Threatpost
JULY 5, 2021
Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware. InfoSec Insider Malware
WIRED Threat Level
JULY 6, 2021
Everyone hates the old ways of authentication. But while change is closer than ever, it comes with its own drawbacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JULY 4, 2021
REvil Malware Suspected of Infecting Scores of IT Management Companies, Clients U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya. Attackers reportedly compromised Kaseya's remote monitoring system, VSA, potentially impacting scores of managed service providers and their clients.
Krebs on Security
JULY 7, 2021
Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
JULY 8, 2021
It was bound to happen: a supply-chain compromise, ala SolarWinds, has been combined with a ransomware assault, akin to Colonial Pipeline, with devasting implications. Related: The targeting of supply chains. Last Friday, July 2, in a matter of a few minutes, a Russian hacking collective, known as REvil, distributed leading-edge ransomware to thousands of small- and mid-sized businesses (SMBs) across the planet — and succeeded in locking out critical systems in at least 1,500 of them.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
JULY 5, 2021
Yet Another Ransomware Attack Targets Managed Service Providers to Maximize Profits The REvil ransomware operation behind the massive attack centering on Kaseya, which develops software used by managed service providers, has offered to decrypt all victims - MSPs as well as their customers - for $70 million in bitcoins. Experts note this isn't the first time REvil has hit MSPs, or even Kaseya.
Krebs on Security
JULY 9, 2021
Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside. Now it appears the crime — known variously as “ ATM smash-and-grab ” or “ chain gang ” attacks — is rapidly increasing in other states.
The Last Watchdog
JULY 7, 2021
The video game industry saw massive growth in 2020; nothing like a global pandemic to drive people to spend more time than ever gaming. Related: Credential stuffers exploit Covid 19 pandemic. Now comes a report from Akamai detailing the extent to which cyber criminals preyed on this development. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019.
AIIM
JULY 6, 2021
The COVID-19 pandemic crisis has changed most everything. Technology, social, and cultural disruptions have forced organizations to shift rapidly, expanding remote work capabilities. As we approach the post-pandemic era, a new normal has emerged in workstyles. Businesses now look to foster and enable a hybrid workplace. With this massive transition underway, many organizations struggle to maximize productivity and resilience while building a seamless and secure digital workplace.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Data Breach Today
JULY 6, 2021
Software Vendor Quiet on Whether It Might Pay for REvil's Full Decryption Tool Software vendor Kaseya suspects that 800-1,500 organizations - mostly small businesses - were compromised via a ransomware attack that exploited its VSA remote management software. The company won't say if it is negotiating with the attackers for a universal decryption tool that would unlock all victims' files.
Krebs on Security
JULY 8, 2021
Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
Security Affairs
JULY 9, 2021
Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. The insurance firm paid a $40 ransom to restore access to its files following the ransomware attack. According to Bloomberg, CNA Financial opted to pay the ransom two weeks after the security breach because it was not able to restore its operations.
Data Protection Report
JULY 5, 2021
The European Commission (EC) signalled plans for a new Data Act, to be published in late 2021, in its February 2020 Data Strategy Communication. The EC revealed more details in its 2021 Consultation and Inception Impact Assessment. The responses to the Consultation and Inception Impact Assessment are bound to shape the future of EU’s digital economy.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Breach Today
JULY 6, 2021
Class Actions Filed Against Each Company After Hacking Incidents U.S.-based pharmacy and supermarket chain Kroger and U.K.-based British Airways have each agreed to settle class action lawsuits filed in the wake of two massive data breaches.
Schneier on Security
JULY 6, 2021
A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time.
Troy Hunt
JULY 5, 2021
Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other
Security Affairs
JULY 5, 2021
Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is one of the largest Spanish telecom operators, last week the group was hit by the REvil ransomware gang that claims to have stolen sensitive data from the company. “We have downloaded databases and other important data” reads the message published by REvil ransomware gang on its Tor leak site.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Data Breach Today
JULY 7, 2021
LafargeHolcim's Manish Dave on Building a Framework Manish Dave, head of IT security and compliance at LafargeHolcim, a multinational company that manufactures building materials, describes two ways to implement the "zero trust" model: User-to-application and workload-to-workload segmentation.
Schneier on Security
JULY 8, 2021
ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s network.
Dark Reading
JULY 9, 2021
The ElectroRAT Trojan attacker's success highlights the increasingly sophisticated nature of threats to cryptocurrency exchanges, wallets, brokerages, investing, and other services.
Security Affairs
JULY 7, 2021
Wiregrass Electric Cooperative, a rural Alabama electric cooperative was hit by a ransomware attack. Wiregrass Electric Cooperative, a rural Alabama electric cooperative that serves about 25,000 members, was hit by a ransomware attack. The cyberattack temporarily blocked the customers’ access to their account information, the cooperative is working to restore the impacted system.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Data Breach Today
JULY 6, 2021
Company Outlines Steps After REvil Ransomware Attack In a Tuesday update, software vendor Kaseya said additional security measures are being put in place to protect its clients in the aftermath of the July 4 holiday weekend ransomware attack that affected about 60 of its MSP customers who supply IT management services and up to 1,500 of their clients.
The Guardian Data Protection
JULY 5, 2021
Tory MP Tom Tugendhat raises concerns about deal in light of global computer chip shortage The UK’s largest producer of semiconductors has been acquired by the Chinese-owned manufacturer Nexperia, prompting a senior Tory MP to call for the government to review the sale to a foreign owner during an increasingly severe global shortage of computer chips.
Schneier on Security
JULY 5, 2021
Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught.
Security Affairs
JULY 6, 2021
Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack. Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management platform, were impacted by the attack. “While impacting approximately 50 of Kaseya’s customers, this attack was n
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Data Breach Today
JULY 9, 2021
White House Asks FTC to Develop New Rules on Consumer Data Collection In his new executive order, President Biden asks the FTC to establish new rules over how tech firms can collect and use data from their customers, as a way to offer more privacy protections for U.S. consumers. The order also looks to push the Justice Department to step up its antitrust enforcement.
Hunton Privacy
JULY 6, 2021
On June 30, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its comments on the Irish Data Protection Commissioner’s (“DPC”) consultation on its Draft Regulatory Strategy for 2021-2026, in which the DPC sets out its vision for the next five years. CIPL’s contribution calls for: Further elaboration on how the DPC considers effective regulation and behavioral economics in its strategic thinking; More explicit acknowledgment of the GDPR’s risk-based a
Threatpost
JULY 9, 2021
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.
Expert insights. Personalized for you.
136 
Let's personalize your content