Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees.

Ransomware 305

Ransomware Government Security IT 305

Dark Reading

MARCH 1, 2022

Email-borne attacks out of Russia have already targeted at least a few US and European organizations.

133

133

IT Governance

MARCH 1, 2022

The cyber security industry, much like the rest of the world, is on edge. Our figures for this month are comparatively low – with 83 data breaches and cyber attacks accounting for 5,127,241 breached records – but there is a sense that we are on the brink of something. In the final days of February, there were a flurry of security incidents related, either directly or indirectly, to the Ukraine conflict.

Data breaches 134

Data breaches Ransomware Government Blockchain 134

The Last Watchdog

FEBRUARY 28, 2022

One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.

Security 266

Security IoT Digital transformation Authentication 266

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

MARCH 2, 2022

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti , one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves.

Ransomware 211

Ransomware Communications Security IT 211

Security Affairs

FEBRUARY 28, 2022

Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses. Anonymous and numerous hacker groups linked to the popular collective continue to launch cyber attacks against Russian and Belarussian government organizations and private businesses. In the last few days massive DDoS attacks have taken offline numerous websites of Russian government entities, including the Duma and Ministry of Defense.

Government 145

Government Security IT Information Security 145

eSecurity Planet

MARCH 4, 2022

The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too.

Security 137

Security Authentication Cybersecurity Encryption 137

Dark Reading

MARCH 4, 2022

Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows.

Security 137

Security 137

Data Matters

MARCH 3, 2022

On February 25, 2022, in light of Russia’s attack on Ukraine, and months of continuing Russian state-sponsored cyberattacks on Ukrainian government and critical infrastructure organizations, the Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” warning to American critical infrastructure organizations and businesses, stating that “[e]very organization—large and small—must be prepared to respond to disruptive cyber activity.

Government 141

Government Cybersecurity Authentication Information Security 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

FEBRUARY 26, 2022

Global internet monitor working group NetBlocks reported that Twitter has been restricted in Russia amid conflict with Ukraine. Global internet monitor working organization NetBlocks shared its metrics confirming the restriction of Twitter in Russia from early morning amid conflict with Ukraine. Multiple local providers (Rostelecom, MTS, Beeline and MegaFon) were blocking access to the popular platform to prevent the vision of videos and images of the attacks carried out by Russian army in Ukrai

Government 138

Government Access Security IT 138

WIRED Threat Level

FEBRUARY 26, 2022

Plus: Hacker recruits, NFT thefts, and more of the week’s top security news.

Security 136

Security 136

Schneier on Security

MARCH 4, 2022

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws.

Encryption 130

Encryption Security IT Paper 130

Dark Reading

MARCH 1, 2022

Hybridizing signatures with artificial intelligence is making a significant difference in our ability to detect cyberattacks, including ransomware.

Artificial Intelligence 126

Artificial Intelligence Cybersecurity Ransomware 126

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

FEBRUARY 27, 2022

The Anonymous hacker collective claims to have breached the Belarusian Railway’s data-processing network. The Anonymous collective announced that the internal network of Belarusian railways has been compromised, the group claims to have blocked all services and will deactivate them until Russian troops will leave the territory of Belarus. The internal network of Belarusian railways has been attacked, all services are out of order and will soon be deactivated until Russian troops leave the

Military 128

Military Security IT Information Security 128

WIRED Threat Level

MARCH 2, 2022

Cybercriminals are exploiting a fleet of more than 100,000 misconfigured servers to knock websites offline.

Security 131

Security 131

Hunton Privacy

MARCH 3, 2022

On February 18, 2022, California Assembly Member Evan Low (D) introduced a pair of bills – AB 2871 and AB 2891 – that would extend the duration of the current exemptions in the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act (“CPRA”)) for certain HR data and business-to-business (“B2B”) customer representative personnel data from most of the law’s requirements.

B2B 126

B2B Privacy Compliance Personal data 126

Schneier on Security

MARCH 1, 2022

Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data.

Ransomware 125

Ransomware Encryption Paper IT 125

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

FEBRUARY 28, 2022

Microsoft revealed that Ukrainian entities were targeted with a previous undetected malware, dubbed FoxBlade, several hours before the invasion. The Microsoft Threat Intelligence Center (MSTIC) continues to investigate the attacks that are targeting Ukrainian networks and discovered that entities in Ukraine were targeted with a previously undetected malware, dubbed FoxBlade, several hours before Russia’s invasion. “This trojan can use your PC for distributed denial-of-service (DDoS)

Government 126

Government IT Security 126

Troy Hunt

MARCH 4, 2022

With travel now behind me, I'm back to a stable schedule and doing these on time again. Mind you, I came home to some of the wildest weather I've ever seen here, but it was kinda cool to watch and the kids didn't complain getting days off school. Oh - and I also loaded a bunch of new data breaches this week, the Robinhood one from earlier today being particularly noteworthy with more than 5M unique email addresses.

Data breaches 24

Data breaches IT 24

Hunton Privacy

MARCH 2, 2022

On February 17, 2022, the California Privacy Protection Agency (“CPPA”) announced at a board meeting that it will delay the publication of final regulations under the California Privacy Rights Act (“CPRA”). As drafted, the CPRA provides for regulations to be finalized by July 1, 2022, to allow for a six-month compliance window ahead of the law’s January 1, 2023 effective date.

Privacy 125

Privacy Compliance IT 125

Schneier on Security

FEBRUARY 28, 2022

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons.

Insurance 122

Insurance Cybersecurity Security 122

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Dark Reading

MARCH 1, 2022

Most importantly, someone needs to step forward and take it on as their job.

Security 118

Security IT 118

eSecurity Planet

MARCH 1, 2022

While the cybersecurity world is focused on the Russian invasion of Ukraine , new research from Symantec serves as a reminder that significant threats remain elsewhere too. Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China.

Communications 117

Communications Encryption Government Cybersecurity 117

Security Affairs

MARCH 1, 2022

US CISA and the FBI warned US organizations that data wiping attacks targeting Ukraine entities could spill over to targets worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory to warn US organizations of data wiping attacks targeting Ukraine that could hit targets worldwide.

Cybersecurity 116

Cybersecurity Phishing Authentication Security 116

Threatpost

MARCH 1, 2022

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.

Libraries 112

Libraries Communications Security 112

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Hunton Privacy

MARCH 1, 2022

The Federal Trade Commission has reached a settlement with WW International, Inc. and Kurbo, Inc. over allegations the companies improperly registered children for the “Kurbo by WW” online weight loss management program. In pleadings filed on February 16, 2022, in federal court in the Northern District of California, the FTC claims WW and Kurbo offered a service that was tailored for children but that failed to ensure parental involvement in the registration process.

Privacy 111

Privacy Personal data Information Security Security 111

OpenText Information Management

FEBRUARY 27, 2022

The benefits of moving to cloud are well-documented. Decision makers surveyed by 451 Research cited improved operational efficiency, greater security, and cost savings as key benefits of cloud-native technology. Leveraging a DevOps strategy – that strategically combines software development with IT operations – is central to this transformation. By balancing operational needs with continuous delivery, … The post From investment to innovation engine: Cloud technology and DevOps strategy are

Digital transformation 109

Digital transformation Cloud Security Content services 109

Security Affairs

FEBRUARY 27, 2022

Ukraine is recruiting a volunteer IT army composed of white hat hackers to launch attacks on a list of Russian entities. Ukraine is recruiting a volunteer IT army of cyber security experts and white hat hackers to launch cyberattacks on a list of Russian entities. The list is composed of 31 targets including Russian critical infrastructure, government agencies, banks, hosting prividers.

IT 116

IT Digital transformation Government Ransomware 116