Sat.Oct 23, 2021 - Fri.Oct 29, 2021

article thumbnail

6 Eye-Opening Statistics About Software Supply Chain Security

Dark Reading

The latest facts and figures on the state of software supply chain security in the enterprise.

Security 112
article thumbnail

SBOMs: Securing the Software Supply Chain

eSecurity Planet

As threat actors aim at IT supply chains , enhanced cybersecurity has been the recent driving force for industry adoption of the Software Bill of Materials (SBOM) framework. With a simple list of components that make up a software product, SBOMs enhance transparency between software buyers and sellers, provide the necessary visibility to identify vulnerabilities , and enable rapid incident response.

Security 135
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why Healthcare Entities Fall Short Managing Security Risk

Data Breach Today

Why do so many HIPAA -covered entities and their vendors do such a poor job managing security risk and safeguarding patient's protected health information? Many critical factors come into play, say Roger Severino, ex- director of HHS OCR, and Bob Chaput, founder of security consultancy Clearwater.

Risk 285
article thumbnail

Conti Ransom Gang Starts Selling Access to Victims

Krebs on Security

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.

Access 275
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

SHARED INTEL: Automating PKI certificate management alleviates outages caused by boom

The Last Watchdog

Our Public Key Infrastructure is booming but also under a strain that manual certificate management workflows are not keeping up with. Related: A primer on advanced digital signatures. PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce. With digital transformation leading to a boom in the use of digital certificates, our bedrock authentication and encryption framework is at an inflection point, where the demand and adoption

More Trending

article thumbnail

Memo to Ransomware Victims: Seeking Help May Save You Money

Data Breach Today

Flaw in DarkSide and BlackMatter Enabled Security Firm to Decrypt Files for Free While ransomware might be today's top cybercrime boogeyman, attackers aren't infallible. The latest example: Errors in DarkSide - and its BlackMatter rebrand - enabled security experts to quietly decrypt many victims' files for free, saving millions in potential ransom payments.

article thumbnail

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, sh

Phishing 271
article thumbnail

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

The Last Watchdog

When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home. Related: T-Mobile breach reflects rising mobile device attacks. For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

article thumbnail

German investigators identify crypto millionaire behind REvil operations

Security Affairs

German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the REvil ransomware gang. REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds of organizations worldwide. On July 2, the gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers, it asked $70 million worth of Bitcoin for decrypting all impacted systems.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Enterprise Backups Are Becoming Targets for Cybercriminals

Data Breach Today

VMware’s Tom Kellermann on Defending Against Ransomware Attacks In ransomware attacks, cybercriminals attack through the backups because they know that security practitioners rely on backups to save themselves after a ransomware attack. Therefore, it is essential to have multiple backups, says Tom Kellermann, head of cybersecurity strategy at VMware.

article thumbnail

Cyber security horror stories to scare you this Halloween

IT Governance

This Sunday is both Halloween and the end of National Cyber Security Awareness Month – and what better way to mark the occasion than with some cyber security horror stories? In this blog, we look at three ways in which fraudsters trick victims into handing over their sensitive data. Will you have nightmares over Evil Twins or be scared straight by phishing scams?

Security 144
article thumbnail

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

The Last Watchdog

Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “ 51% attacks ” resulting in the theft of over $30 million worth of cryptocurrency to date. Related: Wildland restores control of data to individuals. However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.

article thumbnail

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular library has million of weekly downloads. “Versions of a popular NPM package named ua-parser-js was found to contain malicious code.

Mining 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Troublemaker CISO: Do You Know What You Should Be Doing?

Data Breach Today

The Rant of the Day From Ian Keller, Ericsson In his second Rant of the Day for the CyberEdBoard Profiles in Leadershop blog, Ian Keller, security director at Ericsson and CyberEdBoard executive member, talks about what a CISO does - and what a CISO should do.

Security 299
article thumbnail

Hybrid IT: Cloud and legacy tech must live together in peace

DXC Technology

Are you trying to introduce new ways of working and deliver new value to your business via cloud while having to cope with legacy technologies (which will potentially be around for years to come)? Are you trying to fit your old ways of working onto your new technologies? These are situations that we typically see, […]. The post Hybrid IT: Cloud and legacy tech must live together in peace appeared first on DXC Blogs.

Cloud 138
article thumbnail

Illumio Unveils CloudSecure for Zero Trust Segmentation in the Cloud

eSecurity Planet

Illumio today announced the launch of Illumio CloudSecure, an agentless solution designed to support zero trust security in public, hybrid, and multi-cloud environments. The new offering can be deployed on its own, or in combination with the company’s agent-based Illumio Core product. In an interview with eSecurity Planet , Illumio CTO and co-founder PJ Kirner said the company’s key focus is on segmenting enterprise environments to minimize potential damage from ransomware , malware

Cloud 132
article thumbnail

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Security Affairs

Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco SD-WAN is a cloud-delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate of

IT 144
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

REvil's Cybercrime Reputation in Tatters - Will It Reboot?

Data Breach Today

Rebranding Remains Easy for Ransomware Groups, While Affiliates Already Come and Go Will the notorious ransomware operation known as REvil, aka Sodinokibi, reboot yet again after someone apparently messed with its infrastructure? Experts suggest that the operation's brand is burned, and administrators will launch a new group. Many affiliates, meanwhile, already work with multiple groups.

IT 306
article thumbnail

Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App

Threatpost

Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.

128
128
article thumbnail

Data breaches and cyber attacks quarterly review: Q3 2021

IT Governance

Welcome to our third quarterly review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of cyber attacks and data breaches. In this article, you’ll find an overview of the cyber security landscape from the past three months, including the latest statistics and our observations. This includes year-on-year comparisons in the number of publicly disclosed incidents, a review of the most breached sectors and a running total of incidents for

article thumbnail

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. The gang has been active since at least 2020, threat actors hit organizations from various industries. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

DarkSide Transfers $7 Million Worth of Bitcoin

Data Breach Today

Move by Colonial Pipeline Attackers Follows Law Enforcement Action Against REvil Following an outage of the REvil - aka Sodinokibi - ransomware operation due to coordinated law enforcement efforts involving the U.S. and foreign partners, the operators behind DarkSide ransomware have moved Bitcoin worth almost $7 million to multiple new wallets, making it more difficult to track.

article thumbnail

Update on No-Charge IBM Tools for Db2 for z/OS

Robert's Db2

Recently there has been important news regarding no-charge IBM tools for application developers and for database administrators who work with Db2 for z/OS. This news has to do with strategic replacements for the development and administration features of IBM Data Studio and IBM Data Server Manager in a Db2 for z/OS environment. I want to use this blog entry to highlight two newer offerings in the no-charge IBM Db2 for z/OS tools space.

Analytics 119
article thumbnail

More Russian SVR Supply-Chain Attacks

Schneier on Security

Microsoft is reporting that the same attacker that was behind the SolarWinds breach — the Russian SVR, which Microsoft is calling Nobelium — is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.

Cloud 122
article thumbnail

TodayZoo phishing kit borrows the code from other kits

Security Affairs

Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns. A “phishing kit” is a set of software or services aimed at facilitating phishing campaigns, In most cases a phishing kit is an archive file containing images, scripts, and HTML pages that allow threat actors to creat a phishing

Phishing 140
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

PHI Stolen in Practice Management Firm's Ransomware Attack

Data Breach Today

Incident Is Among Latest Involving Healthcare Supply Chain Vendors A ransomware attack on a medical practice management services firm that included the theft of files containing patient information is among the latest security incidents involving similar third-party vendors.

article thumbnail

UK: CCTV and surveillance – when things go wrong

DLA Piper Privacy Matters

The case of Dr Mary Fairhurst -v- Mr Jon Woodard illustrates the risks associated with the installation of security cameras and why it is vital to ensure a lawful basis for capturing and processing such images exists. Our article on this recent English court case is available by clicking here.

Risk 119
article thumbnail

How the FBI Gets Location Information

Schneier on Security

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation.

Privacy 121