services.

Computer and Electronics 300

Computer and Electronics Honeypots Archiving Marketing 300

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives.

Ransomware 145

Ransomware Encryption File names Passwords 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Schneier on Security

MARCH 26, 2021

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger problem in the near future.

Access 144

Access IT Military Security 144

Data Breach Today

MARCH 24, 2021

Investigation Continues; Law Enforcement Notified Insurance provider CNA reported Tuesday it was victimized over the weekend by a "cybersecurity attack" that caused a network disruption and impacted certain systems, including corporate email.

Insurance 340

Insurance Cybersecurity IT 340

WIRED Threat Level

MARCH 20, 2021

Plus: A mysterious zero-day spree, a high-profile hacker indictment, and more of the week’s top security news.

Security 142

Security 142

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020. .

Ransomware 145

Ransomware Encryption File names Manufacturing 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Schneier on Security

MARCH 22, 2021

This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. There’s a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, and then that they’ve mistyped a dollar amount and have received a large refund that they didn’t deserve.

Computer and Electronics 141

Computer and Electronics Access IT Security 141

Data Breach Today

MARCH 23, 2021

Brian Byrne and Bastien Latge of EMVCo Discuss Enhancement of Specifications As digital payments have skyrocketed as a result of the surge in e-commerce during the pandemic, more organizations have provided feedback on enhancing EMVCo's specifications to help fight fraud, two executives with the global technical body say.

336

336

WIRED Threat Level

MARCH 21, 2021

DearCry is the first attack to use the same Microsoft Exchange vulnerabilities, but its lack of sophistication lessens the threat.

Ransomware 141

Ransomware IT Security 141

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. After the public disclosure of ProxyLogon vulnerabilities, multiple threat actors started targeting vulnerable Microsoft Exchange servers exposed online. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry.

Ransomware 145

Ransomware Encryption Security IT 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

MARCH 24, 2021

It’s not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used. Listen to Your Key: Towards Acoustics-based Physical Key Inference. Abstract: Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raise

Paper 140

Paper Security IT 140

Data Breach Today

MARCH 23, 2021

Employee and Customer Information Compromised in January Attack; ICO Investigating British clothing and accessories retailer Fat Face says it detected a data breach in January, which exposed personal information - including partial payment card numbers - for an unspecified number of customers and employees. The Information Commissioner's Office is investigating.

Retail 334

Retail Data breaches IT 334

Threatpost

MARCH 23, 2021

The arts-and-crafts retailer left 138GB of sensitive information open to the public internet.

Retail 139

Retail Cloud Privacy Security 139

Security Affairs

MARCH 21, 2021

US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments.

Cloud 145

Cloud Government Security IT 145

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

WIRED Threat Level

MARCH 25, 2021

The Locus Charter asks companies to commit to 10 principles, including minimizing data collection and actively seeking consent from users.

Data collection 128

Data collection Privacy Security 128

Data Breach Today

MARCH 23, 2021

Proofpoint Update Describes the Fraud Tactics The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.

Access 331

Access 331

Threatpost

MARCH 24, 2021

The ransomware attack has impacted the IoT manufacturer's production lines across multiple sites, and other internal operations.

IoT 124

IoT Ransomware Manufacturing 124

Security Affairs

MARCH 20, 2021

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom. Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment of a $50,000,000 ransom, the largest one to date. Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 billion in revenue.

Ransomware 145

Ransomware Computer and Electronics Sales Encryption 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

WIRED Threat Level

MARCH 24, 2021

The company’s investigation into a Chinese espionage campaign took researchers beyond Facebook’s own platforms.

Security 126

Security 126

Data Breach Today

MARCH 23, 2021

Acting Director Describes Latest Steps in Battle Against Ransomware The Cybersecurity and Infrastructure Security Agency will soon use its new subpoena powers authorized under the 2021 National Defense Authorization Act to help in the battle against ransomware attacks and other cyberthreats, says Brandon Wales, the acting agency director.

Ransomware 328

Ransomware Cybersecurity Security IT 328

IT Governance

MARCH 25, 2021

Cyber Essentials is one of the most cost-effective ways of bolstering your organisation’s information security. The UK government-backed scheme is designed to help organisations address common weaknesses without having to spend a fortune overhauling their cyber security practices. In this blog, we explain the costs involved in Cyber Essentials certification, including consultancy fees, renewal and advancing to Cyber Essentials Plus.

Government 123

Government Information Security Data breaches Risk 123