Data Breach Today
DECEMBER 29, 2020
Both Strains of Malware Among Multiple Tactics Being Used by Supply Chain Attackers Software vendor SolarWinds has updated multiple versions of its Orion network-monitoring software to address the Sunburst backdoor that was added to its code, and to block Supernova malware that exploited a vulnerability in Orion. But incident response experts have warned that full cleanup may take years.
Dark Reading
DECEMBER 29, 2020
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Threatpost
DECEMBER 28, 2020
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.
Krebs on Security
DECEMBER 29, 2020
Today marks the 11th anniversary of KrebsOnSecurity! Thank you, Dear Readers, for your continued encouragement and support! With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. And it’s perhaps fitting that this was also a leap year, piling on an extra day to a solar rotation that most of us probably can’t wait to see in the rearview mirror.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
DECEMBER 30, 2020
Compromised Information Includes Phone Numbers and Call-Related Information T-Mobile on Tuesday began informing a portion of its customers that some of their mobile phone account information may have been compromised in a data breach that took place in early December. About 200,000 customers are affected.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Schneier on Security
DECEMBER 31, 2020
In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information. The protocol s/MIME (V3) allows signed receipts, security labels, and secure mailing lists… The underlying certificate used by s/MIME mechanism has to be in compliance with X.509 standard… The processing rules for s/MIM
WIRED Threat Level
DECEMBER 30, 2020
This year saw plenty of destructive hacking and disinformation campaigns—but amid a pandemic and a historic election, the consequences have never been graver.
Data Breach Today
DECEMBER 31, 2020
Nefilim Ransomware Gang Takes Responsibility, Posts Allegedly Stolen Data The major appliances giant Whirlpool acknowledges it was hit with a ransomware attack in November, with the cyber gang Nefilim taking responsibility for the cyber incident and claiming to have stolen company data.
Security Affairs
DECEMBER 31, 2020
Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since early December targeting public-facing services, including MySQL, Tomcat admin panel and Jenkins that are protected with weak passwords.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Threatpost
DECEMBER 30, 2020
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.
Hunton Privacy
DECEMBER 28, 2020
On December 24, 2020, the European Union and the United Kingdom reached an agreement in principle on the historic EU-UK Trade and Cooperation Agreement (the “Trade Agreement”). For data protection purposes, there is a further transition period of up to six months to enable the European Commission to complete its adequacy assessment of the UK’s data protection laws.
Data Breach Today
DECEMBER 29, 2020
Attackers Gained Access to Company's Network Through Remote, Overseas Servers Kawasaki Heavy Industries is reporting that an unknown threat actor gained access to its internal network through servers located in an overseas office, according to a company statement. The result: Some corporate data may have leaked to a third party.
Security Affairs
JANUARY 1, 2021
Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, it could be exploited by an attacker to login with administrative privileges and take over the networking devices. “Firmw
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
DECEMBER 29, 2020
2020 was a great year for ransomware gangs. For hospitals, schools, municipal governments, and everyone else, it’s going to get worse before it gets better.
Dark Reading
DECEMBER 31, 2020
Variety is the spice of life, and it's also the perfect analogy for the article topics that resonated most with Edge readers this past year.
Data Breach Today
DECEMBER 31, 2020
The Ticket Seller Used Credentials Supplied by a Competitor's Former Staffer Ticketmaster has agreed to pay a $10 million criminal fine to resolve charges that the company illegally accessed an unnamed competitor's computer system on at least 20 separate occasions, using stolen passwords to conduct a cyber espionage operation.
Security Affairs
DECEMBER 29, 2020
Japanese giant Kawasaki Heavy Industries discovered unauthorized access to a Japanese company server from multiple overseas offices. Kawasaki Heavy Industries disclosed a security breach, the company discovered unauthorized access to a Japanese company server from multiple overseas offices. Information from its overseas offices might have been stolen as a result of a security breach that took place earlier this year.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Troy Hunt
JANUARY 1, 2021
It's a new year! With lots of breaches to discuss already ? Ok, so these may not be 2021 breaches but I betcha that by next week's update there'll be brand new ones from the new year to discuss. I managed to get enough connectivity in the middle of the Australian outback in front of Uluru to do the live stream this week, plus talk a bunch more about what we've been doing on our epic Australian journey.
Adam Levin
DECEMBER 30, 2020
Hackers are using internet-connected home devices to livestream “swatting” attacks, according to the FBI. Swatting is a dangerous prank where emergency services are called to respond to a life threatening situation that requires immediate intervention by police and/or S.W.A.T. teams. In a public service announcement issued December 29, the FBI warned that “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.
Data Breach Today
DECEMBER 29, 2020
RiskIQ CEO Lou Manousos Details Lessons to Learn in Supply-Chain Attack Aftermath The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
Security Affairs
DECEMBER 28, 2020
The American multinational manufacturer and marketer of home appliances Whirlpool was hit by the Nefilim ransomware gang. The American multinational manufacturer and marketer of home appliances Whirlpool suffered a ransomware attack, Nefilim ransomware operators claim to have stolen data from the company and threaten to release the full dump if the company will not pay the ransom.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
WIRED Threat Level
DECEMBER 28, 2020
Phone calls. Web searches. Location tracks. Smart speaker requests. They’ve become crucial tools for law enforcement, while users often are unaware.
eSecurity Planet
DECEMBER 30, 2020
Irrespective of your organization’s size or complexity, a robust cybersecurity infrastructure is the key to protecting your network and data. But common problems prevail for IT staff monitoring or managing potential threats: a constant triage of alerts, dispersed information challenging to gather, and lack of time, tools, or resources to effectively protect your organization.
Data Breach Today
DECEMBER 28, 2020
RiskIQ CEO Lou Manousos on Lessons We Need to Learn From This Attack As CEO of RiskIQ, Lou Manousos has a unique view into the Internet Attack Surface Intelligence, Vulnerability & Analytics space. And he doesn't understate the significance of the SolarWinds breach, which he says hit both the nation and the cybersecurity community "hard.
Security Affairs
DECEMBER 31, 2020
The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products. The threat actors behind the SolarWinds attack could have compromised a small number of internal accounts and used at least one of them to view source code in a number of source code repositories. Shortly after the disclosure of the SolarWinds attack, Microsoft confirmed that it was one of the companies breached in the recent supply chain attack, but the IT giant de
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Threatpost
DECEMBER 29, 2020
David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses.
Dark Reading
DECEMBER 29, 2020
Eight cybersecurity leaders go deep on their most valuable (and very human) takeaways from a year like no other we've known.
Data Breach Today
DECEMBER 28, 2020
NCA: Now-Defunct Website Sold Access to 12 Billion Personal Records Police in the U.K. have arrested 21 people who were customers of the now-defunct WeLeakInfo website that provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches, according to Britain's National Crime Agency. Other investigations are still underway.
Expert insights. Personalized for you.
270 
Let's personalize your content