Data Breach Today
OCTOBER 12, 2021
Count of Victims - Listed on Leak Sites or Not - Appears To Be Holding Steady One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data-leak sites, as part of their so-called double extortion tactics. Unfortunately, the number of victims doesn't appear to be declining.
Krebs on Security
OCTOBER 12, 2021
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
OCTOBER 11, 2021
Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace.
Security Affairs
OCTOBER 12, 2021
Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represents the largest DDoS attack recorded to date. The attack was aimed at an Azure customer in Europe, but Microsoft did not disclose the name of the victim.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Data Breach Today
OCTOBER 11, 2021
Mandiant Report Says Threat Actors Deploy Ryuk, Leverage Initial Access Brokers A Russian-speaking threat actor group that deploys the Ryuk variant ransomware, leverages initial access brokers, and generally skips double-extortion attempts in favor of fast and higher payout ransoms has been predominately targeting the healthcare sector, warns security firm Mandiant.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
OCTOBER 11, 2021
If you've finally hit your breaking point, here's how to say goodbye to Mark Zuckerberg's empire.
Security Affairs
OCTOBER 11, 2021
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used to secure all first-level subdomains of single domain name. “On the surface, wildcard certificates appear to be a great way to quickly and easily deploy HTT
Data Breach Today
OCTOBER 15, 2021
Government Authorities Issue Advisories Following Hospital Attack Government authorities in Israel are warning healthcare sector entities in the country of potential cyberattacks after a ransomware attack this week on Hillel Yaffe Medical Center in the city of Hadera. The hospital said it is "using alternative systems" to care for its patients.
Krebs on Security
OCTOBER 14, 2021
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
WIRED Threat Level
OCTOBER 9, 2021
Plus: Twitch hack fallout, Russian phishing, and more of the week’s top security news.
Security Affairs
OCTOBER 9, 2021
CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ [link]. CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain, containing what appear to be production-level database access credentials, as well as addresses to development endpoints. Sky, a subsidiary of Comcast, is Europe’s largest media company, boasting a 12% market share and a revenue of approximately £13.4 billion in 20
Data Breach Today
OCTOBER 14, 2021
Attackers Can Push Code To A Protected Branch Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.
Data Matters
OCTOBER 13, 2021
The U.S. Securities and Exchange Commission (SEC) Division of Enforcement is stepping up investigative efforts looking at registered firms’ use of personal devices for business communications, which can implicate their recordkeeping obligations and result in failure to retain and produce responsive business-related communications in SEC investigations.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
OCTOBER 15, 2021
The governor warned that he would take legal action against a journalist who identified a vulnerability that exposed teachers' Social Security numbers.
Security Affairs
OCTOBER 9, 2021
Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released security updates to address a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. The most severe vulnerability, tracked as CVE-2021-37977, is an after-free issue in Garbage Collection that could lead to arbitrary code execution.
Data Breach Today
OCTOBER 13, 2021
Also, NJ AG Smacks Fertility Clinic With Big Fine in Hacking Incident A flurry of hacking incidents and other recent breach developments highlight the cyberthreats and risks facing fertility healthcare and other related specialty providers that handle sensitive patient information.
Schneier on Security
OCTOBER 12, 2021
I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday. American Airlines Flight 4817 from Indianapolis — operated by Republic Airways — made an emergency landing at LaGuardia just after 3 p.m., and authorities took a suspicious passen
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
OCTOBER 13, 2021
A new report shows that channels devoted to anti-Jewish conspiracy theories are growing at an alarming rate. Why won’t the platform take action?
Security Affairs
OCTOBER 13, 2021
Dutch police warn customers of a distributed denial-of-service (DDoS) website of stopping using the service to avoid prosecution. Dutch police warn customers of a booter service, abused to carry out distributed denial-of-service (DDoS) attacks, of to stop using it to avoid prosecution. The letter sent by the Dutch Police aims to work as a deterrent for cybercriminal activities explaining to them the consequence of prosecution due to criminal activities.
Data Breach Today
OCTOBER 14, 2021
Gov. Michael L. Parson Alleges Newspaper Employee Improperly Accessed Data A newspaper employee in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta.
Schneier on Security
OCTOBER 11, 2021
It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance. To respect “privacy and human dignity,” MEPs said that EU lawmakers should pass a permanent ban on the automated recognition of individuals in public spaces, saying citizens should only be monitored when suspected of a crime.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
WIRED Threat Level
OCTOBER 14, 2021
APT35 may not be the most dangerous group out there, but they've got a new phishing trick.
Security Affairs
OCTOBER 11, 2021
Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild. The flaw is a critical memory corruption issue that resides in the IOMobileFrameBuffer, an application can trigger the vulnerability to execute commands on vulnerable devices with kernel privileges.
Data Breach Today
OCTOBER 12, 2021
OnDemand Webinar | Fraud ROI for Ecommerce: Drive More Revenue with Fewer False Positives Watch this onDemand webinar which includes an e-commerce case study on fighting fraud & user friction.
Schneier on Security
OCTOBER 15, 2021
Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic backdoor, but it’s still a backdoor — and brings with it all the insecurities of a backdoor.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
OCTOBER 9, 2021
A federal judge ruled that the content-delivery service doesn't "contribute" to copyright infringement.
Security Affairs
OCTOBER 13, 2021
The MyKings botnet (aka Smominru or DarkCloud) is still alive and continues to spread, allowing its operators to make huge amounts of money. Avast Threat Labs researchers reported that the MyKings botnet (aka Smominru or DarkCloud) is still alive and is allowing its operators to earn huge amounts of money via cryptomining activities. Avast researchers reported that since 2019, MyKings operators have amassed at least $24 million in the Bitcoin, Ethereum, and Dogecoin.
Data Breach Today
OCTOBER 15, 2021
Gov. Michael L. Parson Alleges Newspaper Reporter Improperly Accessed Data A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta.
Expert insights. Personalized for you.
355 
Let's personalize your content