Data Breach Today
FEBRUARY 11, 2021
Oldsmar Used Windows 7, Shared TeamViewer Password, Didn't Have a Firewall The Florida city that experienced a breach of its water treatment system used now-unsupported Windows 7 machines, shared the same password for remote access and had no firewall. The incident is likely to raise questions about the vulnerability of critical infrastructure in small towns on slim IT security budgets.
DXC Technology
FEBRUARY 8, 2021
We rang in 2020 with all the expectations that cloud computing would continue its progression as a massive catalyst for digital transformation throughout the enterprise. What we didn’t expect was a worldwide health crisis that led to a huge jump in cloud usage. Cloud megadeals have heralded a new era where cloud is a key […].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Threatpost
FEBRUARY 11, 2021
The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.
Krebs on Security
FEBRUARY 10, 2021
Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect of the incident seems to be that we learned about it at all.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
FEBRUARY 10, 2021
Warner and Rubio Call for Designation of Leader of Four-Agency Effort Citing a lack of coordination and transparency, U.S. Sens. Mark Warner and Marco Rubio of the Intelligence Committee are urging the four federal agencies investigating the cyberattack that targeted SolarWinds and other organizations to designate a leader for their investigative efforts.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
FEBRUARY 7, 2021
Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. The attack is possible because the machines use a smart card payment system that leverages insecure technology, the MIFARE Classic smart cards.
Krebs on Security
FEBRUARY 9, 2021
Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws. Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems w
Data Breach Today
FEBRUARY 10, 2021
Data Appears to Come From 2 Healthcare Organizations in Florida, Texas The Conti cybercrime gang has reportedly leaked sensitive patient data, as well as employee records, on a darknet site following recent hacker attacks on a two healthcare organizations in Florida and Texas.
AIIM
FEBRUARY 9, 2021
The new year always brings with it a handful of important questions around the AIIM Community. What are the key trends in information management? What are the top challenges to overcome? More importantly, what are the best practices and strategies to overcome them? Each year, AIIM conducts extensive user-research throughout the community to address these questions and more.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
FEBRUARY 7, 2021
The Largest compilation of emails and passwords (COMB), more than 3.2 billion login credentials, has been leaked on a popular hacking forum. More than 3.2 billion unique pairs of cleartext emails and passwords have been leaked on a popular hacking forum, the collection aggregates data from past leaks, such as Netflix, LinkedIn , Exploit.in , Bitcoin, and more.
Krebs on Security
FEBRUARY 8, 2021
Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.
Data Breach Today
FEBRUARY 12, 2021
Company Issues Patch, Remediation Advice SAP has issued a patch and remediation advice for a critical remote code execution vulnerability in its SAP Commerce product that could, if exploited, disrupt the entire system.
Schneier on Security
FEBRUARY 9, 2021
MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. “The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report sha
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
FEBRUARY 6, 2021
Packaging giant WestRock revealed this week that the recent ransomware attack impacted the company’s IT and operational technology (OT) systems. American corrugated packaging company WestRock announced at the end of January that it was the victim of a ransomware attack that impacted its information technology (IT) and operational technology (OT) systems.
Hunton Privacy
FEBRUARY 8, 2021
On January 28, 2021, international Data Privacy Day, the newly formed Brazilian data protection authority ( Agência Nacional de Proteção de Dados , the “ANPD”) published its regulatory strategy for 2021-2023 and work plan for 2021-2022 (in Portuguese). ANPD Regulatory Strategy. The ANPD’s regulatory strategy for 2021-2023 sets forth the agency’s vision for becoming a reference, nationally and internationally, with respect to data protection matters.
Data Breach Today
FEBRUARY 10, 2021
First Patch for 'Zerologon' Flaw Had Been Issued Last August Microsoft has finally pushed out the second half of the software patch for the "Zerologon" privilege escalation vulnerability in the Windows Netlogon Remote Protocol more than five months after the first half of the patch was issued.
Schneier on Security
FEBRUARY 8, 2021
Hackers are exploiting zero-day in SonicWall: In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.” In Monday’s update, SonicWall representatives said the company’s engineering team confirmed that the submission by NCC Group included a “critical zero-day” in the SMA 100 s
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
FEBRUARY 11, 2021
An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at the Rey Juan Carlos University in Madrid, he developed the AvaddonDecrypter utility that could be used by victims of the ransomware when their computers should not have
IT Governance
FEBRUARY 10, 2021
Cyber criminals have had constant success with coronavirus-related phishing scams, but their most recent campaign is the most dangerous we’ve seen. There have been multiple reports of people receiving an email purportedly from the NHS, saying they can book an appointment to receive their first COVID-19 vaccine. The sophisticated scam preys on people’s eagerness to be vaccinated and the much-publicised fact that the NHS is indeed emailing people to book vaccines.
Data Breach Today
FEBRUARY 8, 2021
CEOs and CISOs on Threats Targeting Known and Unknown Assets In the wake of COVID-19-accelerated transformation and the SolarWinds hack, the importance of understanding your organization's digital exposure is more critical than ever. In this latest Cybersecurity Leadership panel, CEOs and CISOs discuss asset discovery and attack surface vulnerability.
Schneier on Security
FEBRUARY 10, 2021
Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the company’s data, among last year’s top earners, there were groups like Ryuk, Maze (now-defunct), Doppelpaymer, Netwalker ( disrupted by authorities ), Conti, and REvil (aka Sodinokibi).
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
FEBRUARY 12, 2021
Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts. The security incident was discovered during a routine screening by its internal security team, an internal investigation is still ongoing. “An internal investiga
Hunton Privacy
FEBRUARY 11, 2021
On February 8, 2021, Pinellas County, Florida officials announced that a hacker had remotely gained access to the City of Oldsmar’s water treatment system on two separate occasions and was able to change the setting for sodium hydroxide in the water supply. The incident highlights the danger to local government information systems and the dangers of remote access vulnerabilities.
Data Breach Today
FEBRUARY 10, 2021
Newly Discovered BendyBear's Advanced Features Include Anti-Analysis Capabilities BlackTech, a Chinese advanced persistent threat group, is deploying a sophisticated new shellcode called BendyBear as part of its latest espionage campaign, security firm Palo Alto Networks reports.
DLA Piper Privacy Matters
FEBRUARY 12, 2021
The Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , “ Dutch DPA ”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch DPA conducted an investigation, and carried out an audit of the hospital’s information system and investigated, among others, security aspects such as authentication and verification
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
FEBRUARY 8, 2021
Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016 , Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are being targeted by state-sponsored attacks.
Hunton Privacy
FEBRUARY 10, 2021
On February 10, 2021, representatives of the EU Member States reached an agreement on the Council of the European Union’s (the “Council’s”) negotiating mandate for the draft ePrivacy Regulation, which will replace the current ePrivacy Directive. The text approved by the EU Member States was prepared under Portugal’s Presidency and will form the basis of the Council’s negotiations with the European Parliament on the final terms of the ePrivacy Regulation.
Data Breach Today
FEBRUARY 9, 2021
Incident Highlights the Need to Enhance OT Security As the investigation into the hacking of a water treatment facility in Florida continues, cybersecurity experts say the incident points to the urgent need to enhance operational technology security. Here are five key questions the incident raises.
Expert insights. Personalized for you.
306 
Let's personalize your content