February 2021

I honestly don’t know where my time goes. I get up, have great plans for all the things I want to do then next minute, the day is gone. There’s probably some hints in the range of different things I’m speaking about this week and the book is certainly now

Read More Weekly Update 232

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute […]

The post New Ryuk ransomware implements self-spreading capabilities appeared first on Security Affairs.

Read More New Ryuk ransomware implements self-spreading capabilities

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint […]

The post Microsoft releases open-source CodeQL queries to assess Solorigate compromise appeared first on Security Affairs.

Read More Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What’s Going On? Our online security team has uncovered a massive data breach originating from a misconfigured […]

The post Data Breach: Turkish legal advising company exposed over 15,000 clients appeared first on Security Affairs.

Read More Data Breach: Turkish legal advising company exposed over 15,000 clients

Whenever I think about SAM and software assets, I remember my very first CND lesson – forget about scharfes-ing the word “asset” because it has nothing in common with what you’re up against in IT management. Instead, replace “s” with the dollar sign (“…

Read More Software Asset Management (SAM) Revisited – ITAM vs SAM and the Real Cost of High-Velocity Upscaling

This morning’s podcast reports on two studies of cyber threat trends, and a warning about targeted attacks on the defence sector
The post Cyber Security Today, Feb. 26, 2021 – Conflicting reports on vulnerabilities, and a warning to the defence sector …

Read More Cyber Security Today, Feb. 26, 2021 – Conflicting reports on vulnerabilities, and a warning to the defence sector

Excellent Brookings paper: “Why data ownership is the wrong approach to protecting privacy.”

From the introduction:

Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it. Data is not a commodity. It is information. Any system of information rights­ — whether patents, copyrights, and other intellectual property, or privacy rights — ­presents some tension with strong interest in the free flow of information that is reflected by the First Amendment. Our personal information is in demand precisely because it has value to others and to society across a myriad of uses…

Read More The Problem with Treating Data as a Commodity

Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19. Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the […]

The post Hackers are selling access to Biochemical systems at Oxford University Lab appeared first on Security Affairs.

Read More Hackers are selling access to Biochemical systems at Oxford University Lab

We check in on ITWC’s latest MapleSEC satellite series event, the Supreme Court of Canada says no to big telcos’ cries for a pricing appeal, and President Biden signs another exec order, this one tackling the global chip shortage.
The post Hashtag Tren…

Read More Hashtag Trending, Feb. 26, 2021 – MapleSEC recap; Supreme Court of Canada says no to pricing appeal; Biden signs exec order to address chip shortage

Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […]

The post Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack appeared first on Security Affairs.

Read More Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

SolarWinds announced the APM Integrated Experience for the SolarWinds application performance management (APM) solutions—AppOptics, Loggly, and Pingdom—consolidating access to application performance metrics, traces, logs, and user experience into a co…

Read More SolarWinds APM Integrated Experience delivers a single platform for navigation across the APM portfolio

The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on, dubbed FriarFox, that allowed them to steal Gmail and Firefox browser data and deliver malware on infected systems. “We attribute this […]

The post China-linked TA413 group target Tibetan organizations appeared first on Security Affairs.

Read More China-linked TA413 group target Tibetan organizations