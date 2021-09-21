CreatorsPublishersAdvertisers
Druva Accelerates Ransomware Recovery Using Curated Data

By Michael Vizard
securityboulevard.com
 8 days ago

Cover picture for the articleDruva today added an Accelerated Ransomware Recovery (ARR) module to its data protection platform delivered via software-as-a-service (SaaS) that makes it simpler to recover data by identifying the latest clean version of each file via the most recent changes made. Prem Ananthakrishnan, vice president of products for Druva, said Druva...

securityboulevard.com

Cyber Attack Strikes US Critical Infrastructure

The US Agriculture industry is only the latest victim of ransomware attacks – highlighting yet again the susceptibility of our supply chain to devastating cyber attacks. Considering recent cyber attacks on the water supply we need to rethink our conception of which industries and types of companies are at risk.
PUBLIC SAFETY
securityboulevard.com

Epik Data Breach Impacts 15 Million Users | Avast

Domain registrar Epik confirmed last week in a tweet that “unauthorized third parties” accessed and downloaded customer account information. “We have identified the cause of the incident and are working towards full resolution,” the company added. The statement came about a week after hactivist group Anonymous leaked 180 GB of stolen data from Epik’s servers, including over 15 million email addresses belonging both to customers and non-customers of Epik. According to emails seen by Ars Technica, Epik alerted customers that impacted personal data may include payment information such as credit card numbers, registered names, usernames, emails, and passwords.
PUBLIC SAFETY
securityboulevard.com

Time is Not on Your Side: Why Every CISO needs a Cyber Risk Quantification Strategy before It’s Too Late

Cyber Risk Quantification needs to be the strategy driving your cybersecurity roadmap and priorities starting now. Breaches are getting worse, ransomware can cripple your business, and the financial impacts can last years. By looking at the financial impacts of recent high-profile breaches such as Colonial Pipeline or SolarWinds, we can plainly see that the traditional methods of risk assessment are no longer effective; measures such as compliance mandates and maturity models have a purpose, but solely relying on them is no longer sufficient to render the best possible business decisions around cyber security. Relying solely on the traditional qualitative approaches, security scoring or stop light methods in today’s climate will continue to leave you exposed. Making better, data-driven decisions to avoid these costly attacks has to be our focus and this is where Axio’s Cyber Risk Quantification can make the difference.
TECHNOLOGY
securityboulevard.com

Ransomware and Targeted Attacks in the Healthcare Sector

A recent report published by SonicWall indicates that ransomware has increased by 151% in the first half of 2021, compared with the same time period in 2020. With a reported 304.7 million attempted ransomware attacks, and some of the major attacks reported so far in 2021, it’s clear that there are no signs of ransomware slowing down any time soon.
PUBLIC SAFETY
securityboulevard.com

Busting the Myths Surrounding Password-Based Security

People have been relying on password-based security for millennia. The Roman military reportedly used what they called “watchwords” to identify soldiers on patrol. Exclusive groups and guilds used secret passwords to prove membership. The phrase “open sesame” protected hidden treasure in the story of Ali Baba and the Forty Thieves. In more recent times, the world’s first computer passwords were installed in MIT’s Compatible Time-Sharing System to distinguish between users of their colossal, shared computing system in the mid-1960s. Passwords are a simple and easy way to recognize and affirm the appropriate participant of a system. But what happens when modern-day cybercriminals get involved?
TECHNOLOGY
investing.com

Senator lobbies agencies over the use of crypto in ransomware

Some United States senators are ramping up the anti-crypto rhetoric again, urging federal agencies to take action against the illicit use of digital assets. Senator Maggie Hassan is the latest to raise concerns about the use of cryptocurrency as a means of payment for ransomware attacks.
CONGRESS & COURTS
infosecwriteups.com

How Hackers Use Open-Source Intelligence to Ransomware Companies

Demonstrating with a real company how a hacker can compromise an organisation in under 2 hours using OSINT and social engineering. Today I’ll be demonstrating how cybercriminals use open-source intelligence to create targeted and highly effective phishing emails that can establish a foothold for company-wide ransomware attacks. I’ll show you what a skilled attacker can achieve in less than 2 hours with information available to anyone who knows where to look.
SOFTWARE
securityboulevard.com

Identity Attack Watch: September 2021

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.
TECHNOLOGY
bleepingcomputer.com

U.S. to sanction crypto exchanges, wallets used by ransomware

The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money. With ransomware attacks against US interests and infrastructure escalating over the past two years, the White House has increased its efforts to disrupt ransomware operations.
U.S. POLITICS
theregister.com

Ransomware recovery: Start getting back up before you’re even hit

Sponsored What’s the first step to recovering from a ransomware attack? Making sure you have a recovery plan in place well before you get attacked. It’s not just a question of minimizing the chances of an attacker breaking through your defenses. You don’t have to make it easy for them, of course, but one will probably get through, eventually.
TECHNOLOGY
securityboulevard.com

Why Developers Need More than SAST and DAST for Real Code Security

Once developers find tools that work for them, it is hard to make a change. SAST and other legacy Application Security tools fall into the area of being solid tools that work. In the last couple of years the threat landscape has evolved and new vulnerabilities have emerged. SAST, DAST, and other Application Security tools may be effective within their own realm, however in the context of how software is developed today, they do not provide sufficient visibility into hard coded secrets and other code security risks.
SOFTWARE
VentureBeat

SaaS data backup and recovery platform Rewind raises $65M

Rewind, a data backup and recovery platform for software-as-a-service (SaaS) applications, has raised $65 million in a series B round of funding. Founded out of Ottawa, Canada in 2015, Rewind historically offered data backup services for businesses running Shopify, BigCommerce, and Intuit QuickBooks, but earlier this year the company acquired BackHub to extend its support to GitHub and later added support for Trello.
TECHNOLOGY
windowsreport.com

Protected: Protect your business from ransomware using Avast Business Hub

Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft. His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his... Read more. The Avast Business Hub is a suite of tools designed to protect your business...
TECHNOLOGY
securityboulevard.com

How to Test SAML and Configure SSO Using a Free-to-Use Application

The days where employees sat at workstations and interacted exclusively with native applications are gone but not forgotten: the legacy of singular passwords for services/apps persists, compounding frustrations for IT administrators and users alike. That’s especially true with cloud infrastructures, where exposing credentials over the wire and the potential for a multitude of weak passwords hampers user productivity and increases risks. There’s a better solution: Single Sign-On (SSO).
SOFTWARE
CIO

Transform With Trusted Data: How Good Governance Accelerates Your Data Culture

This is the second post in a three-part series about data and analytics governance. In case you missed it, read the first post to hear from Tableau’s own data governance team. There's a natural tension in many organizations concerning data governance. While IT recognizes its importance to ensure the responsible...
ECONOMY
securityboulevard.com

Debunking Wi-Fi Security Myths: Security by Obscurity

For as long as cybersecurity has been a thing, the concept of security by obscurity has been debated. The premise is simple—that by hiding or obscuring elements of your network infrastructure, applications, or data, you make it more difficult for attackers to find and compromise those things. The idea that you can secure something by hiding it has also been the focus of one of the prevailing myths about Wi-Fi.
COMPUTERS
securityboulevard.com

Ransomware Defense: The File Data Factor

Ransomware is no longer just targeting low-hanging fruit, nor can good backups alone protect you. IT organizations need to create a multilayered defense that goes beyond cybersecurity to incorporate modern data management strategies, particularly for unstructured file data. Aside from the pandemic, ransomware has become one of the gravest threats...
COMPUTERS
securityboulevard.com

Microsoft Finds Phishing Op Behind Enterprise Campaigns

A phishing-as-a-service (PhaaS) operation, dubbed BulletProofLink and discovered by Microsoft, has been behind a number of phishing campaigns against the private sector. Researchers at the tech giant uncovered the operation after finding a campaign that used more than 300,000 “newly created and unique subdomains” in a single run. The operation sells phishing kits, email templates, hosting and automated services—all at fairly low prices. Microsoft explained that some PhaaS groups offer everything needed for a campaign from soup to nuts—template creation, hosting and overall orchestration. That’s a lucrative business model for their “clientele.” Those service providers also offer a hosted scam page solution called fully undetected, or FUD, links. That’s their own marketing term meant to assure customers that the links are viable until users click them.
TECHNOLOGY

