Krebs on Security

MARCH 29, 2022

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life

Authentication 301

Authentication Government Sales Access 301

The Last Watchdog

MARCH 29, 2022

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration. Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software. This is all part of corporations plunging into the near future: migration to cloud-based IT infrastructure is in high gear, complexity is mushrooming and fear of falli

Security 223

Security Cloud Digital transformation Cybersecurity 223

Dark Reading

MARCH 31, 2022

Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.

Security 85

Security 85

Data Breach Today

MARCH 30, 2022

Nonprofit Managed Care Provider Allegedly Hit by Hive Ransomware An apparent ransomware attack and alleged data theft by the Hive cybercriminal group has left Partnership HealthPlan of California struggling to recover its IT services for more than a week. The nonprofit says it is unable to receive or process treatment authorization requests.

IT 311

IT Ransomware 311

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.

Government 300

Government Education Sales Access 300

Troy Hunt

MARCH 28, 2022

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.

Government 145

Government Data breaches Access 145

Data Breach Today

MARCH 31, 2022

65 Terabytes of Data Wiped Out, According to Reports Hackers have allegedly managed to breach the infrastructure belonging to Russia's Federal Air Transport Agency, or Rosaviatsiya, and wiped out its entire database and files consisting of 65TB of data, including documents, files, aircraft registration data and emails from the servers.

IT 300

IT 300

Schneier on Security

APRIL 1, 2022

These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection. […].

Authentication 145

Authentication Security Passwords 145

The Last Watchdog

MARCH 28, 2022

Some 96 percent of organizations — according to the recently released 2021 Cloud Native Survey — are either using or evaluating Kubernetes in their production environment, demonstrating that enthusiasm for cloud native technologies has, in the words of the report’s authors, “crossed the adoption chasm.”. Related: The targeting of supply-chain security holes.

Cloud 222

Cloud Security Access Digital transformation 222

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

APRIL 1, 2022

Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis Corp , while today the group claimed the hack of Marathon Group. The Marathon Group is a Russian investment firm owned by oligarch Alexander Vinokuro, who was sanctioned by the EU.

Archiving 142

Archiving Government Security IT 142

Data Breach Today

MARCH 31, 2022

This edition analyzes how hackers exploited a misconfigured VPN device, gained access to Viasat's satellite network and caused a massive outage in Europe as Russia's invasion of Ukraine began. It also examines the invasion's impact on financial services and how to modernize security operations.

Financial Services 300

Financial Services Access Security IT 300

eSecurity Planet

MARCH 31, 2022

As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent , according to HP Wolf Security research. And with many employees getting multiple emails per day, it’s easy for spam emails to slip their notice. Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020.

Phishing 130

Phishing Cybersecurity Ransomware Security 130

WIRED Threat Level

APRIL 1, 2022

For years, the country has been trying to create its own sovereign internet—a goal given new impetus by the backlash to its invasion of Ukraine.

IT 125

IT Privacy Security 125

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

APRIL 1, 2022

Researchers spotted a new destructive wiper, tracked as AcidRain , that is likely linked to the recent attack against Viasat. Security researchers at SentinelLabs have spotted a previously undetected destructive wiper, tracked as AcidRain, that hit routers and modems and that was suspected to be linked to the Viasat KA-SAT attack that took place on February 24th, 2022.

Security 141

Security Access IT Information Security 141

Data Breach Today

MARCH 31, 2022

Both Bugs Have a POC and at Least 1 Is Known to Be Exploited in the Wild Spring IO, a cohesive, versioned platform used for building modern applications, has reported two remote code execution vulnerabilities in the past two days. Both the RCEs are reportedly having proof of concept exploits, and at least one is actively being targeted in the wild.

Cloud 286

Cloud 286

KnowBe4

MARCH 31, 2022

A widespread phishing scam is circulating in Facebook Messenger, according to Jeff Parsons at Metro. The phishing messages simply contain the words, “Look what I found,” along with a link. If the user clicks the link, they’ll be taken to a spoofed Facebook login page that will steal their credentials. Notably, the attackers send the messages from compromised accounts of the target’s Facebook friends, which increases the appearance of legitimacy.

Phishing 124

Phishing Security awareness Security 124

eSecurity Planet

MARCH 26, 2022

SAML is an open standard facilitating the communication and verification of credentials between identity providers and service providers for users everywhere. In 2005, the open standard consortium OASIS released SAML 2.0 to broad appeal. As smart mobile devices boomed, so did the number of web applications and the need to address never-ending logins.

Authentication 120

Authentication Communications Access Passwords 120

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

APRIL 1, 2022

Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871 , in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871 , in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead to remote code execution.

Cybersecurity 134

Cybersecurity Security IT Information Security 134

Data Breach Today

APRIL 1, 2022

No Smoking Gun, But Code Overlaps With Russian VPNFilter Malware, SentinelOne Finds The disruption of tens of thousands of Viasat consumer broadband modems across central Europe on Feb. 24 when Russia invaded Ukraine may have involved "AcidRain" wiper malware, security researchers at SentinelOne report. Viasat says those findings are "consistent" with the known facts of the attack.

Security 278

Security 278

KnowBe4

MARCH 30, 2022

A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack.

Passwords 119

Passwords Risk Security 119

eSecurity Planet

MARCH 31, 2022

Once an organization has been breached, the overwhelming majority of critical assets are just a few attack techniques away from being compromised, according to a new study. The report by breach and attack simulation (BAS) vendor XM Cyber noted that 63% of critical assets are just a single “hop” away from initial breach to compromise; 81% of critical assets are no more than two attack techniques away from disaster; and 94% of critical assets can be compromised in four or fewer moves b

Security 119

Security Cloud Access Risk 119

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

MARCH 27, 2022

Western Digital fixed a critical flaw affecting My Cloud OS 5 devices that allowed attackers to gain remote code execution with root privileges. Western Digital has addressed a critical vulnerability, tracked as CVE-2021-44142 , that could have allowed attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. The CVE-2021-44142 flaw affects the following devices: My Cloud PR2100 My Cloud PR4100 My Cloud EX4100 My Cloud EX2 Ultra My Cloud Mirror Gen 2 My Clo

Cloud 123

Cloud Metadata Access Security 123

Data Breach Today

MARCH 30, 2022

Targets Are a Small Set of Specific Organizations Primarily in South Asia Sophos says it has provided a fix to a critical RCE bug known to be actively exploited primarily in South Asia. Sophos says no customer action is needed if the "Allow automatic installation of hotfixes" feature is enabled, but versions close to their end of life need manual configuration.

IT 266

IT 266

KnowBe4

MARCH 30, 2022

The shift in devices used by today’s workforce has resulted in increases in cybersecurity concerns and incidents, despite a majority of orgs with defined BYOD programs in place.

Cybersecurity 119

Cybersecurity Security Phishing 119

Adam Levin

MARCH 31, 2022

When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are: Keep at least three copies of your data: The emphasis here is on at least. Backups are inherently fallible, and can fall prey to malware, ransomware, power surges, and hardware failure. The only way to make sure your data is truly secured is by having backups of your backups.

Archiving 117

Archiving Cloud Cybersecurity Ransomware 117

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

MARCH 26, 2022

The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security. The Federal Communications Commission (FCC) added multiple Kaspersky products and services to its Covered List saying that they pose unacceptable risks to U.S. national security. “The Federal Communications Commission’s Public Safety and Homeland Security Bureau today added equipment and services from three entities – AO Kaspersky Lab, China Telecom

Risk 123

Risk Security Communications Information Security 123

Data Breach Today

APRIL 1, 2022

DSS v3.2.1 Active Until March 31, 2024, Then Retired Over 1-Year Period The PCI Security Standards Council on Thursday released the Payment Card Industry Data Security Standard version 4.0. The latest version's improvements are intended to counter evolving threats and technologies, and the new version will enable innovative methods to combat new threats.

Security 264

Security 264

KnowBe4

APRIL 1, 2022

Check out the 74 new pieces of training content added in March, alongside the always fresh content update highlights and new features.

119

119