Data Breach Today

JANUARY 4, 2021

Ransomware, Phishing Incidents, Vendor Hacks Prevail Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020.

Data breaches 333

Data breaches Phishing Ransomware Security 333

WIRED Threat Level

JANUARY 7, 2021

Wednesday's insurrection could have exposed congressional data and devices in ways that have yet to be appreciated.

IT 309

IT Security 309

Dark Reading

JANUARY 6, 2021

There's a fine line between protecting against suspicious, malicious, or unwanted activity and making users jump through hoops to prove themselves.

Security 142

Security 142

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into the memory of the infected machine, without writing any file to disk.

Encryption 363

Encryption Passwords Mining IT 363

Advertiser: ZoomInfo

AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.

Sales

Data Breach Today

JANUARY 8, 2021

Hacked Firm Also Taps Former Facebook CSO as It Responds to Supply Chain Attack As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S. cybersecurity czar Chris Krebs and former Facebook CSO Alex Stamos as advisers.

Cybersecurity 363

Cybersecurity IT Security 363

WIRED Threat Level

JANUARY 8, 2021

A pop-up notification has alerted the messaging app's users to a practice that's been in place since 2016.

Privacy 356

Privacy Security 356

Security Affairs

JANUARY 7, 2021

The Ryuk ransomware had a disruptive impact on multiple industries around the world, operators already earned more than $150 million. The Ryuk ransomware gang is one of the most prolific criminal operations that caused destruction in multiple industries around the world. According to a joint report published by security firms Advanced-intel and HYAS, Ryuk operators already earned more than $150 million worth of Bitcoin from ransom paid by their victims.

Ransomware 363

Ransomware Communications Marketing Security 363

Data Breach Today

JANUARY 8, 2021

Meanwhile, Courts Suspend Use of SolarWinds, Adopt New Document Security Measures The U.S. federal court system is investigating an "apparent compromise" of a confidential electronic filing system used for sensitive legal documents. Meanwhile, it has suspended its use of the hacked Solarwind Orion system, plus it has changed document security procedures while conducting an audit.

Security 345

Security IT 345

AIIM

JANUARY 7, 2021

With the new year in full swing, there's a lot of conversation around what comes next and what 2020's impact will mean for 2021. IT teams, specifically, are working to understand how to get a grip on content sprawl in the era of remote work. A recent study commissioned by Egnyte surveyed 400 IT leaders to understand how COVID-19 has impacted businesses’ ability to maintain data security and governance with a distributed workforce.

Government 217

Government Unstructured data Risk Artificial Intelligence 217

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

WIRED Threat Level

JANUARY 6, 2021

WikiLeaks successor DDoSecrets has amassed a controversial new collection of corporate secrets and is sharing them in the name of transparency.

Ransomware 310

Ransomware Privacy Security 310

Security Affairs

JANUARY 7, 2021

The US Federal Bureau of Investigation (FBI) issued a security alert warning private sector companies of Egregor ransomware attacks. The US FBI has issued a Private Industry Notification (PIN) to warn private organizations of Egregor ransomware attacks. The Egregor ransomware first appeared on the threat landscape in September 2020, since then the gang claimed to have compromised over 150 organizations.

Ransomware 363

Ransomware Authentication Access Phishing 363

Data Breach Today

JANUARY 8, 2021

Researchers Track Funds in 61 Cryptocurrency Wallets Researchers say cryptocurrency wallets used by the operators behind the Ryuk ransomware strain and the gang's affiliates hold more than $150 million.

Ransomware 328

Ransomware 328

Schneier on Security

JANUARY 7, 2021

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.” Abstract: It has become common to publish large (billion parameter) language models that have been trained on private datasets.

Paper 145

Paper IT Cybersecurity 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

JANUARY 6, 2021

Employees admitted to using stolen passwords and URL guessing to access confidential data.

Passwords 232

Passwords Access Security 232

Security Affairs

JANUARY 3, 2021

Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. Below a list of top incidents: There were a number of major data breaches that took place in 2020, in many cases stolen records flooded the cybercrime underground and were used credential stuffing attacks. Below the list of top data breaches that took place in the last 12 months: May 2020 – CAM4 adult cam site leaked 11B database records including emails, private c

Data breaches 363

Data breaches Security Archiving Sales 363

Data Breach Today

JANUARY 5, 2021

Security Researcher Says Leaked Data Offered for Sale on Darknet JustPay, an Indian online payment platform, acknowledged Monday that it sustained a major breach of customer data in August. The announcement came a day after an independent security researcher reported that data on millions of JustPay customers had been offered for sale on a darknet forum.

Sales 317

Sales Security IT 317

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Metadata 145

Metadata IT Access Security 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

JANUARY 4, 2021

The ruling is based not on whether the Wikileaks founder violated the Espionage Act, but on the implications of subjecting him to the US carceral state.

Risk 227

Risk Security 227

Security Affairs

JANUARY 6, 2021

WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving them no choice. This is bad news for WhatsApp users and their privacy, the company is notifying them that starting February 8, 2021, they will be requested to share their data with Facebook companies. Curiously the announcement comes a few days after the company has updated its Privacy Policy and Terms of Service. ,, “Respect for your privacy is coded into our DNA,

IT 362

IT Privacy Metadata Security 362

Data Breach Today

JANUARY 6, 2021

Vermont Health Network Postpones Next Phases The lingering aftershocks of an October ransomware attack and ongoing COVID-19 response challenges are forcing the University of Vermont Health Network to delay the next phases of an enterprisewide electronic health record rollout.

Ransomware 316

Ransomware 316

Threatpost

JANUARY 7, 2021

In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.

Security 145

Security IT 145

Advertiser: ZoomInfo

ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!

Marketing

Schneier on Security

JANUARY 4, 2021

From an interview with an Amazon Web Services security engineer: So when you use AWS, part of what you’re paying for is security. Right; it’s part of what we sell. Let’s say a prospective customer comes to AWS. They say, “I like pay-as-you-go pricing. Tell me more about that.” We say, “Okay, here’s how much you can use at peak capacity.

Security 145

Security IT 145

Security Affairs

JANUARY 2, 2021

The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of ‘swatting’ attacks. The FBI has recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called “swatting” attacks. Swatting attacks consist of hoax calls made to emergency services, typically reporting an immediate threat to human life, to trigger an immediate response from law enforcement and the S.W.A.T. team to a specific

Passwords 361

Passwords Manufacturing Authentication Access 361

Data Breach Today

JANUARY 6, 2021

Agency Recommends Replacement of Old TLS and SSL Protocols The U.S. National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. NSA also advises other organizations to take the same steps.

Encryption 299

Encryption Security 299

Threatpost

JANUARY 7, 2021

Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

Security 143

Security 143

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Schneier on Security

JANUARY 4, 2021

The NSA has just declassified and released a redacted version of Military Cryptanalytics , Part III, by Lambros D. Callimahos, October 1977. Parts I and II, by Lambros D. Callimahos and William F. Friedman, were released decades ago — I believe repeatedly, in increasingly unredacted form — and published by the late Wayne Griswold Barker’s Agean Park Press.

Military 144

Military FOIA Libraries IT 144

Security Affairs

JANUARY 7, 2021

The U.S. government is going to launch the ‘Hack the Army 3.0’ bug bounty program in collaboration with the HackerOne platform. The U.S. government launched Hack the Army 3.0, the third edition of its bug bounty program, in collaboration with the HackerOne platform. The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform.

Military 359

Military Government Security Cybersecurity 359

Data Breach Today

JANUARY 8, 2021

Recently Disclosed Vulnerability Could Create Hard-Coded Backdoor Security researchers are warning that attackers appear to have stepped up scanning for vulnerable Zyxel products, including VPN gateways, access point controllers and firewalls. A recently disclosed vulnerability in the company's firmware can create a hard-coded backdoor.

Access 283

Access Security 283