Krebs on Security

APRIL 29, 2021

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. In a 50-page report delivered to the Biden administration this week, top executives from Amazon , Cisco , FireEye , McAfee , Microsoft and dozens of other firms joined the U.S.

Ransomware 294

Ransomware Government Insurance Sales 294

Data Breach Today

APRIL 29, 2021

Coalition Offers a Framework for Disrupting Attacks A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.

Ransomware 251

Ransomware Marketing Government Security 251

Information Governance Perspectives

APRIL 27, 2021

When you think about the fact that libraries are about information and not simply about books, you begin to see where the value is. The post Public Affairs: Your New Neighborhood Library appeared first on Rafael Moscatel.

Libraries 98

Libraries 98

AIIM

APRIL 29, 2021

One would think that the rapid pace of changing technology is the primary struggle for organizations on their journey to transforming into a truly digital organization. However, based on our recent state of the intelligent information management industry research , that is simply not the case. At the top of the list of true obstacles that organizations face is money – "lack of budget and resources" (26%).

Education 267

Education Marketing Information governance IT 267

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

APRIL 28, 2021

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Insurance 363

Insurance Access Authentication Security 363

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

Security 145

Security IT Cybersecurity Information Security 145

AIIM

APRIL 27, 2021

Global research and advisory firm, Gartner, predicts that by 2024 more than 45% of IT spending will shift from legacy on-premises solutions to the cloud. Cloud infrastructure spending is expected to jump from $63 billion in 2020 to $81 billion by 2022. The cloud race was well underway in 2020 when COVID reared its unfortunate head and sent businesses still on the cloud adoption starting blocks into a frenzy.

Cloud 197

Cloud ROT Metadata Content services 197

Krebs on Security

APRIL 26, 2021

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States. Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Security 350

Security Authentication Access Insurance 350

Data Breach Today

APRIL 30, 2021

Suspicious Activity Detected; Investigation Continues CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.

Security 328

Security Government 328

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

APRIL 24, 2021

The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter. Dan has left us an immense emptiness, the silence after his death is deafening.

Cybersecurity 145

Cybersecurity Security IT Information Security 145

Dark Reading

APRIL 30, 2021

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.

Cybersecurity 145

Cybersecurity Security 145

Schneier on Security

APRIL 26, 2021

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published , artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit

Artificial Intelligence 145

Artificial Intelligence Government IT Marketing 145

Data Breach Today

APRIL 26, 2021

Law Enforcement 'Update' to Erase Malware From Infected Devices Activated An "update" pushed out earlier this year by law enforcement agencies, including Europol, on Sunday began erasing Emotet malware from infected devices worldwide, Malwarebytes reports. The move comes after the FBI recently remotely removed web shells from vulnerable on-premises Microsoft Exchange servers.

312

312

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

APRIL 29, 2021

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package.

Metadata 145

Metadata Security Access IT 145

Jamf

APRIL 26, 2021

Shlayer malware detected allows an attacker to bypass Gatekeeper, Notarization and File Quarantine security technologies in macOS. The exploit allows unapproved software to run on Mac and is distributed via compromised websites or poisoned search engine results.

Security 144

Security 144

Troy Hunt

APRIL 29, 2021

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP.

Government 143

Government Data breaches Access 143

Data Breach Today

APRIL 25, 2021

Cybereason Says Russian Hacking Group Prometei is Behind the Campaign A Russian botnet group called Prometei is exploiting critical Microsoft Exchange Server vulnerabilities to mine cryptocurrency from various organizations across the world, a new report by security firm Cybereason finds. The group appears to be financially-motivated.

Mining 306

Mining Security 306

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

APRIL 30, 2021

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor. A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy.

Phishing 144

Phishing Encryption Security IT 144

Threatpost

APRIL 29, 2021

Researchers fear wider exposure, amidst a tepid response from Experian.

Cloud 142

Cloud Security 142

WIRED Threat Level

APRIL 25, 2021

Recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown.

Cybersecurity 141

Cybersecurity Security 141

Data Breach Today

APRIL 30, 2021

Experts Offer Advice on Avoiding Patient Data Exposure Recent incidents involving inadvertent exposure of patient data on GitHub, a software development platform, point to the need to ensure that data loss prevention tools are implemented, all available security controls are leveraged and employees are made aware of the risks involved.

Risk 296

Risk Security 296

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

APRIL 30, 2021

UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue ( CVE-2021-20016 ) in SonicWall Secure Mobile Access (SMA) devices, fixed earlier this year, before the vendor addressed it.

Ransomware 143

Ransomware IT Access Encryption 143

Dark Reading

APRIL 27, 2021

Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers.

Education 141

Education 141

Troy Hunt

APRIL 26, 2021

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet. This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware.

Passwords 138

Passwords Authentication Ransomware Security 138

Data Breach Today

APRIL 29, 2021

Phishing, online fraud, cryptocurrency scams – they are coming at lightning speed, threating enterprises and their brands. And just as fraudsters rely on automation to deliver these attacks, defenders can use automated tools to protect their brands. Jeff Baher of Bolster tells how.

Phishing 292

Phishing 292

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

APRIL 24, 2021

ToxicEye is a new Remote Access Trojan (RAT) that exploits the Telegram service as part of it command and control infrastructure. ToxicEye RAT is a new malware that leverages the Telegram services for command & control, experts from Check Point already observed iover 130 attacks recorded in the past three months. The use of the popular IM service gives to the attackers multiple benefits.

Communications 139

Communications File names Encryption Education 139

Hunton Privacy

APRIL 28, 2021

On April 27, 2021, the Portuguese Data Protection Authority ( Comissão Nacional de Proteção de Dados , the “CNPD”) ordered the National Institute of Statistics (the “INE”) to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.

Personal data 137

Personal data Access Security IT 137

IT Governance

APRIL 28, 2021

Welcome to our first quarterly review of cyber attacks and data breaches. For several years, we’ve produced a monthly list of security incidents , comprised of publicly disclosed breaches from mainstream publications. At the start of 2021, we decided to expand our research to learn more about the organisations that are being breached and how they were falling victim.

Data breaches 137

Data breaches Passwords Education Phishing 137