Dark Reading
APRIL 20, 2021
Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.
eSecurity Planet
APRIL 21, 2021
NFT-mania, pronounced nifty , is upon us with little time to prepare. From news of a collage selling for almost $70 million at Christie’s auction house to a portrayal of Janet Yellen and Morpheus rapping about cryptocurrency on SNL , the current craze is all about non-fungible tokens (NFTs). But what are NFTs, how do they work, and what security precautions should we take?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
APRIL 20, 2021
New Guidance Spells Out Security Precautions Given the surge in the use of telehealth during the COVID-19 pandemic - and expectations for continued growth - the Healthcare and Public Health Sector Coordinating Council has unveiled guidance on safeguarding patient data during remote care encounters.
Krebs on Security
APRIL 20, 2021
What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [ NYSE:IT ] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry. Earlier this month, a reader pointed my attention to the following notice from Gartner to clients who are seeking to promote Gartner reports about technology products and services: What that notice says is that KrebsOnSecurity is somehow
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
APRIL 21, 2021
Google was absolutely right to initiate a big public push a couple of years ago to make HTTPS Transport Layer Security (TLS) a de facto standard. Related: Malicious activity plagues the cloud services. At the time, in the spring of 2018, only 25 percent of commercial websites used HTTPS; today adoption is at 98 percent and rising. Far beyond just protecting websites, TLS has proven to be a linchpin of network-level communications across the board.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
APRIL 19, 2021
Fedir Hladyr of Ukraine Admitted to Working as System Admin for FIN7 A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.
WIRED Threat Level
APRIL 20, 2021
Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out.
The Last Watchdog
APRIL 21, 2021
How do you bring a $9 billion-a-year, digitally-agile corporation to a grinding halt? Related: Why it’s vital to secure IoT. Ask Spotify. When the popular streaming audio service went offline globally, last August, we saw a glimpse of just how tenuous digital transformation sometimes can be. Someone reportedly forgot to renew Spotify’s TLS certificate.
Security Affairs
APRIL 23, 2021
A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment. Experts are warning of a new strain of ransomware named Qlocker that is infecting hundreds of QNAP NAS devices on daily bases. The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
APRIL 20, 2021
Trend Micro Describes the Evolving Threat The XCSSET malware campaign can now adapt to target a wider variety of Macs, including those with the M1 chip, according to Trend Micro researchers.
Schneier on Security
APRIL 20, 2021
On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will leave it to those with experience in foreign relations to convince me that the response is sufficient to deter future operations.
IT Governance
APRIL 18, 2021
It’s been rough sailing for organisations in the past year or so. In addition to the ongoing challenges of COVID-19, there are the effects of Brexit, increasing public awareness of privacy rights and regulatory pressure to improve data protection practices. And, of course, there is the threat of cyber attacks. According to a UK government survey, 39% of UK businesses came under attack in the first quarter of 2021 , with many incidents causing significant damage.
Security Affairs
APRIL 18, 2021
The software company Codecov suffered a security breach, threat actors compromised the supply chain of one of its tools. A new supply chain attack made the headlines, the software company Codecov recently disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools named Bash Uploader.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Data Breach Today
APRIL 23, 2021
RiskIQ: Discovery Sheds Light on Size of Cyberespionage Operation Researchers at RiskIQ say they've discovered more than a dozen previously undocumented command-and-control servers used in the SolarWinds supply chain attack, showing that the cyberespionage operation was much larger than previously identified.
Schneier on Security
APRIL 21, 2021
Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the company warned.
eSecurity Planet
APRIL 23, 2021
Cybersecurity podcasts are an easy way to immerse yourself in the world of SecOps. Depending on your interests, you can catch up on the latest news and hear analysis from experts in the field, or you can take a deep-dive into a major cybersecurity story or concept. The best part? You can listen while doing tasks that require little concentration such as washing dishes or folding laundry.
Security Affairs
APRIL 21, 2021
A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages. A WhatsApp malware dubbed WhatsApp Pink has now been updated, authors have implemented the ability to automatically respond to victims’ Signal, Telegram, Viber, and Skype messages. WhatsApp Pink is a fake app that was first discovered this week, it poses as a “pink” themed version of the legitimate app.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Breach Today
APRIL 22, 2021
ACEP Reports Tens of Thousands of Doctors Affected The American College of Emergency Physicians says a "malware" attack affected tens of thousands of the group's current and former members as well as members of three other emergency medical professional organizations.
Hunton Privacy
APRIL 23, 2021
On April 22, 2021, the Belgian Constitutional Court annulled (in French) the framework set forth by the Law of 29 May 2016 (the “Law”) requiring telecommunications providers to retain electronic communications data in bulk. The Constitutional Court’s decision follows an October 6, 2020 Court of Justice of the European Union (“CJEU”) ruling (in French) on preliminary questions related to the compatibility of the data retention framework with EU law.
Dark Reading
APRIL 23, 2021
There must be something you appreciate about the humble password, right? Tell us what you think.
Security Affairs
APRIL 23, 2021
The Darkside ransomware gang is enhancing its extortion tactics to interfere with the valuation of stocks of companies that are listed on NASDAQ or other stock markets. The Darkside ransomware operators are stepping up their extortion tactics targeting companies that are listed on NASDAQ or other stock markets with a new technique. The group announced with a message on their leak side that they will provide information stolen from these companies before the publication, so that it would be possi
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Data Breach Today
APRIL 21, 2021
$50 Million Extortion Demand Issued to Apple and Taiwanese Manufacturer Quanta The REvil - aka Sodinokibi - ransomware gang is threatening to release stolen Apple device blueprints unless it receives a massive payoff. The extortion threat - with a reported $50 million opening demand - was unveiled hours before Apple made a series of major new product announcements.
AIIM
APRIL 22, 2021
Our ability to intelligently capture information in an automated and consistent way, share it with teams, customers and partners, and integrate that content into business processes is a core element of Intelligent Information Management. Indeed, this is the “on-ramp” to the process improvements using information to drive organizational performance. AIIM members tell us that this is an important area of focus for information management professionals in 2021.
WIRED Threat Level
APRIL 21, 2021
The vulnerabilities opened the door to “ghosts” hiding in and disrupting rooms, where moderators would be unable to mute them.
Security Affairs
APRIL 20, 2021
Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited a now-fixed bug in their website to steal the driver’s licenses for policyholders for several weeks.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Data Breach Today
APRIL 20, 2021
Vulnerabilities Exploited Include a Zero-Day in Ivanti's Pulse Connect Secure The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that U.S. federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government, exploiting vulnerabilities found in Ivanti's Pulse Connect Secure.
Schneier on Security
APRIL 22, 2021
Excellent New Yorker article on North Korea’s offensive cyber capabilities.
WIRED Threat Level
APRIL 23, 2021
This week, hackers stole confidential schematics from a third-party supplier and demanded $50 million not to release them.
Expert insights. Personalized for you.
131 
Let's personalize your content