3.1M Neiman Marcus Customer Card Details Breached

Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just...

Military’s RFID Tracking of Guns May Endanger Troops

Reports that the military has started outfitting firearms with RFID tags for tracking have raised security alarms. The concern: What if the enemy uses the tags to track soldiers on the battlefield? The Department of Defense, the Marines and the Navy have already rejected the RFID tagging tech for...

[Security Nation] Rob Graham on Mike Lindell's Cyber Symposium

!\Security Nation\ Rob Graham on Mike Lindell's Cyber Symposiumhttps://blog.rapid7.com/content/images/2021/09/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Rob Graham of Errata Security about his experience attending pillow magnate Mike Lindell's Cyber...

Indictment, Lawsuits Revive Trump-Alfa Bank Story

In October 2016, media outlets reported that data collected by some of the worlds most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russias largest financial institutions. Those...

ASSURE Case Study: Two

The engagement The purpose of this exercise was to validate the clients’ baseline security assessment against NIS and the CAF and prepare them for the CAA Assure audit against NIS and CAF. There were 24 systems for the client and 9 third party systems. The client had carried out some initial...

[The Lost Bots] Episode 4: Deception Technology

!\The Lost Bots\ Episode 4: Deception Technologyhttps://blog.rapid7.com/content/images/2021/08/-The-Lost-Bots--Episode-1--External-Threat-Intelligence-1.jpeg Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

The Economics of XDR

Pulling from recent data and research, security experts discuss the value that organizations have seen from adopting extended detection and response XDR solutions...

IoT Piranhas Are Swarming Industrial Controls

Full transparency: Curtis Simpson, CISO at Armis, the enterprise IoT security company, was fundamentally a black hat at the age of 12, before he even knew what a black hat was. One day he got flooded over IRC and was fascinated: What just happened? And how did it happen? He’s since spent the vast...

Iranian State-Sponsored Hacking Attempts

Interesting attack: Masquerading as UK scholars with the University of Londons School of Oriental and African Studies SOAS, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with hi...

Malspam banks on Kaseya ransomware attack

The Malwarebytes Threat Intelligence Team recently found a malicious spam campaign making the rounds and banking on the ransomware attack that forced Kaseya to shut down its VSA service. This is a classic example of an opportunistic attack conducted by potentially another threat actor/group off t...

Encouraging women to embrace their cybersecurity superpowers

The cybersecurity challenges of today require a diversity of skills, perspectives, and experiences, yet women remain underrepresented in this field. On International Women’s Day, some Microsoft Security women leaders penned a powerful blog highlighting the underrepresentation of women in...

CRSP: The emergency team fighting cyber attacks beside customers

What is CRSP? Microsoft Global Compromise Recovery Security Practice. Who is CRSP? We are a worldwide team of cybersecurity experts operating in most countries, across all organizations public and private, with deep expertise to secure an environment post-security breach and to help you prevent a...

White hat, black hat, grey hat hackers: What’s the difference?

When you think of the world of ethical hackers white hat, malicious hackers black hat, and hackers that flirt with both sides grey hat, you may envision people in shiny trench coats and dark glasses, whose computer skills are only matched by their prowess in martial arts. The truth is that hacker...

Supreme Court Limits Scope of Controversial Hacking Law

The United States Supreme Court has ruled that a police officer who received money for obtaining data from a law-enforcement database for an associate did not violate a controversial federal hacking law, marking a victory for the ethical hacking community by limiting the law’s scope. In a landmar...

Bose Admits Ransomware Hit: Employee Data Accessed

High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled “across Bose’s environment” and resulted in the possible exfiltration of employee data. The incident began on March 7, according to a disclosure letter sent to the Attorney General’s Office in New...

U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber Attack

The ransomware attack against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration FMCSA to issue a regional emergency declaration in 17 states and the District of Columbia D.C.. The declaration provides a temporary exemption to Parts 390 through 399 of t...

Cybersecurity Experts to Follow on Twitter

Security Boulevard recently listed the "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021." I came in at 7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. If you are one of the 134K people who read me from Twitter, "hi."...

Conti Gang Demands $40M Ransom from Florida School District

UPDATE The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable. The incident...

Hackers Setup Fake Cyber Security firm to Target InfoSec Experts

By Waqas Google believes the hackers are backed by the North Korean government. This is a post from HackRead.com Read the original post: Hackers Setup Fake Cyber Security firm to Target InfoSec Experts...