Tue.Nov 22, 2022

Apple’s Device Analytics Can Identify iCloud Users

Schneier on Security

Data Breach Misattribution, Acxiom & Live Ramp

Troy Hunt

If you find your name and home address posted online, how do you know where it came from? Let's assume there's no further context given, it's just your legitimate personal data and it also includes your phone number, email address. and over 400 other fields of data.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management.

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP).

B2B 106

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks

Dark Reading

Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks

How to hack an unpatched Exchange server with rogue PowerShell code

Naked Security

Review your servers, your patches and your authentication policies - there's a proof-of-concept out. Microsoft Uncategorized Vulnerability 0 day :ProxyNotShell CVE-2022-41040 CVE-2022-41082 Zero Day

More Trending

Ransomware gang repents for spreading ransomware to AirAsia

CyberSecurity Insiders

Daixin, the Ransomware spreading group that hacked into the servers of AirAsia now seems to repent for its deeds, as it released a press statement that confirms that the victimized firm’s IT infrastructure, staff, and security are so poorly aligned that the said group of cyber criminals do not want to strike the same victim twice.

Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps

Dark Reading

Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price

89

Researcher warns that Cisco Secure Email Gateways can easily be circumvented

Security Affairs

A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails.

Russian Killnet targets UK Royal Family websites

CyberSecurity Insiders

Killnet, the hacking group that works for Russian interests, is targeting UK’s Royal Family websites from the past few days. The attacks are of ‘Distributed Denial of Service (DDoS)’ variant and supposedly seem to take revenge digitally.

DDOS 87

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

DraftKings Account Takeovers Frame Sports-Betting Cybersecurity Dilemma

Dark Reading

Cybercrooks have drained DraftKings accounts of $300K in the past few days thanks to credential stuffing, just as the 2022 FIFA World Cup starts up

Emotet is back and delivers payloads like IcedID and Bumblebee

Security Affairs

The Emotet malware is back and experts warn of a high-volume malspam campaign delivering payloads like IcedID and Bumblebee.

Stories from the SOC – Phishing for credentials

CyberSecurity Insiders

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers. Executive summary. Humans are considered the weakest link in cybersecurity.

Qualys QSC Wrap-Up: Risk and Simplicity

Security Boulevard

For many organizations, the complexity of security and compliance is still beyond their reach. Also, striking a balance between security and people, process and technology versus the risk/reward was something that both security leaders and business leaders need to confront and deal with every day.

Risk 83

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Ducktail Cyberattackers Add WhatsApp to Facebook Business Attack Chain

Dark Reading

The Vietnam-based financial cybercrime operation's primary goal is to push out fraudulent ads via compromised business accounts

Spring Labs TrueZero enables companies to exchange sensitive data without revealing PII

Security Boulevard

Spring Labs TrueZero enables companies to exchange sensitive data without revealing PII. Spring Labs launched TrueZero, a tokenization service that enables companies to exchange information with other financial institutions without ever revealing the underlying sensitive data.

10 Ways to spot a phishing attempt

CyberSecurity Insiders

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Phishing attacks are becoming more and more common, and they're only getting more sophisticated.

Surge of Fake FIFA World Cup Streaming Sites Targets Virtual Fans

Security Boulevard

Zscaler ThreatLabz is always on the lookout for threat actors trying to take advantage of major world news and events.

Scams 83

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

UK populace should be extra cautious about Cyber Frauds in this Christmas season

CyberSecurity Insiders

UK Populace has reportedly lost £1000 last year on an average and the figure is said to double up this year, as Christmas shopping period has arrived a week before.

The US Has a Bomb-Sniffing Dog Shortage

WIRED Threat Level

Finding high-quality detection canines is hard enough—and the pandemic only dug a deeper hole. Security Security / National Security

77

Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations

Dark Reading

To get the full picture, companies need to look into the cybersecurity history and practices of the business they're acquiring

What’s NEXT with Michael Ebel at Atmosfy

Cisco CSR

Throughout my career, I have noticed the way we “futurize” technology. Often, we are thinking of technology in five-to-ten-year increments. But the fact of the matter is – technology is moving faster than we can keep up. The minute we think we understand it, it’s already onto something new.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

The Hunt for the Dark Web’s Biggest Kingpin, Part 5: Takedown

WIRED Threat Level

After months of meticulous planning, investigators finally move in to catch AlphaBay’s mastermind red-handed. Then the case takes a tragic turn. Backchannel Security Security / Cyberattacks and Hacks

Adversarial AI Attacks Highlight Fundamental Security Issues

Dark Reading

An AI's "world" only includes the data on which it was trained, so it otherwise lacks context — opening the door for creative attacks from cyber adversaries

72

Ouch! Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked company’s network

Graham Cluley

The Daixin ransomware gang has given a humiliating slap in the face to Air Asia, which lost the personal data of five million passengers and all of its employees earlier this month. Data loss Malware Ransomware airline ransomware

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Security Affairs

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022.

How Work From Home Shaped the Road to SASE for Enterprises

Dark Reading

As SASE adoption grows, with its allure of simplified protection via one network and security experience for hybrid workers, remember: Have an overall plan, integrate and migrate to scale usage, and start small

68

Adapt and overcome: What the story of the Tardigrade can teach us about resilience

Cisco CSR

When you think about the most resilient creatures in the animal kingdom, what comes to mind? Perhaps the camel, which can survive for 6 months with no food or water. Or maybe it’s the honey badger, which tends to drink snake venom like cranberry juice. Or how about the immortal jellyfish?

Risk 67

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Security Affairs

Two Estonian citizens were arrested in Tallinn for allegedly running a $575 million cryptocurrency fraud scheme. Two Estonian nationals were arrested in Tallinn, Estonia, after being indicted in the US for running a fraudulent cryptocurrency Ponzi scheme that caused more than $575 million in losses.

Cyberattacks Ramp Up in Arab Countries for World Cup

SecureWorld News

While a lot of the world's collective eyes are on the pitch in Qatar for the FIFA World Cup 2022, cybersecurity professionals are keeping their eyes on an uptick in cyberattacks against organizations in Arab countries.

Hackers breach energy orgs via bugs in discontinued web server

Bleeping Computer

Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. [.]. Security Microsoft

94

How Tech Companies Can Slow Down Spike in Breaches

Dark Reading

Cybercrime continues to evolve — and shows no signs of slowing down