Dark Reading

NOVEMBER 8, 2021

These scripts and commands provide short-term fixes for blocking the Trojan Source attack that abuses Unicode to inject malicious backdoors in source code.

130

130

The Last Watchdog

NOVEMBER 8, 2021

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers. However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, sto

Privacy 268

Privacy Access Security IoT 268

Dark Reading

NOVEMBER 9, 2021

One of the biggest mistakes an organization can make is blindly throwing technology at the problem instead of properly investing in building a security team.

Ransomware 104

Ransomware IT Security 104

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Phishing 362

Phishing Security IT 362

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

NOVEMBER 11, 2021

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more.

Security 145

Security 145

Preservica

NOVEMBER 9, 2021

Welcome to the "How we do it" Video Series. If you are a Clerk, Records Manager or Archivist for City or County Government, our practical “How we do it” videos are for you! We have compiled a series of videos, from users in City and County Government to share how they quickly and easily perform common electronic records preservation and access tasks with Preservica’ s solutions.

Digital preservation 144

Digital preservation Records Management Archiving Government 144

Krebs on Security

NOVEMBER 8, 2021

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

Ransomware 330

Ransomware Passwords Systems administration IT 330

eSecurity Planet

NOVEMBER 12, 2021

Remote work and home offices were an afterthought until the COVID-19 pandemic. They were then vaulted to the forefront of security concerns so quickly that security and IT teams were caught off guard. Now, remote work is likely here to stay even after the pandemic is gone. That means that the temporary solutions put in place over the last 18 months will need to give way to more permanent solutions.

Security 141

Security Marketing IT Access 141

Security Affairs

NOVEMBER 10, 2021

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South Korean victims.

Phishing 145

Phishing Access Communications IT 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Threatpost

NOVEMBER 10, 2021

The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.

Access 138

Access Cloud Security 138

Krebs on Security

NOVEMBER 9, 2021

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Passwords 288

Passwords Authentication Security Ransomware 288

Troy Hunt

NOVEMBER 8, 2021

When someone passed me hundreds of thousands of records on kids taken from CloudPets a few years ago , I had a nightmare of a time getting in touch with the company. They'd left a MongoDB instance exposed to the public without a password and someone had snagged all their data. Within the data were references that granted access to voice recordings made by children, stored in an S3 bucket that also had no auth.

Data breaches 27

Data breaches IT Security Libraries 27

Security Affairs

NOVEMBER 8, 2021

The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July. The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4. The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22), who was arrested for cybercriminal activity on October 8

Ransomware 145

Ransomware Government Security Information Security 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Threatpost

NOVEMBER 11, 2021

Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.

IoT 133

IoT 133

Dark Reading

NOVEMBER 10, 2021

AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.

Risk 132

Risk Security 132

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” It’s pretty good.

Security 131

Security IT Risk Cybersecurity 131

Security Affairs

NOVEMBER 12, 2021

Wiz Research Team disclosed technical details about the discovery of the ChaosDB vulnerability in Azure Cosmos DB database solution. In August, 2021 the Wiz Research Team disclosed ChaosDB – a severe vulnerability in the popular Azure Cosmos DB database solution that allowed for complete, unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies.

Cloud 145

Cloud Access Authentication Security 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Threatpost

NOVEMBER 12, 2021

BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities.

IoT 131

IoT Risk 131

eSecurity Planet

NOVEMBER 10, 2021

For a security technology that’s only a few years old, microsegmentation is catching on quickly. According to a new report from edge security vendor Byos, 88 percent of cybersecurity leaders believe microsegmentation is essential to achieving zero trust security, and 83 percent are currently leveraging microsegmentation in some form. Despite such strong uptake, the market still has plenty of room to grow, the report found: only 17 percent have fully invested in microsegmentation to the poi

Communications 127

Communications IoT Access Marketing 127

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Paper 128

Paper Access Security IT 128

Security Affairs

NOVEMBER 6, 2021

The FBI issued a private industry notification (PIN) to warn of ransomware attacks that hit several tribal-owned casinos last year. A private industry notification issued by the FBI’s Cyber Division revealed that ransomware attacks hit several tribal-owned casinos causing millions of dollar losses. The attacks paralyzed the activities of the casinos shutting down their gaming floors, as well as restaurants, hotels, and gas stations.

Ransomware 145

Ransomware Cybersecurity Security Information Security 145

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Threatpost

NOVEMBER 10, 2021

Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.

Security 127

Security 127

Dark Reading

NOVEMBER 9, 2021

By focusing on the organization rather than the threat, AI can identify subtle changes in your digital environment that point to a cyber threat.

Security 123

Security 123

Schneier on Security

NOVEMBER 12, 2021

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article : Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers.

Cybersecurity 125

Cybersecurity Security IT 125

Security Affairs

NOVEMBER 8, 2021

Operation Cyclone – Six alleged affiliates with the Clop ransomware operation were arrested in an international joint law enforcement operation led by Interpol. Interpol announced the arrest of six alleged affiliates with the Clop ransomware operation as part of an international joint law enforcement operation codenamed Operation Cyclone. Law enforcement authorities from South Korea, Ukraine, and the United States, joint their efforts in a 30-month investigation that was coordinated by Int

Ransomware 144

Ransomware Access Risk Security 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Thales Cloud Protection & Licensing

NOVEMBER 9, 2021

Evolution of Cloud Security: From Shared Responsibility to Shared Fate. madhav. Tue, 11/09/2021 - 11:20. Over the past year and a half, we have witnessed seismic changes with the accelerated adoption of the cloud and the shift to hybrid working. According to McKinsey, cloud adoption has been accelerated by three years compared to pre-pandemic adoption rates while Gartner is estimating that spending on public cloud services will exceed $480 billion next year.

Cloud 123

Cloud Security Encryption Insurance 123

Threatpost

NOVEMBER 12, 2021

Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.

Cybersecurity 120

Cybersecurity Ransomware Cloud Security 120

Schneier on Security

NOVEMBER 8, 2021

We’ve now had an (unsuccessful) assassination attempt by explosive-laden drones.

121

121