Threatpost

SEPTEMBER 6, 2021

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.

IoT 130

IoT Mining 130

eSecurity Planet

SEPTEMBER 10, 2021

In a year where ransomware has raised the alert levels everywhere, the go-to answer from many is redundancy through offline, remote backups – but are they enough? Backups are a critical component of any enterprise cybersecurity posture, but they are not an airtight strategy. Like any other digital machine, backup systems are vulnerable to data loss and compromise.

Ransomware 120

Ransomware Encryption Cybersecurity Access 120

Troy Hunt

SEPTEMBER 9, 2021

111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence. We've all since watched enough crime shows to understand that fingerprints are unique personal biometric attributes and to date, no two people have ever been found to have a matching set. As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication.

Authentication 132

Authentication Passwords Data breaches Phishing 132

Krebs on Security

SEPTEMBER 8, 2021

Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

Security 348

Security IT 348

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

SEPTEMBER 6, 2021

Revenue, Size, Geography and Level of Access Help Determine Sale Price for Access The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based business with at least $100 million in revenue, not operating in the healthcare or education sector, with remote access available via remote desktop protocol or VPN credentials, threat intelligence firm Kela reports.

Ransomware 345

Ransomware Sales Education Access 345

Security Affairs

SEPTEMBER 9, 2021

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as M?ris. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown.

IoT 145

IoT IT Security Cybersecurity 145

Krebs on Security

SEPTEMBER 10, 2021

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.

IoT 309

IoT Manufacturing IT Security 309

Data Breach Today

SEPTEMBER 8, 2021

Workarounds Detailed to Block Active Attack; Microsoft Has Yet to Release Patches Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available. Microsoft has issued workarounds and mitigations designed to block the zero-day attack for the flaw in the MSHTML browsing engine, which is being exploited via malicious Microsoft Office documents.

344

344

eSecurity Planet

SEPTEMBER 10, 2021

Palo Alto Networks (PANW) is bringing its enterprise-class security to small business and home markets with Okyo , a Wi-Fi 6 hardware device announced today. At $349 a year, the security and router system seems attractively priced for small businesses and companies looking to secure remote workers , who have surged in number since the start of the Covid pandemic 18 months ago.

Marketing 138

Marketing Cybersecurity Phishing Ransomware 138

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

SEPTEMBER 6, 2021

A Russian man accused of being a member of the infamous TrickBot gang was arrested while trying to leave South Korea. A Russian man accused of being a member of the TrickBot gang was arrested last week at the Seoul international airport. The man has remained stuck in the Asian country since February 2020 due to the COVID-19 lockdown imposed by the local government and the cancelation of international travel.

Ransomware 144

Ransomware Government IT Security 144

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of

Phishing 262

Phishing IT Passwords Cloud 262

Data Breach Today

SEPTEMBER 8, 2021

Experts Say Social Engineering Continues to Drive Illicit Activity The U.S. SEC in a new advisory warns against schemes targeting digital assets. Security experts say that with social engineering attempts on the rise, individuals and organizations must defend against related scams and other "get rich quick" schemes.

Security 333

Security 333

eSecurity Planet

SEPTEMBER 7, 2021

Zero day threats can be the source of some of the most dangerous kinds of cyberattacks. Zero day attacks take advantage of vulnerabilities that haven’t been discovered or are not publicly known yet. One of the things that makes these threats so dangerous is that they often come without warning, posing a huge risk to the companies or individuals at stake.

Risk 138

Risk Cybersecurity Ransomware Security 138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Troy Hunt

SEPTEMBER 6, 2021

For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API. Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them.

Government 133

Government Data breaches Information Security Access 133

Security Affairs

SEPTEMBER 5, 2021

Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it. Pacific City Bank is an American community bank that focuses on the Korean-American community based in California and offers commercial banking services. The bank was hit by AVOS Locker Ransomware operators who claim to have stolen sensitive documents from the financial institution.

Ransomware 137

Ransomware Financial Services Archiving Security 137

Data Breach Today

SEPTEMBER 4, 2021

Flaws Fixed, Mitigations Issued for Discontinued Devices SEC Consult reportedly found multiple vulnerabilities in Moxa devices used in critical infrastructures including railways, manufacturing, cellular and heavy industries. Moxa has confirmed patching 60 vulnerabilities in its latest firmware update and issued mitigation advice for discontinued devices.

Manufacturing 335

Manufacturing IT 335

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. For many organizations, the idea of storing data or running applications on infrastructure that they do not manage directly seems inherently insecure. CloudPassage’s 2021 AWS Cloud Security Report found that misconfiguration of cloud platforms (71 percent), exfiltration of sensitive data (59 percent), and insecure APIs (54 percent) are the top cloud secu

Cloud 132

Cloud Security Encryption Risk 132

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Hunton Privacy

SEPTEMBER 9, 2021

On August 19, 2021, the Belgian Council of State confirmed a decision of the regional Flemish Authorities to contract with an EU branch of a U.S. company using Amazon Web Services (“AWS”). The decision was made in the context of a tender granted by the Flemish Authorities to a company that used AWS cloud services. An unsuccessful tender participant had challenged the outcome of the tender process before the Council of State, deploying several arguments, including that a lack of appropriate safeg

Encryption 127

Encryption GDPR Personal data Cloud 127

Security Affairs

SEPTEMBER 8, 2021

Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the threat actors.

Risk 139

Risk Security IT Cybersecurity 139

Data Breach Today

SEPTEMBER 8, 2021

Classes Canceled as the University's IT Staff Repairs Damage Howard University canceled classes Tuesday in the wake of a ransomware attack it first detected on Friday, the university has announced. There is no evidence the attackers accessed or exfiltrated personal information, the school says.

Ransomware 323

Ransomware Access IT 323

eSecurity Planet

SEPTEMBER 8, 2021

A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security controls and gain unauthorized access to sensitive data. Researchers with JFrog Security uncovered the vulnerability, CVE-2021-40346, during their regular searches for new and previously unknown vulnerabilities in popular open-source projects.

Authentication 124

Authentication Security Access Cloud 124

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

IT Governance

SEPTEMBER 8, 2021

Organisations that adopted hybrid working during the pandemic have had to adjust many policies and processes, but one that they may have overlooked is their CIR (cyber incident response) plan. Before the pandemic, you could safely assume that most employees were based in the office and therefore a controlled environments. That made planning for disruptions comparatively straightforward: you knew where everyone was located, you had complete visibility over your threat landscape and you could comm

Communications 120

Communications Risk Education Compliance 120

Security Affairs

SEPTEMBER 8, 2021

A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis. A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis from the CITY4U website. The hacker is offering the data for sale, but did not disclose the price for the complete archive.

Sales 142

Sales Archiving Security IT 142

Data Breach Today

SEPTEMBER 8, 2021

NZ CERT: Intermittent Disruptions at Financial Organizations New Zealand's Computer Emergency Response Team says it is aware of ongoing distributed denial-of-service attacks that have disrupted services at several organizations in the country, including some financial institutions and the national postal service.

IT 319

IT 319

eSecurity Planet

SEPTEMBER 9, 2021

In the latest lesson about the importance of patching , the credentials for 87,000 Fortinet FortiGate VPNs have been posted on a dark web forum by hackers. Fortinet confirmed the veracity of the hackers’ claims in a blog post today. The network security vendor said the credentials were stolen from systems that remain unpatched against a two-year-old vulnerability – CVE-2018-13379 – or from users who patched that vulnerability but failed to change passwords.

Passwords 117

Passwords Authentication Cybersecurity Security 117

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

The Guardian Data Protection

SEPTEMBER 8, 2021

Exclusive: national and local governments using targeted ads on search engines and social media A new form of “influence government”, which uses sensitive personal data to craft campaigns aimed at altering behaviour has been “supercharged” by the rise of big tech firms, researchers have warned. National and local governments have turned to targeted advertisements on search engines and social media platforms to try to “nudge” the behaviour of the country at large, the academics found.

Government 116

Government Personal data Privacy 116

Security Affairs

SEPTEMBER 10, 2021

Microsoft has fixed the Azurescape issue, a flaw in Azure Container Instances that allows to take over containers of other platform users. Microsoft has addressed a vulnerability in Azure Container Instances (ACI) called Azurescape that could have allowed a malicious container to take over containers belonging to other users. An attacker could exploit the vulnerability to execute commands in the containers of other users and access to their data.

Access 143

Access Security IT Information Security 143

Data Breach Today

SEPTEMBER 10, 2021

Threat Actors Offered Credentials for UN's ERP Software; NATO Hit as Well The United Nations says on Thursday that its networks were accessed by intruders earlier this year, which lead to follow-on intrusions. Cybercrime analysts say they warned the agency when access credentials to a U.N. enterprise resource planning software system were seen offered for sale.

IT 317

IT Sales Access 317