Wed.Jul 28, 2021

De-anonymization Story

Schneier on Security

Data breach costs hit record high due to pandemic

Tech Republic Security

The average cost of a data breach among companies surveyed for IBM Security reached $4.24 million per incident, the highest in 17 years

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers

The Hacker News

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems.

114
114

Accelerate Open Banking Innovation with These 7 Data Capabilities

Security Boulevard

Accelerate Open Banking Innovation with These 7 Data Capabilities. michelle. Wed, 07/28/2021 - 12:34. The inability to automate data impedes time to market with open APIs and banking features at over half of Europe’s banks, according to new research. Kobi Korsah. Jul 28, 2021.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M

Security Affairs

The ‘Cost of a Data Breach’ report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 million during the COVID19 pandemic.

How to review password quality in Active Directory

CSO Magazine

More applications and devices are using password repositories to check on password reuse. When you log into your iPhone for example, it now alerts you that passwords you saved in your iCloud keychain may have been reused in other places.

More Trending

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

CSO Magazine

What is D3FEND? D3FEND is a new schema released by Mitre last month to establish a common language to help cyber defenders share strategies and methods. It is a companion project to the company’s ATT&CK framework. While complementary, the two projects are very different.

CSO 106

Hackers Cyber Attack UK Aerospace Company by posing a beautiful Aerobics instructor

CyberSecurity Insiders

According to a report from Sky News, a UK based Aerospace company was targeted by a phishing attack, where a top official from the company was befriended by an Iranian hacker in disguise of a beautiful Aerobics Instructor named Marcella Flores.

How the Dark Web enables access to corporate networks

Tech Republic Security

The number of ads selling access to corporate networks has continued to increase from 2019 to 2020 and into 2021, says Positive Technologies

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs

BlackMatter ransomware gang, a new threat actor appears in the threat landscape and claims to combine TTPs of Darkside and REvil. BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor of Darkside and REvil groups.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

Whether perceived or real, a lack of understanding about blockchain technology has slowed the adoption of advanced distributed database technology in the past decade.

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

The Hacker News

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign.

BrandPost: Cloud Workload Security: The Importance of Network Data

CSO Magazine

Cloud workloads, deployed into highly dynamic environments, typically use and coexist with a wide range of cloud providers and third-party platforms and services.

Top 5 Benefits of Cloud Infrastructure Security 

Security Boulevard

How is Cloud Infrastructure Security Important for an Organization? Embracing new technologies lead to qualitative growth but simultaneously holds high chances of quantitative data breaches.

8 Security Tools to be Unveiled at Black Hat USA

Dark Reading

Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more

5 Trends in Computer Science Research

Security Boulevard

We are in the digital age where our lives depend on the internet of things. A career in computer science attracts the highest starting points in salaries. Career opportunities are numerous and this gives the experts a wide range of choice for computer experts.

Upgrade to BIG Iron for better Cloud, AI and security support on IBM

CyberSecurity Insiders

The Big Iron OS of IBM was upgraded a short while ago to address all issues related to provisioning and use of Linux applications and utilities.

Colonial Pipeline Hinted at Critical Infrastructure Threat

Security Boulevard

The long gas lines, panic buying and price spikes are fading into memory. But the ransomware attack in early May 2021 on the largest fuel pipeline in the U.S. must continue to drive urgent action by the industry and policymakers to protect the nation’s key infrastructure.

IoT 94

FBI, CISA Reveal Most Exploited Vulnerabilities

eSecurity Planet

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) joined counterparts in the UK and Australia today to announce the top 30 vulnerabilities exploited since the start of the pandemic.

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Security Affairs

A China-linked cyberespionage group, tracked as PKPLUG, employed a previously undocumented strain of a RAT dubbed THOR in recent attacks.

Why You Need to Get Serious About Multi-Factor Authentication

Security Boulevard

Multi-factor authentication (MFA) is one step which everyone should be taking to add an extra layer of security to account logins. The post Why You Need to Get Serious About Multi-Factor Authentication appeared first on Security Boulevard. Security Bloggers Network

Most Twitter users haven’t enabled 2FA yet, report reveals

We Live Security

Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option. The post Most Twitter users haven’t enabled 2FA yet, report reveals appeared first on WeLiveSecurity

89

UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild

The Hacker News

An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021.

Booking your next holiday? Watch out for these Airbnb scams

We Live Security

With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation. The post Booking your next holiday? Watch out for these Airbnb scams appeared first on WeLiveSecurity. Cybersecurity

Scams 86

Microsoft researcher found Apple 0-day in March, didn’t report it

Naked Security

Ut tensio, sic uis! Does twice the bug pile on twice the pressure to fix it? Apple Microsoft Vulnerability disclosure Exploit vulnerability

84

As Time to Fix Flaws Ticks Up, Mitigation Efforts Fall Short

Security Boulevard

Each month in 2021, NTT Application Security has been tracking the state of application security and the threat landscape, paying particular attention to the window of exposure (WoE), vulnerability by class and time to fix.

Critical Microsoft Hyper-V bug could haunt orgs for a long time

Bleeping Computer

Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment. [.]. Security

114
114

What is Malware? How to Prevent & the Different Types

Security Boulevard

With so much news about malware, organizations everywhere are working to protect their systems, networks, software, and devices from infection. However, many are still primarily relying on detection-based solutions that malware can easily evade.

Hybrid work is here to stay – but what does that mean for cybersecurity?

Cisco Retail

It’s a Monday morning and you’re opening up your laptop to start another week of work. Your weekly team meeting pops up on your calendar and you sigh as you set down your cup of coffee to join the conference call. The usual chatter of “How was your weekend?”

DNS 114

How to cyber security: Addressing security fatigue

Security Boulevard

Addressing security fatigue with small changes to your AppSec strategy can help you manage and minimize risks in your applications. . The post How to cyber security: Addressing security fatigue appeared first on Software Integrity Blog.

How I Lost the SecurityTrails #ReconMaster Contest, and How You Can Win: Edge-Case Recon Ideas

SecurityTrails

A while back, SecurityTrails announced that they would be running a contest dubbed "Recon Master". The aim of the game is to find hostnames that resolve to an IPv4 address that are not already found by SecurityTrails.

111
111

The Olympics: a timeline of scams, hacks, and malware

Malwarebytes

The 2020 Olympics are, after a bit of a delayed start , officially in full swing. So too is the possibility for scammers to crawl out of the woodwork.

Scams 110

BlackMatter & Haron: Evil Ransomware Newborns or Rebirths

Threatpost

They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling. Malware News Web Security

Northern Ireland suspends vaccine passport system after data leak

Bleeping Computer

Northern Ireland's Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification web service and mobile apps following a data exposure incident. [.]. Security

Mobile 108

LockBit Ransomware Is Now Encrypting Windows Domains

Heimadal Security

The LockBit ransomware was launched in September 2019 as a ransomware-as-a-service.