Monthly Archives: January 2021
Perils of coding errors play out in Parler slip up
Applied to internet applications in general, the IDOR problems that led to the Parler exposure could extend to anything stored sequentially and not secured individually — receipts, posts, and in many instances entire accounts.
The post Perils of coding errors play out in Parler slip up appeared first on SC Media.
Ubiquiti urges password reset, 2fa after breach
IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal. The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.…
The post Ubiquiti urges password reset, 2fa after breach appeared first on SC Media.
Complexity and cost chip away at SOCs’ perceived return on investment
51% of 17,200 surveyed IT and security practitioners said that
their SOC’s ROI has gotten worse.
The post Complexity and cost chip away at SOCs’ perceived return on investment appeared first on SC Media.
SolarWinds attackers suspected in Microsoft authentication compromise
Mimecast issued a new certificate and is urging affected customers to delete the old one after Microsoft warned of a compromise.
The post SolarWinds attackers suspected in Microsoft authentication compromise appeared first on SC Media.
‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
In theory they know better. But Users naïvely trust workplace communications platforms, despite phishing and impersonation threats.
The post ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform appeared first on SC Media.
DarkSide decryptor unlocks systems without ransom payment – for now
The decryptor works for all current DarkSide infections, but that will likely change soon as the group reacts and adapts to the disclosure.
The post DarkSide decryptor unlocks systems without ransom payment – for now appeared first on SC Media.
Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group
While researchers may want to invest time and energy towards attributing the latest high-profile attack to a particular adversary, more productive is the ability to see similarities in the underlying techniques employed in the attack were to prior attacks.
The post Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group appeared first on SC Media.
Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
Organizations that can show they did their due diligence in protecting medical information will be better off, should a breach occur.
The post Feds will weigh whether cyber best practices were followed when assessing HIPAA fines appeared first on SC Media.
SolarWinds hack is the perfect foreword to new book on history’s biggest breaches
SC Media spoke to author and former CISO Neil Daswani about his upcoming new book “Big Breaches: Cybersecurity Lessons for Everyone.”
The post SolarWinds hack is the perfect foreword to new book on history’s biggest breaches appeared first on SC Media.