July 1, 2021

Neustar and Equifax released Financial Spectrum, an audience segmentation and media activation solution designed to meet the unique demands of financial services marketers. Financial Spectrum offers asset-based customer segmentation to financial servic…

Read More Neustar and Equifax release Financial Spectrum, an audience segmentation and media activation solution

Sevco Security launched with $15M in Series A funding led by SYN Ventures, with participation from .406 Ventures, Accomplice, Bill Wood Ventures and fama Ventures. Sevco will use the funding to scale adoption of the cloud-native security asset intellig…

Read More Sevco Security raises $15M to scale adoption of the cloud-native security asset intelligence platform

US and UK cybersecurity agencies said the Russia-linked APT28 group is behind a series of large-scale brute-force attacks.US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that have targeted the cloud IT resources of government and private sector companies across the world. US […]

The post UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT appeared first on Security Affairs.

Read More UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month.

Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Read More Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

The University Medical Center hospital discloses a data breach after threat actors published online images of stolen personal information as proof of the hack. The University Medical Center hospital, in Nevada, discloses a security breach, the hackers compromised its data servers and published online the pictures of the allegedly stolen personal information. Early this week, […]

The post Hackers breached a data server of the University Medical Center appeared first on Security Affairs.

Read More Hackers breached a data server of the University Medical Center

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping.

However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals. These add fuel to the fire by incentivising cybercriminals’ engagement in ransomware operations and enabling existing operators to invest in and expand their capabilities. Growing losses from ransomware attacks have also emphasised that the current reality is not sustainable for insurers either…

Read More Insurance and Ransomware

Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. Microsoft researchers discovered multiple vulnerabilities in the firmware of the Netgear DGN-2200v1 series router that can allow attackers to bypass authentication, access stored credentials, and even take over devices. Experts discovered […]

The post Microsoft found auth bypass, system hijack flaws in Netgear routers appeared first on Security Affairs.

Read More Microsoft found auth bypass, system hijack flaws in Netgear routers

In the wake of the recently published POC for the Print Spooler Remote Code Execution vulnerability, Heimdal™ Security has the latest Microsoft patch for this vulnerability readily available for its customers. Earmarked CVE-2021-1675 by Microsoft, the …

Read More SECURITY ALERT: Print Spooler Vulnerability’s Code Leak Compels Microsoft to Upgrade Severity Level.

The National Cybersecurity Center of Excellence (NCCoE) has finalized its project description on the Automation of the Cryptographic Module Validation Program (CMVP). Increased automation is necessary because a number of elements of the current validat…

Read More Automation of the Cryptographic Module Validation Program (CMVP): Final Project Description Released

The US CISA has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET). RRA could be used by organizations to determine […]

The post US CISA releases a Ransomware Readiness Assessment (RRA) tool appeared first on Security Affairs.

Read More US CISA releases a Ransomware Readiness Assessment (RRA) tool

This news was updated clarifying that PrintNightmare Exploit is not a zero-day bug and it’s the same as CVE-2021-1675, because the latter was not fully patched by Microsoft.  Windows Print Spooler, the Windows software program whose job is to man…

Read More PrintNightmare Exploit Mistakenly Brought to Public’s Attention: A Malware That Could Perform a System Takeover [UPDATED]