Sat.Jun 26, 2021 - Fri.Jul 02, 2021

article thumbnail

Senate Bill Addresses Federal Cyber Workforce Shortage

Data Breach Today

Workforce Expansion Act Would Create CISA, VA Training Programs Sens. Maggie Hassan and John Cornyn have introduced legislation that would create a pilot apprenticeship program within CISA. The Federal Cybersecurity Workforce Expansion Act would also create a cyber-training program within the Department of Veterans Affairs, equipping veterans to hold careers in cyber defense.

article thumbnail

Ransomware Groups are Targeting VMs

eSecurity Planet

Virtual machines are becoming an increasingly popular avenue cybercriminals are taking to distribute their ransomware payloads onto compromised corporate networks. Bad actors have been exploiting VMs in recent years as a way of running under the radar, making it more difficult to detect their malware while it encrypts the data they intend to hold for ransom.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Pros and Cons of FTP for Secure Business File Sharing

OneHub

File transfer protocol (FTP) turned 50 this year. In the fast-moving world of technology, that’s an eternity. File sharing looks much different now than it did half a century ago, but some companies are still using FTP to share their business files. Is it time to say goodbye to file transfer protocol, or is it an oldie but goodie? That depends on a few factors.

article thumbnail

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and i

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

REvil's Ransomware Success Formula: Constant Innovation

Data Breach Today

Affiliate-Driven Approach and Regular Malware Refinements Are Key, Experts Say REvil, aka Sodinokibi, is one of today's most notorious - and profitable - ransomware operations, driven by highly skilled affiliates who share profits with the operators. And the operators are constantly improving the malware, including porting it to Linux to target network-attached storage and hypervisors.

More Trending

article thumbnail

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront. Related: Equipping Security Operations Centers (SOCs) for the long haul. Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time.

Risk 149
article thumbnail

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD. Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who ca

Cloud 359
article thumbnail

Researchers Identify New Malware Loader Variant

Data Breach Today

New JSSLoader Variant is Being Spread by TA543 Group A cybercrime group tracked as TA543 by security firm Proofpoint is deploying a new variant of a malware loader to target victims as part of a phishing campaign, the company reports.

Phishing 360
article thumbnail

Supercharge Your Search Accuracy with Auto-Applied Email Metadata Upon Ingestion

AIIM

As the amount of data entering the organization proliferates, and the amount of content with business value (deemed a “record” in many cases) also increases, organizations everywhere are struggling with a massive information overload problem. Content is running rampant and sprawling, and records are being captured improperly, making discoverability and the resulting value of that information significantly lower.

Metadata 187
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Fancy Bear Is Trying to Brute-Force Hundreds of Networks

WIRED Threat Level

While SolarWinds rightly drew attention earlier this year, Moscow's Fancy Bear group has been on a password-guessing spree this whole time.

Passwords 145
article thumbnail

We Infiltrated a Counterfeit Check Ring! Now What?

Krebs on Security

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it.

Insurance 285
article thumbnail

US Tracking Brute-Force Attacks Linked to Russia

Data Breach Today

NSA: Attackers Targeting Cloud Services for Espionage The NSA, the FBI and other U.S. government agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Office 365 and other cloud-based services.

Cloud 352
article thumbnail

More Russian Hacking

Schneier on Security

Two reports this week. The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.

Passwords 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

New LinkedIn breach exposes data of 700 Million users

Security Affairs

A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users. A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total 756M users, is available for sale on forums on the dark web. The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experi

Sales 145
article thumbnail

A New Kind of Ransomware Tsunami Hits Hundreds of Companies

WIRED Threat Level

An apparent supply chain attack exploited Kaseya's IT management software to encrypt a "monumental" number of victims all at once.

article thumbnail

Babuk Ransomware Mystery Challenge: Who Leaked Builder?

Data Breach Today

Code for Generating Unique Copies of Crypto-Locking Malware Uploaded to VirusTotal The code used to build copies of Babuk ransomware - to infect victims with the crypto-locking malware - has been leaked, after someone posted the software to virus-scanning service VirusTotal. Whether the leak was intentional - perhaps a rival gang seeking to burn the operation - remains unclear.

article thumbnail

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

Threatpost

After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.

Sales 143
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang?

Security Affairs

Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet. The Trickbot botnet was used by threat actors to spread the Ryuk and Conti ransomware families, experts noticed similarities between Diavol and Conti threat

article thumbnail

Welcoming the Slovak Republic Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come.

article thumbnail

Analysis: Why Ransomware Is No. 1 Cyberthreat

Data Breach Today

This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals. Also featured: Western Digital IoT flaws; an FBI agent tracks cybersecurity trends.

article thumbnail

Risks of Evidentiary Software

Schneier on Security

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it. The software engineers proposed a three-part test.

Risk 139
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Linux version of REvil ransomware targets ESXi VM

Security Affairs

The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises. The availability of the Linux encryptor was announced by the REvil gang in May, a circumstance that suggests the group is expanding its operation.

article thumbnail

POPIA: The long wait is over

DLA Piper Privacy Matters

Authors : Monique Jefferson and Justine Katz. The Protection of Personal Information Act, 2013 (POPIA) came into effect on 1 July 2020 but was subject to a 12-month grace period, which ended yesterday (30 June 2021). Therefore, from today (1 July 2021) POPIA is fully in effect, save for certain provisions. In this regard, we point out that the provisions in POPIA regarding prior authorization have been extended until 1 February 2022.

article thumbnail

Cajee Brothers Deny $3.6 Billion Bitcoin Fraud

Data Breach Today

Lawyer Says Contract to Assist the Cajee Brothers Terminated Two brothers who run Africrypt, a currency exchange service based in Johannesburg, South Africa, have been accused by law firm Hanekom Attorneys, acting on behalf of investors, of 'vanishing' along with $3.6 billion in cryptocurrency investments.

332
332
article thumbnail

Widespread Brute-Force Attacks Tied to Russia’s APT28

Threatpost

The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.

Military 133
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Mercedes-Benz data breach impacted roughly 1000 individuals

Security Affairs

Mercedes-Benz USA disclosed a data breach that impacted 1.6 million customers, exposed data includes financial data and social security numbers (SSNs). Mercedes-Benz USA disclosed on Friday a data breach that impacted some of its customers and potential vehicle buyers. The incident exposed approximately 1.6 million unique records containing customers’ info, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact.

article thumbnail

List of data breaches and cyber attacks in June 2021 – 9.8 million records breached

IT Governance

We found a comparatively low 9,780,931 breached records from publicly disclosed security incidents in June 2021. But don’t be fooled by that number – it comes from 106 incidents, which is roughly average for the year. It’s simply the case that in the majority of cases, the breached organisation didn’t reveal how much data was compromised, either because it didn’t know or wasn’t obliged to reveal it publicly.

article thumbnail

Capital One Breach Suspect Faces New Criminal Charges

Data Breach Today

Paige Thompson Now Faces Up to 20 Years in Federal Prison, Documents Show The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, which compromised the personal data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers. She now faces a possible 20-year prison sentence.