This Week in Database Leaks: Cognyte, CVS, Wegmans
Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.
Source: Dark Reading
[...]
AuthorKelly Sheridan Staff Editor
Ransomware Operators' Strategies Evolve as Attacks Rise
Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.
Source: Dark
[...]
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.
Source: Dark Reading –
[...]
'Fancy Lazarus' Criminal Group Launches DDoS Extortion Campaign
The group has re-emerged after a brief hiatus with a new email campaign threatening a DDoS attack against businesses that don’t pay ransom.
[...]
Microsoft Patches 6 Zero-Days Under Active Attack
The June 2021 Patch Tuesday fixes 50 vulnerabilities, six of which are under attack and three of which were publicly known at the
[...]
Microsoft CISO Shares Remote Work Obstacles & Lessons Learned
Bret Arsenault explains changes he implemented along the way as Microsoft’s workforce went from 20% to 97% remote.
Source: Dark Reading –
[...]
Google Experts Explore Open Source Security Challenges & Fixes
An open source security event brought discussions of supply chain security and managing flaws in open source projects.
Source: Dark Reading –
[...]
Microsoft Buys ReFirm Labs to Drive IoT Security Efforts
The acquisition will bring ReFirm’s firmware analysis capabilities alongside Microsoft’s Azure Defender for IoT to boost device security.
Source: Dark Reading –
[...]
US Seizes Attacker Domains Used in USAID Phishing Campaign
The move follows last week’s disclosure of an ongoing attack designed to mimic emails from the US Agency for International Development.
Source:
[...]
SolarWinds Attackers Impersonate USAID in Advanced Email Campaign
Microsoft shares the details of a wide-scale malicious email campaign attributed to Nobelium, the group linked to the SolarWinds supply chain attack.
[...]