The Last Watchdog

MAY 30, 2022

It’s no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats. Related: Deploying employees as threat sensors. Meanwhile, 200,000 well-trained and technically skilled military service members are discharged each year. These individuals have many transferable skills that would make cybersecurity a prosperous civilian career.

Cybersecurity 278

Cybersecurity Military Education Government 278

Data Breach Today

MAY 31, 2022

The Majority of Incidents Entailed Malware Distribution, Phishing and Intrusion Attempts Three months after Russia’s ongoing invasion of Ukraine began, the country takes a look back at the turbulence the nation has faced in its cyber sphere during Q1 2022, and considers the way ahead.

Phishing 287

Phishing IT 287

Dark Reading

MAY 30, 2022

To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.

112

112

Krebs on Security

MAY 31, 2022

Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sa

Ransomware 284

Ransomware Government Communications Cybersecurity 284

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

JUNE 3, 2022

The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing. Related: Covid 19 ruses used in email attacks. At RSA Conference 2022 , which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.

Unstructured data 272

Unstructured data Cloud Authentication Digital transformation 272

Security Affairs

JUNE 3, 2022

Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. “Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote c

Mining 145

Mining Authentication Security Cybersecurity 145

Krebs on Security

JUNE 3, 2022

The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities.

Security 277

Security Computer and Electronics Access Libraries 277

The Last Watchdog

JUNE 2, 2022

Third-Party Risk Management ( TPRM ) has been around since the mid-1990s – and has become something of an auditing nightmare. Related: A call to share risk assessments. Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk.

Security 266

Security Risk Digital transformation Insurance 266

Data Breach Today

JUNE 2, 2022

FBI Director Says Boston Children's Hospital Was Targeted Last Summer Boston Children's Hospital thwarted a cyberattack by government-backed Iranian hackers last summer after U.S. authorities received intelligence about the pending assault and alerted the hospital, says FBI Director Christopher Wray, who called Iran's planned cyberattack "despicable.

Government 338

Government 338

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

MAY 30, 2022

A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.

Cybersecurity 145

Cybersecurity Security IT Information Security 145

Hunton Privacy

JUNE 1, 2022

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic, however, the Thai government issued royal decrees to extend the compliance deadline to June 1, 2022. .

Personal data 143

Personal data GDPR Compliance Government 143

The Last Watchdog

JUNE 3, 2022

It’s not difficult to visualize how companies interconnecting to cloud resources at a breakneck pace contribute to the outward expansion of their networks’ attack surface. Related: Why ‘SBOM’ is gaining traction. If that wasn’t bad enough, the attack surface companies must defend is expanding inwardly, as well – as software tampering at a deep level escalates.

Systems administration 255

Systems administration Libraries Risk Authentication 255

Data Breach Today

MAY 30, 2022

Malicious Code Execution Traced to Weaponized Office Documents Dating From April Attention to anyone who manages a Microsoft Windows environment: Security researchers are tracking a zero-day vulnerability in Microsoft Office that's being actively exploited by attackers to run malicious code on a vulnerable system.

Security 319

Security 319

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

MAY 30, 2022

The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.

CMS 145

CMS IoT Passwords Security 145

KnowBe4

JUNE 3, 2022

KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it right.

Passwords 135

Passwords IT Phishing Security 135

The Last Watchdog

JUNE 1, 2022

In order to extract value from the Internet, data sprawl first must get reined in. This has always been the case. Related: Equipping SOCs for the long haul. What good is connecting applications, servers and networks across the public cloud if you’re unable to securely operationalize the datasets that these interconnected systems store and access? Solving data sprawl has now become a focal point of cybersecurity.

Unstructured data 235

Unstructured data Sales Cloud Government 235

Data Breach Today

JUNE 1, 2022

Criminals Seek Cryptocurrency and Other Monetary Donations , FBI Says The FBI says in an alert that scammers have been posing as Ukrainian entities to fraudulently seek donations and other financial assistance for the war-torn country. The agency says scammers in the past have also used crises as opportunities to cash in with fraudulent donation schemes.

Phishing 309

Phishing 309

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

MAY 29, 2022

Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian ‘hacktivist’ group Killnet is one of the most active non-state actors operating since the beginning of the Russian invasion of Ukraine.

Cybersecurity 145

Cybersecurity Security Risk Government 145

eSecurity Planet

JUNE 2, 2022

More than 3.6 million MySQL servers are publicly exposed on the internet, security researchers noted this week. Shadow Server Foundation researchers reported that they simply issued a MySQL connection request on default port 3306 to see if a server responded with a MySQL Server Greeting, rather than intrusive requests that pentesters use to break into databases.

Data breaches 130

Data breaches Access Authentication Ransomware 130

The Last Watchdog

MAY 31, 2022

Vulnerability management, or VM, has long been an essential, if decidedly mundane, component of network security. Related: Log4J’s long-run risks. That’s changing — dramatically. Advanced VM tools and practices are rapidly emerging to help companies mitigate a sprawling array of security flaws spinning out of digital transformation. I visited with Scott Kuffer, co-founder and chief operating officer of Sarasota, FL-based Nucleus Security , which is in the thick of this development.

Risk 235

Risk Cloud Digital transformation Passwords 235

Data Breach Today

MAY 31, 2022

Misconfigured AWS S3 Bucket, Which Led to the Breach, Has Now Been Secured A data breach at Turkish firm Pegasus Airlines has put more than 6.5 TB of sensitive electronic flight bag data at risk, including sensitive flight details, source code and staff data, say researchers. A misconfigured AWS S3 bucket, which led to the incident, has now been secured.

Data breaches 305

Data breaches Risk Security 305

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

JUNE 1, 2022

Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners. Researchers from Shadow Server scanned the internet for publicly accessible MySQL server instances on port 3306/TCP and uncovered 3.6M installs worldwide responding to their queries. These publicly accessible MySQL server instances represent a potential attack surface for their owners. “These are instances that respond to our MySQL connection request with a Server Greet

Access 144

Access Authentication Cybersecurity Security 144

Dark Reading

MAY 28, 2022

The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.

Security 131

Security 131

The Last Watchdog

JUNE 2, 2022

Companies have come to depend on Software as a Service – SaaS — like never before. Related: Managed security services catch on. From Office 365 to Zoom to Salesforce.com, cloud-hosted software applications have come to make up the nerve center of daily business activity. Companies now reach for SaaS apps for clerical chores, conferencing, customer relationship management, human resources, salesforce automation, supply chain management, web content creation and much more, even security.

Security 229

Security Cloud Security awareness Cybersecurity 229

Data Breach Today

JUNE 1, 2022

Incident Follows April Conti Attack on Multiple Costa Rican Agencies Costa Rica's public health services agency was hit Tuesday by a ransomware attack allegedly launched by Hive. The incident comes after an April attack - reportedly by fellow Russian-backed group Conti - targeted multiple Costa Rican government agencies.

Ransomware 263

Ransomware Government 263

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

JUNE 3, 2022

The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking.

Mining 144

Mining Archiving Cybersecurity Security 144

eSecurity Planet

JUNE 3, 2022

Software supply chain attacks present an increasingly worrying threat. According to a recent BlueVoyant study, an impressive 97 percent of companies surveyed have been negatively impacted by a security breach in their supply chain, and 38 percent said they have no way of knowing about any potential issues with a third-party supplier’s cybersecurity.

Security 126

Security Libraries Risk Authentication 126

Dark Reading

JUNE 2, 2022

The malware targets Windows users via Trojanized downloads of cracked or pirated software and then starts in on cryptocurrency mining and clipboard hijacking.

Mining 130

Mining 130