Dark Reading

MAY 11, 2021

Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.

Cybersecurity 113

Cybersecurity 113

Security Affairs

MAY 13, 2021

The recent Colonial Pipeline attack highlights the dangers that are facing Critical Infrastructure worldwide. The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS) and the need for change in the information security landscape, The attack took place on May 7th where hackers used ransomware to cripple the defense of the company.

Security 112

Security e-Delivery Ransomware Information Security 112

WIRED Threat Level

MAY 9, 2021

There's a battle raging over how advertisers can target us on the web—or whether they should be able to target us at all.

Privacy 122

Privacy IT Security 122

Krebs on Security

MAY 14, 2021

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. “Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a

Ransomware 364

Ransomware Education Communications Access 364

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Data Breach Today

MAY 8, 2021

Attackers have Co-Opted Malware For Data Exfiltration and Ransom, Group-IB Finds Attackers have co-opted the Hancitor malware downloader and recently used it to deliver Cuba ransomware as part of an email spam campaign for data exfiltration and ransom extortion, a new report by security firm Group-IB finds.

Ransomware 338

Ransomware Security IT 338

AIIM

MAY 11, 2021

A staple of many Information Technology (IT) policy suites is the Acceptable Use Policy (AUP), intended to govern what people working in the organization can and cannot do with the technology we provide them. IIM professionals and consultants push to have these kinds of policies in place, and countless templates and best practices are available on the Internet to use as a starting point if we don't have one already.

Computer and Electronics 193

Computer and Electronics Paper Government Communications 193

Krebs on Security

MAY 11, 2021

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser.

Encryption 316

Encryption Authentication Ransomware IT 316

Data Breach Today

MAY 10, 2021

Report: DarkSide Ransomware Gang Infected Fuel Supplier Colonial Pipeline Company has restored smaller pipelines that ship fuels to the U.S. East Coast after a ransomware incident, but its larger ones are still offline as it assesses safety. Citing U.S. officials, the Associated Press reports the company was infected by the DarkSide ransomware group.

Ransomware 317

Ransomware IT 317

The Last Watchdog

MAY 11, 2021

By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be. Related: DHS launches 60-day cybersecurity sprints. Obviously, one change for the better would be if software developers and security analysts paid much closer attention to the new and updated coding packages being assembled and depl

Cybersecurity 202

Cybersecurity Data collection Analytics Libraries 202

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

MAY 10, 2021

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites. Starting from January 2020, a threat actor has been adding thousands of malicious exit relays to the Tor network to intercept traffic and carry out SSL stripping attacks on users while accessing mixing websites, The Record first reported.

Security 145

Security Access IT Cybersecurity 145

Krebs on Security

MAY 10, 2021

How much is your payroll data worth? Probably a lot more than you think. One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work.

Passwords 303

Passwords Access Marketing IT 303

Data Breach Today

MAY 10, 2021

Pharmacy Administration Vendor, EMR Hosting Firm Among Latest Victims Two companies that serve the healthcare sector have reported disruptive cyber incidents affecting their clients, the latest in a string of similar supply chain incidents.

312

312

The Last Watchdog

MAY 10, 2021

The value of sharing threat intelligence is obvious. It’s much easier to blunt the attack of an enemy you can clearly see coming at you. Related: Supply chains under siege. But what about trusted allies who unwittingly put your company in harm’s way? Third-party exposures can lead to devastating breaches, just ask any Solar Winds first-party customer.

Risk 195

Risk Insurance Access Security 195

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

MAY 11, 2021

Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate.

Cloud 145

Cloud Security Cybersecurity Information Security 145

Schneier on Security

MAY 10, 2021

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “ New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era ,” Cryptographic Quarterly , Spring 1996, author still classified.

FOIA 144

FOIA IT 144

Data Breach Today

MAY 11, 2021

City Shuts Down Websites, Systems Tulsa city officials shut down systems and websites after a Sunday ransomware attack, making it impossible for residents to gain online access to many services.

Ransomware 299

Ransomware Access IT 299

The Last Watchdog

MAY 13, 2021

In a day and age when the prime directive for many organizations is to seek digital agility above all else, cool new apps get conceived, assembled and deployed at breakneck speed. Related: DHS instigates 60-day cybersecurity sprints. Software developers are king of the hill; they are the deeply-committed disciples pursuing wide open, highly dynamic creative processes set forth in the gospels of DevOps and CI/CD.

Security 183

Security Digital transformation Cybersecurity Compliance 183

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

MAY 9, 2021

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for.nl domains), InternetNZ (the registry for.nz domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named TsuNAME, in some DNS resolvers.

Paper 145

Paper Access Security IT 145

WIRED Threat Level

MAY 8, 2021

An attack has crippled the company’s operations—and cut off a large portion of the East Coast’s fuel supply—in an ominous development for critical infrastructure.

Ransomware 143

Ransomware Security 143

Data Breach Today

MAY 14, 2021

Colonial Pipeline Attack Used DarkSide Malware The gang behind DarkSide ransomware, which U.S. authorities say was used in the attack against Colonial Pipeline Co., says it's closed its ransomware-as-a-service operation after losing access to part of its infrastructure.

Ransomware 289

Ransomware IT Access 289

The Last Watchdog

MAY 12, 2021

A new report from Sophos dissects how hackers spent two weeks roaming far-and-wide through the modern network of a large enterprise getting into a prime position to carry out what could’ve been a devasting ransomware attack. Related: DHS embarks on 60-day cybersecurity sprints. This detailed intelligence about a ProxyLogon-enabled attack highlights how criminal intruders are blending automation and human programming skills to great effect.

Ransomware 153

Ransomware Cybersecurity Digital transformation Cloud 153

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

MAY 9, 2021

U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye’s Mandiant. At the end of April, researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue ( CVE-2021-2001

Ransomware 145

Ransomware Encryption Cybersecurity Security 145

Schneier on Security

MAY 10, 2021

This is a major story : a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish it. The White House has declared a state of emergency and has created a task force to deal with the problem, but it’s unclear what they can do.

Ransomware 142

Ransomware IT 142

Data Breach Today

MAY 14, 2021

The Debate Over Impact of Colonial Pipeline's Apparent Ransom Payment Some cybersecurity experts question the contentions of Speaker of the House Nancy Pelosi and another member of Congress, who say a $5 million ransom reportedly paid by Colonial Pipeline Co. after being hit by DarkSide ransomware would serve as a catalyst for attacks on other critical infrastructure providers.

IT 287

IT Ransomware Cybersecurity 287

Dark Reading

MAY 10, 2021

As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.

Ransomware 142

Ransomware Security IT 142

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

MAY 10, 2021

The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks.

Ransomware 145

Ransomware Energy and Utilities Encryption Marketing 145

The Last Watchdog

MAY 14, 2021

It’s accurate to say that security has been bolted onto modern business networks. It also has become very clear that we won’t achieve the full potential of digital transformation without security somehow getting intricately woven into every layer of corporate IT systems. We’re still a long way from achieving that, but a promising roadmap has emerged.

Security 138

Security Digital transformation Cloud Access 138

Data Breach Today

MAY 13, 2021

Order Emphasizes Partnerships, IT Modernization and Supply Chain Security President Joe Biden signed an extensive executive order Wednesday, detailing the government's plan to increase cybersecurity protection across the public and private sectors, as well as securing the nation's infrastructure against the type of attack that targeted SolarWinds and its customers.

Cybersecurity 287

Cybersecurity Government Security IT 287