WIRED Threat Level

JANUARY 9, 2021

Plus: Covid-19 contact tracing privacy, a Nissan source code leak, and more of the week's top security news.

Privacy 115

Privacy Security 115

Data Breach Today

JANUARY 14, 2021

Researchers Analyze the Severe Threat the Malware Poses Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works.

Ransomware 248

Ransomware 248

Security Affairs

JANUARY 12, 2021

The world’s largest black marketplace on the dark web, DarkMarket, has been taken offline by law enforcement in an international operation. .

Security 118

Security IT Information Security 118

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

Passwords 352

Passwords Authentication Cloud IoT 352

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

JANUARY 13, 2021

Today’s children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come. Related: Web apps are being used to radicalize youth. The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime.

Privacy 203

Privacy Education Passwords Security awareness 203

AIIM

JANUARY 14, 2021

Knowledge management is one of the most crucial yet overlooked aspects of workplace progress. When employees fail to get access to the knowledge necessary for completing their tasks, the organization suffers. Knowledge sharing in the workplace can increase productivity, social interaction, and trust among the team. It's great for nurturing the organization's knowledge bank so everyone can access it even as people come and go.

Communications 164

Communications Access Libraries Education 164

Krebs on Security

JANUARY 12, 2021

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software p

Government 325

Government Access IT Security 325

Security Affairs

JANUARY 10, 2021

Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.

Mining 144

Mining Metadata Authentication Security 144

Data Breach Today

JANUARY 13, 2021

Brian Honan: Security Professionals Can Take Action to Minimize Risks The physical breach of the U.S. Capitol by a violent mob, members of which allegedly accessed lawmakers' systems and stole devices, offers cybersecurity professional lessons to learn on authentication, encryption and more, says cybersecurity expert Brian Honan.

Cybersecurity 332

Cybersecurity Encryption Authentication Risk 332

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

erwin

JANUARY 14, 2021

While many believe that the dawn of a new year represents a clean slate or a blank canvas, we simply don’t leave the past behind by merely flipping over a page in the calendar. As we enter 2021, we will also be building off the events of 2020 – both positive and negative – including the acceleration of digital transformation as the next normal begins to be defined.

Digital transformation 143

Digital transformation Metadata Analytics Big data 143

Krebs on Security

JANUARY 13, 2021

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.

Marketing 281

Marketing Security IT Access 281

Security Affairs

JANUARY 9, 2021

Dassault Falcon Jet has disclosed a data breach that exposed personal information belonging to current and former employees. In December Dassault, Dassault Falcon Jet (DFJ) was the victim of a cyber attack that may have exposed personal information belonging to current and former employees. The data security incident also exposed information belonging to employees’ spouses and dependents, states the notice of data breach sent by the US subsidiary of French aerospace company Dassault Aviati

Ransomware 143

Ransomware Data breaches Archiving Security 143

Data Breach Today

JANUARY 11, 2021

David Stewart of SAS on the Tools and Technologies Deployed to Fight Financial Crimes As the financial payments landscape shifts, and as fraudsters employ new technologies and techniques, institutions are deploying a next generation of anti-money laundering defenses. David Stewart of SAS defines next-gen AML and how to embrace it.

IT 299

IT 299

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

JANUARY 14, 2021

Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location. […].

IT 136

IT Security 136

AIIM

JANUARY 12, 2021

The workplace in 2021 will demand a different set of skills. Now more than ever, organizations need to embrace disruption as a springboard for competitive advantage and adopt new ways of working that invigorate organizational performance. The needed capabilities include the ability to leverage remote work as an advantage , increase information agility, and drive business growth despite these challenging times.

Digital transformation 106

Digital transformation Marketing IT 106

Security Affairs

JANUARY 9, 2021

CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity and Infrastructure Security Agency (CISA) revealed that threat actors behind the SolarWinds supply chain attack also employed common hacker techniques to compromise the networks of the targeted organizations, including password guessing and password spraying. “Frequently, CISA has observed the APT actor gaining Initial Access [ TA0001 ] to victims’ ent

Passwords 143

Passwords Cloud Access Cybersecurity 143

Data Breach Today

JANUARY 11, 2021

Hackers Gained Network Access Through Accellion File-Sharing Service The Reserve Bank of New Zealand disclosed Sunday that hackers infiltrated its network after compromising its file-sharing system from Accellion. The nation's central bank says the attack may have exposed commercial and consumer information, and other Accellion customers also had systems compromised.

Data breaches 287

Data breaches Access IT 287

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Schneier on Security

JANUARY 11, 2021

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes: User phone numbers.

Privacy 133

Privacy Data collection IT 133

Threatpost

JANUARY 13, 2021

Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.

Retail 124

Retail Security IT 124

Security Affairs

JANUARY 11, 2021

Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla.

Security 136

Security Government IT Information Security 136

Data Breach Today

JANUARY 13, 2021

Email Security Company Says Fewer Than 10 Customers Targeted Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft's servers, putting organizations at risk of data loss.

Encryption 286

Encryption Risk Security IT 286

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Schneier on Security

JANUARY 15, 2021

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” (PGPP) protects both user identity and user location using the existing cellular networks. It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers.

Privacy 127

Privacy Authentication Paper IT 127

DLA Piper Privacy Matters

JANUARY 15, 2021

Data Subject Access Requests – no unqualified right to documents. In an important decision [1] for any business with a retail customer base, the High Court of England and Wales dismissed a claim against a bank for allegedly failing to provide an adequate response to the Claimant’s data subject access request ( “DSARs” ), highlighting the robust approach that the court is willing to take where it suspects the tactical deployment (or abuse) of the DSAR regime.

Access 122

Access GDPR Personal data Retail 122

Security Affairs

JANUARY 15, 2021

The popular signal messaging app Signal is currently facing issues around the world, users are not able to make calls and send/receive messages. At the time of this writing, it is not possible to make calls and send/receive messages. Users that attempted to send messages via the messaging app were seeing loading screen and after it displayed an error message “502” Immediately after WhatApp announced the changes to its privacy policy and obliged its users to accept it to continue usin

Marketing 139

Marketing Privacy IT Security 139

Data Breach Today

JANUARY 11, 2021

For Example, Both Backdoors Use Same 'Sleeping' Algorithm The "Sunburst" backdoor deployed in the breach of SolarWinds' Orion network monitoring tool uses some of the same code found in the "Kazuar" backdoor, which security researchers have previously tied to Russian hackers, the security firm Kaspersky reports.

Security 284

Security 284

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

WIRED Threat Level

JANUARY 15, 2021

A sprawling tactical industry is teaching American civilians how to fight like Special Ops forces. By preparing for violence at home, are they calling it into being?

IT 122

IT Security 122

IT Governance

JANUARY 13, 2021

The start of 2021 is looking an awful lot like the end of 2020 – not least when it comes to cyber crime. Scammers are as active now as they ever have been, so it’s essential that you remain vigilant in the post-Christmas period. There have already been several warnings of new scams that people must be wary of, as we explain in this blog. Don’t be fooled by vaccine scams.

Phishing 111

Phishing Passwords Authentication Government 111

Security Affairs

JANUARY 14, 2021

A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716 , that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Manager is a secure, flexible, high-performance access management proxy solution that delivers unified global access control for your users, devic

Access 144

Access Passwords Security IT 144