Data Breach Today
JULY 7, 2020
Data-Leaking Extortionists' Revised Playbook Goes Way Beyond Ransomware Ransomware-wielding attackers continue to pummel organizations. But labeling these as being just ransomware attacks often misses how much these incidents involve serious network intrusions, exfiltration of extensive amounts of data, data leaks and, as a result, reportable data breaches.
Schneier on Security
JULY 8, 2020
It is amazing that this sort of thing can still happen: the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long way to go to secure the IoT.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JULY 9, 2020
Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread.
Krebs on Security
JULY 4, 2020
One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Security Affairs
JULY 5, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about cyberattacks from the Tor network. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) is warning enterprises of cyberattacks launched from the Tor network. Threat actors leverage the Tor network to hide the real source of their attacks and avoid that their C2 infrastructure could be identified and shut down by.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
JULY 8, 2020
Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. Early July, security expert K7 Lab malware researcher Dinesh Devadoss uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and
Data Breach Today
JULY 8, 2020
Pandemic Drives Increased Adoption of Workplace Monitoring Tools With so many employees working from home during the COVID-19 pandemic, vendors of time-tracking and productivity-monitoring software report surging interest in their wares. Regardless of whether organizations deploy light-touch or more Big Brother types of approaches, beware potential privacy repercussions.
Data Breach Today
JULY 4, 2020
IG Report Finds Agency's Infrastructure Remains Tempting Target for Hackers A recent Inspector General's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3 billion on IT, networking and security technology in 2019. The oversite report offers a series of improvements that NASA should make.
WIRED Threat Level
JULY 6, 2020
For companies that haven't patched their BIG-IP products, it may already be too late.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Security Affairs
JULY 9, 2020
Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data.
AIIM
JULY 9, 2020
We’ve all been there. We know that our information management technology is getting old, and it needs to be replaced. We can’t integrate to the newest artificial intelligence tools that could help improve the completeness and accuracy of the metadata, nor can we feel confident that we are managing records appropriately, and don’t even get me started on search.
Data Breach Today
JULY 10, 2020
Phones Sold Through US Government-Subsidized Program For the second time this year, security researchers have found malware embedded in low-cost Android smartphones distributed through a U.S. government program, security firm Malwarebytes reports.
WIRED Threat Level
JULY 4, 2020
Plus: A massive crime bust in Europe, a warning from US Cyber Command, and more of the week's top security news.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
JULY 9, 2020
Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the UMX U686CL phone was sold with pre-installed malware as part of the government-funded Lifeline Assistance program by Vi
AIIM
JULY 7, 2020
When I think back to this time last year, I’m shocked by just how different things are since the start of COVID-19. Businesses have gone through major shifts in record time - projects like moving to a remote office environment that often takes months to complete were carried out in just a few days or weeks. Now, as our time with COVID goes on, some of the focus has shifted from short-term business concerns like how to set up a remote working strategy , how to ensure security while working from h
Data Breach Today
JULY 6, 2020
In Latest Case, Florida Practice Sued for Damages, and Security Mandates Sought A lawsuit seeking damages as well as security mandates has been filed against a Florida-based orthopedic group in the wake of a ransomware incident. It's the latest in a series of such legal actions in healthcare, including one in which a preliminary settlement has been reached.
WIRED Threat Level
JULY 10, 2020
US lawmakers have repeatedly raised security concerns over the app's Chinese ownership. Are US businesses next?
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JULY 9, 2020
More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows r evealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites.
erwin
JULY 9, 2020
Enterprise architecture plays a key role in the modern enterprise, so the average enterprise architect salary reflects the demand. In this post: Average Salary for an Enterprise Architect. What Does an Enterprise Architect Do? Enterprise Architect Salary Expectations. What’s Influencing Enterprise Architecture Salaries? The Tools Enterprise Architects Need to Thrive.
Data Breach Today
JULY 10, 2020
Malwarebytes: New Research Discloses Data Exfiltration Capability The Mac malware originally labeled as "EvilQuest," which researchers initially identified as a poorly designed ransomware variant, apparently is primarily an information stealer with ransomware-like elements designed to confuse security tools, according to the security firm Malwarebytes.
WIRED Threat Level
JULY 9, 2020
There's finally a way to get off of email lists with your privacy intact.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Security Affairs
JULY 8, 2020
Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability. Unfortunately, threat actors in the wild were already using the bypass technique before its public disclosure.
IT Governance
JULY 6, 2020
The number of UK businesses that have suffered cyber attacks has doubled in the past five years, according to a new report. Beaming’s Five Years in Cyber Security found that 1.5 million organisations fell victim to cyber crime in 2019. This equates to 25% of all UK businesses, compared to 13% in 2015. Phishing and malware were the most common tools for cyber crime – and the larger the organisation, the more likely they were to fall victim.
Data Breach Today
JULY 10, 2020
Bank Account Credentials Sell for an Average of $71, Report Finds Five billion unique user credentials are circulating on darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks, according to the security firm Digital Shadows.
WIRED Threat Level
JULY 7, 2020
A group dubbed "Cosmic Lynx" uses surprisingly sophisticated methods—and targets big game.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JULY 10, 2020
Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch XSS attacks.
Hunton Privacy
JULY 7, 2020
When compared to the EU or the U.S., China has lacked a comprehensive data protection and data security law that regulates in detail requirements and procedures relating to the collection, processing, control and storage of personal data. In recent years, China has seen developments on data protection both in legislation and in practice. Recently, another significant draft law on data security was issued by the Chinese legislative authority.
Data Breach Today
JULY 10, 2020
Fraudsters Using Fake Account Alerts to Steal Microsoft Credentials A recently uncovered phishing campaign is using spoofed Zoom account alerts to steal Microsoft Office 365 credentials, according to a report from Abnormal Security. These attacks come as use of the platform soars due to work-from-home arrangements.
Expert insights. Personalized for you.
305 
Let's personalize your content