By Elizabeth Montalbano on Apr 07, 2021 09:00 am
The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators.
By John Klossner Cartoonist on Apr 07, 2021 08:45 am
And the winner of Dark Readings's March cartoon caption contest is ...
By Betsy Foresman on Apr 07, 2021 06:00 am
Networks defenders in the U.S. and beyond are struggling to keep pace with scale and intensity of ransomware attacks, particularly as the issue has emerged as a subject of concern during the coronavirus pandemic. Organizations ranging from the Department of Homeland Security to the Federal Bureau of Investigation have warned that government agencies of all sizes and private companies can take basic steps to avoid hacking groups. The U.S. National Institute of Standards and Technology also has published a number of updates aimed at helping cyber staffers safeguard data. The larger issue is about protecting data integrity, Bill Fisher, security engineer at NIST’s National Cybersecurity Center for Excellence (NCCoE), explained during a Q&A session with CyberScoop. There’s a range of tactics that organizations can deploy to protect their information, he said, including the use of blocking technology and stronger authentication techniques that provide dynamic risk assessments. CyberScoop: Should security personnel trying […]
The post How NIST hopes network defenders will stop ransomware appeared first on CyberScoop.
By Paul Ducklin on Apr 06, 2021 06:22 pm
It's not just the breach, it's the speed of the breach response...
By Dark Reading Staff on Apr 06, 2021 06:20 pm
The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products.
By Dark Reading Staff on Apr 06, 2021 05:50 pm
The quick pivot to the cloud for remote support also ushered in risks.
By Robert Lemos Contributing Writer on Apr 06, 2021 05:25 pm
Recent Trickbot campaigns and at least three common banking Trojans all attempt to infect systems using malicious macros in Microsoft Office documents created using EtterSilent.
By Tara Seals on Apr 06, 2021 04:55 pm
CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain.
By Becky Bracken on Apr 06, 2021 04:54 pm
A massive operation offers access to hacked camera feeds in bedrooms and at hotels.
By Edge Editors Dark Reading on Apr 06, 2021 04:50 pm
The idea of monetizing distributed denial-of-service (DDoS) attacks dates back to the 1990s. But the rise of DDoS-for-hire services and cryptocurrencies has radically changed the landscape.
By Tara Seals on Apr 06, 2021 02:47 pm
Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further.
By Sean Lyngaas on Apr 06, 2021 01:30 pm
Cybersecurity experts at the European Union are investigating an “IT security incident” involving multiple institutions, though “no major information breach” has been detected, EU officials said Tuesday. The scope and nature of the incident were not immediately clear, but a spokesperson for the European Commission, the EU’s executive branch, said the commission had set up a “24/7 monitoring service” in response to the incident. “The European Commission and other EU institutions, bodies or agencies have experienced an IT security incident in their IT infrastructure,” the commission spokesperson said in an email. A spokesperson for the European Parliament said the parliament and other EU bodies had “received an alert on [a] possible vulnerability in its IT infrastructure.” The parliament “took immediate measures to check and protect its servers against this vulnerability,” the spokesperson said. As a 27-country bloc that affects trade and foreign policy on the continent, EU institutions are natural […]
The post EU investigating ‘IT security incident’ involving multiple agencies appeared first on CyberScoop.
By Andrew Jaquith Chief Information Security Officer & General Manager, Cyber, COMPLEX on Apr 06, 2021 01:00 pm
The Ryuk ransomware epidemic is no accident. The cybercriminals responsible for its spread have systematically exploited weaknesses in enterprise defenses that must be addressed.
By Sean Lyngaas on Apr 06, 2021 11:19 am
Security researchers on Tuesday warned of the unrelenting interest that cybercriminals have in exploiting applications made by software giant SAP to defraud or disrupt big businesses that rely on SAP products. A months-long study by Boston-based security firm Onapsis found that malicious hackers are growing more knowledgeable of SAP software and the potential impact that compromises could have on customers. In one case, an unidentified attacker managed to chain together multiple software exploits to target an SAP “credential store,” which stores login details for an organization’s high-value SAP users. Access to the credential store could give a hacker the ability to exploit other applications that interact with those credentials. SAP has 400,000 customers worldwide, including more than half of NATO members. A big swath of the world’ largest public companies use the software to manage their business processes. A critical bug in SAP software could be a ticket for a […]
The post Crooks are getting smarter about exploiting SAP software, study finds appeared first on CyberScoop.
By Pam Baker Contributing Writer on Apr 06, 2021 10:30 am
Log management is nothing new. But doing so smartly, correctly, and concisely in today's data-driven world is another story.
By Shannon Vavra on Apr 06, 2021 10:27 am
Hackers are using a new, malleable malicious document builder to run their criminal schemes, according to Intel 471 research published Tuesday. The document builder, known as EtterSilent, has been advertised in a Russian cybercrime forum and comes in two versions, according to the research. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro. One version of EtterSilent imitates the digital signature product DocuSign, though when targets click through to electronically sign documents, they are prompted to enable macros. This allows the attackers to target victims with malware. EtterSilent also offers another benefit for criminals looking for the latest tools to run their schemes — the malicious document builder has been crafted to conceal the activities of its operators, and has been constantly updated in recent months to avoid detection, according to Intel 471. “The widespread use of EtterSilent shows how commoditization is a big part of […]
The post Emerging hacking tool 'EtterSilent' mimics DocuSign, researchers find appeared first on CyberScoop.
By Pratik Savla Lead Security Engineer at Venafi on Apr 06, 2021 10:00 am
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
By Elizabeth Montalbano on Apr 06, 2021 09:59 am
New details of negotiation between attackers and officials from Broward County Public Schools emerge after a ransomware attack early last month.
|
