WIRED Threat Level

JANUARY 9, 2021

Plus: Covid-19 contact tracing privacy, a Nissan source code leak, and more of the week's top security news.

Privacy 143

Privacy Security 143

Data Breach Today

JANUARY 14, 2021

Researchers Analyze the Severe Threat the Malware Poses Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works.

Ransomware 285

Ransomware 285

Security Affairs

JANUARY 12, 2021

The world’s largest black marketplace on the dark web, DarkMarket, has been taken offline by law enforcement in an international operation. .

Security 134

Security IT Information Security 134

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

Passwords 355

Passwords Authentication Cloud IoT 355

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

JANUARY 13, 2021

Today’s children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come. Related: Web apps are being used to radicalize youth. The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime.

Privacy 203

Privacy Education Passwords Security awareness 203

AIIM

JANUARY 14, 2021

Knowledge management is one of the most crucial yet overlooked aspects of workplace progress. When employees fail to get access to the knowledge necessary for completing their tasks, the organization suffers. Knowledge sharing in the workplace can increase productivity, social interaction, and trust among the team. It's great for nurturing the organization's knowledge bank so everyone can access it even as people come and go.

Communications 162

Communications Access Libraries Education 162

Krebs on Security

JANUARY 12, 2021

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software p

Government 328

Government Access IT Security 328

Security Affairs

JANUARY 14, 2021

A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716 , that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Manager is a secure, flexible, high-performance access management proxy solution that delivers unified global access control for your users, devic

Access 145

Access Passwords Security IT 145

Data Breach Today

JANUARY 15, 2021

Experts Warn of an Elevated Risk of Attack From Domestic, Foreign Actors As thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well.

Cybersecurity 328

Cybersecurity Risk Security 328

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

WIRED Threat Level

JANUARY 13, 2021

New research has dug into the openings that iOS and Android security provide for anyone with the right tools.

Encryption 145

Encryption Security Privacy 145

Krebs on Security

JANUARY 13, 2021

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.

Marketing 290

Marketing Security IT Access 290

Security Affairs

JANUARY 10, 2021

Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.

Mining 145

Mining Metadata Authentication Security 145

Data Breach Today

JANUARY 11, 2021

David Stewart of SAS on the Tools and Technologies Deployed to Fight Financial Crimes As the financial payments landscape shifts, and as fraudsters employ new technologies and techniques, institutions are deploying a next generation of anti-money laundering defenses. David Stewart of SAS defines next-gen AML and how to embrace it.

IT 326

IT 326

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

WIRED Threat Level

JANUARY 12, 2021

The “free speech” social network also allowed unlimited access to every public post, image, and video.

Access 145

Access Privacy Security 145

erwin

JANUARY 14, 2021

While many believe that the dawn of a new year represents a clean slate or a blank canvas, we simply don’t leave the past behind by merely flipping over a page in the calendar. As we enter 2021, we will also be building off the events of 2020 – both positive and negative – including the acceleration of digital transformation as the next normal begins to be defined.

Digital transformation 143

Digital transformation Metadata Analytics Big data 143

Security Affairs

JANUARY 12, 2021

Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. Good news for the victims of the Darkside ransomware , they could recover their files for free using a tool that was released by the security firm Bitdefender. The decrypter seems to work for all recent versions of the Darkside ransomware.

Ransomware 144

Ransomware Encryption Security IT 144

Data Breach Today

JANUARY 11, 2021

Hackers Gained Network Access Through Accellion File-Sharing Service The Reserve Bank of New Zealand disclosed Sunday that hackers infiltrated its network after compromising its file-sharing system from Accellion. The nation's central bank says the attack may have exposed commercial and consumer information, and other Accellion customers also had systems compromised.

Data breaches 313

Data breaches Access IT 313

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

WIRED Threat Level

JANUARY 15, 2021

Google researchers say the campaign, which booby-trapped sites to ensnare targets, was carried out by a “highly sophisticated actor.”.

Security 143

Security 143

Threatpost

JANUARY 11, 2021

A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.

Cloud 140

Cloud Privacy Security 140

Security Affairs

JANUARY 14, 2021

Capcom revealed that the recent ransomware attack has potentially impacted 390,000 people, an increase of approximately 40,000 people from the previous report. In November, Japanese game developer Capcom admitted to have suffered a cyberattack that is impacting business operations. The company has developed multiple multi-million-selling game franchises, including Street Fighter, Mega Man, Darkstalkers, Resident Evil, Devil May Cry, Onimusha, Dino Crisis, Dead Rising, Sengoku Basara, Ghosts ‘

Ransomware 144

Ransomware Sales Privacy Data Privacy 144

Data Breach Today

JANUARY 15, 2021

Researchers: 40 Gangs Used Phony Classified Ads to Launch Phishing Schemes A Russian-speaking "scam-as-a-service" operation dubbed "Classiscam" is expanding globally, with 40 interconnected gangs in about a dozen countries using fake product advertisements to launch phishing schemes, the security firm Group-IB reports.

Phishing 300

Phishing Security 300

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

WIRED Threat Level

JANUARY 15, 2021

A sprawling tactical industry is teaching American civilians how to fight like Special Ops forces. By preparing for violence at home, are they calling it into being?

IT 143

IT Security 143

Schneier on Security

JANUARY 14, 2021

Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location. […].

IT 139

IT Security 139

Security Affairs

JANUARY 9, 2021

Dassault Falcon Jet has disclosed a data breach that exposed personal information belonging to current and former employees. In December Dassault, Dassault Falcon Jet (DFJ) was the victim of a cyber attack that may have exposed personal information belonging to current and former employees. The data security incident also exposed information belonging to employees’ spouses and dependents, states the notice of data breach sent by the US subsidiary of French aerospace company Dassault Aviati

Ransomware 145

Ransomware Data breaches Archiving Security 145

Data Breach Today

JANUARY 13, 2021

Email Security Company Says Fewer Than 10 Customers Targeted Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft's servers, putting organizations at risk of data loss.

Encryption 298

Encryption Risk Security IT 298

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Threatpost

JANUARY 15, 2021

Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472.

136

136

Schneier on Security

JANUARY 11, 2021

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes: User phone numbers.

Privacy 136

Privacy Data collection IT 136

Security Affairs

JANUARY 9, 2021

CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity and Infrastructure Security Agency (CISA) revealed that threat actors behind the SolarWinds supply chain attack also employed common hacker techniques to compromise the networks of the targeted organizations, including password guessing and password spraying. “Frequently, CISA has observed the APT actor gaining Initial Access [ TA0001 ] to victims’ ent

Passwords 144

Passwords Cloud Access Cybersecurity 144