Sat.Apr 30, 2022 - Fri.May 06, 2022

New Sophisticated Malware

Schneier on Security

Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth.

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Krebs on Security

Image: Proxima Studios, via Shutterstock.

Media 227
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Weekly Update 294

Troy Hunt

It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing.

IoT 217

GUEST ESSAY: A primer on Biden’s moves to protect U.S. water facilities from cyber attacks

The Last Watchdog

Potable water and wastewater management is a top priority for cybersecurity professionals and the Biden administration alike. With new regulations and funding, companies must find the best way to implement and manage cybersecurity to protect these systems. Related: Keeping critical systems patched.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Using Pupil Reflection in Smartphone Camera Selfies

Schneier on Security

199
199

Scam Alert: Impersonating Law Enforcement, Doxxing and Swatting

Lohrman on Security

Criminals are using stolen information to imitate the police and scam both companies and individuals. Here’s what you need to know

Scams 166

More Trending

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

Ransomware? I think you may have heard of it, isn’t the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. Related: Make it costly for cybercriminals. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Risk 161

15.3 Million Request-Per-Second DDoS Attack

Schneier on Security

Cloudflare is reporting a large DDoS attack against an unnamed company “operating a crypto launchpad.” ” While this isn’t the largest application-layer attack we’ve seen , it is the largest we’ve seen over HTTP S.

DDOS 178

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco CSR

Customers globally are requesting – and often requiring – SaaS providers to demonstrate their commitment to security, availability, confidentiality, and privacy. While attaining global security certifications has become table-stakes for many to do business, it’s no easy feat.

Retail 114

What’s behind the record?high number of zero days?

We Live Security

Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity. The post What’s behind the record‑high number of zero days? appeared first on WeLiveSecurity.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Unstructured Data and What it Means for GDPR Compliance

Security Boulevard

Back on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect, meaning all organizations that offer goods or services to European Union residents, or collect consumer data within the region, are now required to comply with the regulation.

Analysis on recent wiper attacks: examples and how wiper malware works

CyberSecurity Insiders

Executive summary. 2022 has experienced an increase in the number of wiper variants targeting Ukrainian entities.

Cisco StarOS Forensic Guide Published

Cisco CSR

Cisco is pleased to announce a new addition to the Forensic Investigation Procedures for First Responders series of documents that will help customers and partners triage Cisco products that are suspected of being tampered with or compromised.

Retail 106

SolarWinds Attackers Gear Up for Typosquatting Attacks

Dark Reading

The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say

104
104

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

OSINT: The privacy risks of sharing too much information

Security Boulevard

In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough.

Risk 108

Microsoft confirms Russian Cyber Attacks on Ukraine coincided with Military Strikes

CyberSecurity Insiders

Microsoft’s Digital Security Unit has confirmed that Russian cyber attacks on Ukraine were timed in such a way that they coincided with the timing of military strikes.

Android monthly updates are out – critical bugs found in critical places!

Naked Security

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more. Android Google Vulnerability critical Patch update vulnerability

102
102

AI for Cybersecurity Shimmers With Promise, but Challenges Abound

Dark Reading

Companies see AI-powered cybersecurity tools and systems as the future, but at present nearly 90% of them say they face significant hurdles in making use of them

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

AppSec Champions Bring Security Front and Center

Security Boulevard

Twenty years ago, Bill Gates foresaw the security threats looming as new technologies were introduced and threat actors were ramping up their efforts. He urged for including security development at every stage of the software life cycle in his company’s products.

CISO 107

Insider Threat alert as school district employee mines cryptocurrency without permission

CyberSecurity Insiders

A Texas school district has hit Google headlines as one of its employees was caught mining cryptocurrency without permission of the school management or the government officials.

Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector

The Hacker News

A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX.

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

Security Affairs

Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites.

DDOS 100

Detecting Targeted Attacks on Public Cloud Services with Cisco Secure Cloud Analytics

Cisco CSR

The Public Cloud and Security Responsibility. Across many businesses, leveraging services offered and hosted by public cloud providers such as AWS proves to be extremely advantageous for both improving operational efficiencies, cost savings, scaling, and for security.

Retail 100

Know more about YO-YO DDoS Attacks

CyberSecurity Insiders

All these days we have been discussing Distributed Denial of Service attacks aka Ddos attacks and the massive amounts of fake traffic they create to network disruptions in corporate and government networks.

DDOS 101

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

The Hacker News

Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products.

DNS 100

Security Researchers Find Nearly 400,000 Exposed Databases

eSecurity Planet

Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues.

IoT and Cybersecurity: What’s the Future?

Security Affairs

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network.

IoT 97

Microsoft says to ditch passwords all together on World Password Day  

CyberSecurity Insiders

World Password Day is celebrated in May every year and is being done since 2013 as a group of Cybersecurity Professionals declared the first Thursday of May every year as the day to celebrate as the security day of our online lives.

Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software

The Hacker News

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts.

Countdown to Compliance: Expect CMMC by May 2023

Security Boulevard

The Department of Defense (DoD) is planning to release an Interim Rule on the CMMC framework by May 2023, according to Stacy Bostjanick, director of the CMMC (Cybersecurity Maturity Model Certification) program for the DoD.

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns.

5 Advantages of Fraud Scoring

CyberSecurity Insiders

As a business, fraud is something to be aware of and to put preventative measures in place where possible. Just like cybercrime, online fraud can happen to anyone – it doesn’t discriminate regardless of whether you’re a big or small company. .

Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims

The Hacker News

An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques.