IT Governance
APRIL 1, 2021
Don’t be fooled by the fact that we only recorded 20,995,371 breached records in March; it was one of the leakiest months we’ve ever seen, with 151 recorded incidents. By comparison, there was a seemingly Lilliputian 82 recorded breaches in January and 118 in February.
Troy Hunt
MARCH 31, 2021
If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened. If, on the other hand, you're on this page because you're interested in reading about the illicit use of cryptomining on compromised websites and how through fortuitous circumstances, I now own coinhive.com and am doing something useful with it, read on.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
MARCH 30, 2021
What's old is new again as Web shell malware becomes the latest attack vector in widespread Exchange exploits. Here's a primer on what Web shells are and what they do.
Data Breach Today
MARCH 30, 2021
New Research Report Tracks Latest Global Trends Check Point Research says it has spotted more than 50,000 ransomware attack attempts worldwide so far against unpatched on-premises Microsoft Exchange email servers.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
MARCH 28, 2021
New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let’s just get this out of the way right now: It wasn’t me. The Shadowserver Foundation , a nonprofit that helps network owners identify and fix security threats , says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
AIIM
MARCH 30, 2021
The notion of Artificial Intelligence has pervaded both the info and tech worlds. Indeed, it's difficult to have a discussion or a webinar without the topics of AI and Robotic Process Automation coming up. And while it might be tempting to dismiss the implications as something from a Hollywood movie of a future world populated by smart robots with super-human characteristics, the truth is that these technologies are already at work today, fueling important changes in the way we do business.
Data Breach Today
MARCH 31, 2021
Funding for Supply Chain Security, Electrical Grid Enhancements, R&D Projects with potential cybersecurity components included in the Biden administration's $2 trillion infrastructure spending proposal include upgrading the insecure electrical grid, addressing supply chain vulnerabilities and supporting research on artificial intelligence and quantum computing.
Krebs on Security
APRIL 1, 2021
Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.
The Last Watchdog
MARCH 31, 2021
The start of 2021 brings forth a cyber security crossroads. Many people are in the process of shifting back into office operations while balancing the potential risks and benefits of remote work. Related: Breaches spike during pandemic. For some malicious hackers and IT experts, this could represent an opening. From the known compromise vectors to the most recent threats, hackers are constantly on the lookout for new strategies to bypass IT notice, out maneuver defense setups, and take advantage
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
MARCH 30, 2021
Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Kernel updates released in March have addressed a couple of vulnerabilities that could be exploited by an attacker to bypass mitigations designed to protect devices against Spectre attacks. In January 2018, White hackers from Google Project Zero disclosed vulnerabilities , affecting all modern Intel CPUs, dubbed Meltdown (CVE-2017-57
Data Breach Today
MARCH 27, 2021
Members of Parliament Targeted by Spear Phishing, German Media Reports Several members of the German parliament, The Bundestag, and political activists in the country were targeted using a spear-phishing campaign, German newsmagazine der Spiegel reported Friday. This is second such incident, following the 2015 parliament hack.
Krebs on Security
MARCH 30, 2021
On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider
Threatpost
APRIL 2, 2021
Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
MARCH 29, 2021
Administrator of Ziggy ransomware recently announced the end of the operation, and now is promising that its victims will have back their money. In an unusual move, the administrator of Ziggy ransomware after the announcement of the end of the operation now is promising that they will give back their money. Ziggy ransomware ceased the operation in early February, when announced the decision “to publish all decryption keys.”.
Data Breach Today
APRIL 1, 2021
Requires Rescanning of Networks, Hardening of Infrastructure CISA is ordering federal executive branch agencies to rescan and recheck their networks by Monday for any signs of compromise related to the unpatched vulnerabilities in on-premises Microsoft Exchange email servers.
Schneier on Security
APRIL 1, 2021
A mafia fugitive hiding out in the Dominican Republic was arrested when investigators found his YouTube cooking channel and identified him by his distinctive arm tattoos.
Threatpost
MARCH 31, 2021
Telecommuting social-media manager for the U.S. Strategic Command left the laptop open and unsecured while stepping away.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
MARCH 27, 2021
Apple has released new out-of-band updates for iOS, iPadOS, macOS and watchOS to address another zero?day flaw, tracked CVE-2021-1879 , actively exploited. Apple has released a new set of out-of-band patches for iOS, iPadOS, macOS and watchOS to address a critical zero-day vulnerability, tracked as CVE-2021-1879, that is being actively exploited in the wild.
Data Breach Today
MARCH 29, 2021
Awake Security Finds Connection Between Hafinum Group and Hades Researchers at Awake Security says at least one attack launched by the operators of Hades ransomware has a connection to the China-linked Hafnium group waging attacks on vulnerable Exchange servers.
Schneier on Security
MARCH 30, 2021
Researchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). From a news article : The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone (it
WIRED Threat Level
MARCH 27, 2021
Plus: Fox News gets sued for its election coverage (again), a record ransomware attack, and more of the week’s top security news.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
MARCH 27, 2021
Clop ransomware operators now email victim’s customers and ask them to demand a ransom payment to protect their privacy to force victims into paying the ransom. Clop ransomware operators are switching to a new tactic to force victims into paying the ransom by emailing their customers and asking them to demand a ransom payment to protect their privacy.
Data Breach Today
APRIL 2, 2021
Company Called Out by Whistleblower for Attack Response Internet of things vendor Ubiquiti revealed in a security notice that an attacker had attempted to extort money from the company following a December 2020 cyber incident - a fact not mentioned in the company's earlier notice about the attack.
Threatpost
APRIL 1, 2021
The ransomware gang exfiltrated 40 gigabytes of data from the fashion house, including HR and salary details.
WIRED Threat Level
APRIL 2, 2021
On Friday the military junta shut off connectivity across the country. There’s no sign of when it will return.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
MARCH 28, 2021
A cyber attack has disrupted the Australian Channel Nine’s live broadcasts, the company was unable to transmit its Sunday morning news program. A cyber attack has hit the Australian Channel Nine’s live broadcasts causing the disruption of its operations. The broadcaster was unable to air its Sunday morning news program, which runs from 7:00 am to 1:00 pm from Sidney. .
Data Breach Today
MARCH 29, 2021
Audit Calls for Prompt Government Action, Especially in Wake of SolarWinds Attack The Government Accountability Office is urging the U.S. government to respond more rapidly to cybersecurity issues, especially in the wake of the SolarWinds supply chain attack that led to the breach of nine federal departments as well as about 100 companies.
AIIM
APRIL 1, 2021
We’ve covered the importance of Information Capture on the blog before and explored how capture represents the first step in the information lifecycle. In this step, we “capture” or gather information into our business ecosystem to store, manage, protect, and ultimately it use for business value. It ALL starts with capture. But, the value of a document is in its content, not whether it was received as an email attachment, captured via a smart phone or tablet, or scanned using a multifunction dev
Expert insights. Personalized for you.
126 
Let's personalize your content