Dark Reading

OCTOBER 27, 2021

The latest facts and figures on the state of software supply chain security in the enterprise.

Security 112

Security 112

eSecurity Planet

OCTOBER 26, 2021

As threat actors aim at IT supply chains , enhanced cybersecurity has been the recent driving force for industry adoption of the Software Bill of Materials (SBOM) framework. With a simple list of components that make up a software product, SBOMs enhance transparency between software buyers and sellers, provide the necessary visibility to identify vulnerabilities , and enable rapid incident response.

Security 135

Security Risk Compliance Cybersecurity 135

Data Breach Today

OCTOBER 27, 2021

Why do so many HIPAA -covered entities and their vendors do such a poor job managing security risk and safeguarding patient's protected health information? Many critical factors come into play, say Roger Severino, ex- director of HHS OCR, and Bob Chaput, founder of security consultancy Clearwater.

Risk 287

Risk Security 287

Krebs on Security

OCTOBER 25, 2021

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.

Access 269

Access Ransomware Sales IT 269

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

OCTOBER 26, 2021

Our Public Key Infrastructure is booming but also under a strain that manual certificate management workflows are not keeping up with. Related: A primer on advanced digital signatures. PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce. With digital transformation leading to a boom in the use of digital certificates, our bedrock authentication and encryption framework is at an inflection point, where the demand and adoption

Digital transformation 230

Digital transformation Compliance Encryption Authentication 230

Data Breach Today

OCTOBER 25, 2021

Flaw in DarkSide and BlackMatter Enabled Security Firm to Decrypt Files for Free While ransomware might be today's top cybercrime boogeyman, attackers aren't infallible. The latest example: Errors in DarkSide - and its BlackMatter rebrand - enabled security experts to quietly decrypt many victims' files for free, saving millions in potential ransom payments.

Ransomware 331

Ransomware Security IT 331

Krebs on Security

OCTOBER 28, 2021

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, sh

Phishing 265

Phishing Information Security Security IT 265

The Last Watchdog

OCTOBER 25, 2021

When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home. Related: T-Mobile breach reflects rising mobile device attacks. For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

Energy and Utilities 214

Energy and Utilities Ransomware Access Security 214

IT Governance

OCTOBER 26, 2021

This Sunday is both Halloween and the end of National Cyber Security Awareness Month – and what better way to mark the occasion than with some cyber security horror stories? In this blog, we look at three ways in which fraudsters trick victims into handing over their sensitive data. Will you have nightmares over Evil Twins or be scared straight by phishing scams?

Security 143

Security Phishing Ransomware Security awareness 143

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Breach Today

OCTOBER 29, 2021

VMware’s Tom Kellermann on Defending Against Ransomware Attacks In ransomware attacks, cybercriminals attack through the backups because they know that security practitioners rely on backups to save themselves after a ransomware attack. Therefore, it is essential to have multiple backups, says Tom Kellermann, head of cybersecurity strategy at VMware.

Ransomware 299

Ransomware Cybersecurity Security IT 299

Security Affairs

OCTOBER 23, 2021

Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco SD-WAN is a cloud-delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate of

IT 144

IT Authentication Cloud Cybersecurity 144

The Last Watchdog

OCTOBER 28, 2021

Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “ 51% attacks ” resulting in the theft of over $30 million worth of cryptocurrency to date. Related: Wildland restores control of data to individuals. However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.

Blockchain 203

Blockchain Mining Security IT 203

DXC Technology

OCTOBER 27, 2021

Are you trying to introduce new ways of working and deliver new value to your business via cloud while having to cope with legacy technologies (which will potentially be around for years to come)? Are you trying to fit your old ways of working onto your new technologies? These are situations that we typically see, […]. The post Hybrid IT: Cloud and legacy tech must live together in peace appeared first on DXC Blogs.

Cloud 138

Cloud IT 138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

OCTOBER 25, 2021

The Rant of the Day From Ian Keller, Ericsson In his second Rant of the Day for the CyberEdBoard Profiles in Leadershop blog, Ian Keller, security director at Ericsson and CyberEdBoard executive member, talks about what a CISO does - and what a CISO should do.

Security 298

Security 298

Security Affairs

OCTOBER 26, 2021

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. The gang has been active since at least 2020, threat actors hit organizations from various industries. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2

Ransomware 144

Ransomware Manufacturing Access Phishing 144

eSecurity Planet

OCTOBER 26, 2021

Illumio today announced the launch of Illumio CloudSecure, an agentless solution designed to support zero trust security in public, hybrid, and multi-cloud environments. The new offering can be deployed on its own, or in combination with the company’s agent-based Illumio Core product. In an interview with eSecurity Planet , Illumio CTO and co-founder PJ Kirner said the company’s key focus is on segmenting enterprise environments to minimize potential damage from ransomware , malware

Cloud 133

Cloud Manufacturing Healthcare Risk 133

Threatpost

OCTOBER 29, 2021

Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.

128

128

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

OCTOBER 27, 2021

Rebranding Remains Easy for Ransomware Groups, While Affiliates Already Come and Go Will the notorious ransomware operation known as REvil, aka Sodinokibi, reboot yet again after someone apparently messed with its infrastructure? Experts suggest that the operation's brand is burned, and administrators will launch a new group. Many affiliates, meanwhile, already work with multiple groups.

IT 308

IT Ransomware 308

Security Affairs

OCTOBER 23, 2021

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular library has million of weekly downloads. “Versions of a popular NPM package named ua-parser-js was found to contain malicious code.

Mining 145

Mining Libraries Cybersecurity Security 145

IT Governance

OCTOBER 26, 2021

Welcome to our third quarterly review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of cyber attacks and data breaches. In this article, you’ll find an overview of the cyber security landscape from the past three months, including the latest statistics and our observations. This includes year-on-year comparisons in the number of publicly disclosed incidents, a review of the most breached sectors and a running total of incidents for

Data breaches 125

Data breaches Retail Government Ransomware 125

Robert's Db2

OCTOBER 29, 2021

Recently there has been important news regarding no-charge IBM tools for application developers and for database administrators who work with Db2 for z/OS. This news has to do with strategic replacements for the development and administration features of IBM Data Studio and IBM Data Server Manager in a Db2 for z/OS environment. I want to use this blog entry to highlight two newer offerings in the no-charge IBM Db2 for z/OS tools space.

Analytics 119

Analytics IT Access 119

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Data Breach Today

OCTOBER 25, 2021

Move by Colonial Pipeline Attackers Follows Law Enforcement Action Against REvil Following an outage of the REvil - aka Sodinokibi - ransomware operation due to coordinated law enforcement efforts involving the U.S. and foreign partners, the operators behind DarkSide ransomware have moved Bitcoin worth almost $7 million to multiple new wallets, making it more difficult to track.

Ransomware 309

Ransomware IT 309

Security Affairs

OCTOBER 27, 2021

Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their leak site. Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data. The NRA was added to the list of compromised organizations on the leak site of the group, that gang also published a set of documents as proof of the hack.

Ransomware 140

Ransomware Government IT Security 140

Schneier on Security

OCTOBER 28, 2021

Microsoft is reporting that the same attacker that was behind the SolarWinds breach — the Russian SVR, which Microsoft is calling Nobelium — is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.

Cloud 123

Cloud Access IT 123

DLA Piper Privacy Matters

OCTOBER 27, 2021

The case of Dr Mary Fairhurst -v- Mr Jon Woodard illustrates the risks associated with the installation of security cameras and why it is vital to ensure a lawful basis for capturing and processing such images exists. Our article on this recent English court case is available by clicking here.

Risk 119

Risk Security IT 119

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Data Breach Today

OCTOBER 28, 2021

Security Experts: 'Grief' Ransomware Gang Leaks Alleged NRA Data on Darknet The National Rifle Association has reportedly fallen victim to a ransomware attack at the hands of a Russian cybercriminal gang known as Grief. The group has reportedly posted 13 files to its website after claiming to have hacked the gun rights advocacy group.

Ransomware 276

Ransomware Security IT 276

Security Affairs

OCTOBER 24, 2021

Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns. A “phishing kit” is a set of software or services aimed at facilitating phishing campaigns, In most cases a phishing kit is an archive file containing images, scripts, and HTML pages that allow threat actors to creat a phishing

Phishing 141

Phishing Archiving Sales Passwords 141

Schneier on Security

OCTOBER 27, 2021

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation.

Privacy 122

Privacy 122