Data Breach Today
JUNE 30, 2021
Workforce Expansion Act Would Create CISA, VA Training Programs Sens. Maggie Hassan and John Cornyn have introduced legislation that would create a pilot apprenticeship program within CISA. The Federal Cybersecurity Workforce Expansion Act would also create a cyber-training program within the Department of Veterans Affairs, equipping veterans to hold careers in cyber defense.
eSecurity Planet
JUNE 30, 2021
Virtual machines are becoming an increasingly popular avenue cybercriminals are taking to distribute their ransomware payloads onto compromised corporate networks. Bad actors have been exploiting VMs in recent years as a way of running under the radar, making it more difficult to detect their malware while it encrypts the data they intend to hold for ransom.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
OneHub
JUNE 30, 2021
File transfer protocol (FTP) turned 50 this year. In the fast-moving world of technology, that’s an eternity. File sharing looks much different now than it did half a century ago, but some companies are still using FTP to share their business files. Is it time to say goodbye to file transfer protocol, or is it an oldie but goodie? That depends on a few factors.
Krebs on Security
JULY 2, 2021
Some of Western Digital’s MyCloud-based data storage devices. Image: WD. Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who ca
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
JULY 2, 2021
Affiliate-Driven Approach and Regular Malware Refinements Are Key, Experts Say REvil, aka Sodinokibi, is one of today's most notorious - and profitable - ransomware operations, driven by highly skilled affiliates who share profits with the operators. And the operators are constantly improving the malware, including porting it to Linux to target network-attached storage and hypervisors.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
The Last Watchdog
JUNE 30, 2021
The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront. Related: Equipping Security Operations Centers (SOCs) for the long haul. Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time.
Krebs on Security
JULY 1, 2021
Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and i
Data Breach Today
JULY 1, 2021
NSA: Attackers Targeting Cloud Services for Espionage The NSA, the FBI and other U.S. government agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Office 365 and other cloud-based services.
AIIM
JULY 1, 2021
As the amount of data entering the organization proliferates, and the amount of content with business value (deemed a “record” in many cases) also increases, organizations everywhere are struggling with a massive information overload problem. Content is running rampant and sprawling, and records are being captured improperly, making discoverability and the resulting value of that information significantly lower.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Schneier on Security
JULY 2, 2021
Two reports this week. The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.
Krebs on Security
JUNE 30, 2021
Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it.
Data Breach Today
JUNE 29, 2021
Code for Generating Unique Copies of Crypto-Locking Malware Uploaded to VirusTotal The code used to build copies of Babuk ransomware - to infect victims with the crypto-locking malware - has been leaked, after someone posted the software to virus-scanning service VirusTotal. Whether the leak was intentional - perhaps a rival gang seeking to burn the operation - remains unclear.
Security Affairs
JUNE 29, 2021
A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users. A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total 756M users, is available for sale on forums on the dark web. The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experi
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Troy Hunt
JUNE 28, 2021
Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come.
DLA Piper Privacy Matters
JULY 1, 2021
Authors : Monique Jefferson and Justine Katz. The Protection of Personal Information Act, 2013 (POPIA) came into effect on 1 July 2020 but was subject to a 12-month grace period, which ended yesterday (30 June 2021). Therefore, from today (1 July 2021) POPIA is fully in effect, save for certain provisions. In this regard, we point out that the provisions in POPIA regarding prior authorization have been extended until 1 February 2022.
Data Breach Today
JULY 2, 2021
This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals. Also featured: Western Digital IoT flaws; an FBI agent tracks cybersecurity trends.
Security Affairs
JULY 2, 2021
Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet. The Trickbot botnet was used by threat actors to spread the Ryuk and Conti ransomware families, experts noticed similarities between Diavol and Conti threat
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Schneier on Security
JUNE 29, 2021
Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it. The software engineers proposed a three-part test.
Threatpost
JULY 2, 2021
The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.
Data Breach Today
JUNE 26, 2021
New JSSLoader Variant is Being Spread by TA543 Group A cybercrime group tracked as TA543 by security firm Proofpoint is deploying a new variant of a malware loader to target victims as part of a phishing campaign, the company reports.
Security Affairs
JUNE 30, 2021
Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that provides double-encryption service widely used by threat actors to anonymize their operation while performing malicious activities.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
IT Governance
JULY 1, 2021
We found a comparatively low 9,780,931 breached records from publicly disclosed security incidents in June 2021. But don’t be fooled by that number – it comes from 106 incidents, which is roughly average for the year. It’s simply the case that in the majority of cases, the breached organisation didn’t reveal how much data was compromised, either because it didn’t know or wasn’t obliged to reveal it publicly.
Threatpost
JULY 2, 2021
CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment.
Data Breach Today
JULY 1, 2021
Roger Lang, who has experience in SaaS and fintech and has invested in various cybersecurity companies, says that education is the key to making real progress on cybersecurity issues.
Security Affairs
JULY 2, 2021
Microsoft is urging Azure users to update PowerShell to address a remote code execution vulnerability that was fixed earlier this year. Microsoft is recommending its Azure users to update PowerShell versions 7.0 and 7.1 to protect against a high severity remote code execution vulnerability tracked as CVE-2021-26701. The IT giant is inviting the PowerShell task automation tool to versions 7.0.6 or 7.1.3 as soon as possible. “If you manage yoiur Azure resources from PowerShell version 7.0 or
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
WIRED Threat Level
JULY 1, 2021
While SolarWinds rightly drew attention earlier this year, Moscow's Fancy Bear group has been on a password-guessing spree this whole time.
Threatpost
JUNE 28, 2021
After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.
Data Breach Today
JUNE 30, 2021
Anne Neuberger Says Attacks Will Be Attributed Deputy national security adviser Anne Neuberger says the White House is preparing to release additional details, including attribution, about the attacks that targeted vulnerable on-premises Microsoft Exchange email servers at government agencies and other organizations earlier this year.
Expert insights. Personalized for you.
264 
Let's personalize your content