News Feed

• AT&T Internet review: Good speeds at fair rates
  With affordable broadband speeds, a growing fiber network, and high levels of customer satisfaction across the board, AT&T has something to offer for all types of internet users.
• New Cisco Webex ad shows rapid evolution of collaboration
  Educating buyers on what's new can be difficult, but showing them how those things can be used can be even more difficult.
• Ransomware attempt volume sets record, reaches more than 300 million for first half of 2021: SonicWall
  The US, UK, Germany, South Africa and Brazil topped the list of countries most impacted by ransomware attempts while states like Florida and New York struggled as well.
• Amazon fined $887 million for GDPR privacy violations
  The Luxembourg National Commission for Data Protection made the decision on July 16.
• SEC Chairman Gensler tightens restrictions on Chinese companies after cybersecurity crackdown in China
  Gary Gensler said the SEC will seek disclosures from Chinese companies that notify investors about shell companies and the potential government action.
• Best web development course 2021: Top online classes
  There are many choices of learning providers if you or someone you know is interested in building next-gen websites.
• Living the Beta Life: Testing Apple, Google, and Microsoft pre-release operating systems
  The beta lifestyle can be a struggle at times but comes with the reward of previewing features before the general public. But should you try it?
• Pearson unveils Pearson+ platform to address costly college textbook process
  The single tier is $9.99 per month for one Pearson eText and the multi tier of $14.99 per month for access to 1500+ Pearson eTexts.
• The average consumer loses over $150 a year renting a router from their ISP
  We spoke with several cable customers about their experience setting up their own router, and they found it to be far less complicated than they had imagined.
• ProtonVPN gets serious speed boost with VPN Accelerator
  When push comes to shove, what you really want from a Virtual Private Network, such as ProtonVPN, is 1) privacy and 2) speed. The new ProtonVPN delivers on both.
• What is a VPN and why do you need one? Everything you need to know
  Whether you're in a corporate or home office or on the road, a VPN remains one of the best ways to protect your privacy and security on the internet.
• LinkedIn: We won't expect employees to come into the office anymore
  The social media platform U-turned on a previous policy requiring employees to be in the office at least part of the time.
• Microsoft: This Windows and Linux malware does everything it can to stay on your network
  LemonDuck coin-mining malware has been crafted by some very determined, financially motivated cybercriminals.
• AWS Neptune update: Machine learning, data science, and the future of graph databases
  AWS Neptune just added another query language, openCypher, to its arsenal. That may not sound like a big deal in and of itself, but coupled with updates in machine learning and data science features, it points towards the future of graph databases.
• VPN deal: Save 30% on the highest-rated VPN services
  The safety and security of your personal data is priceless, Fortunately, you can get an excellent deal right now on some of the best VPNs on the market.
• Meet Estée Lauder's chief analytics officer: 'Data hoarding doesn't solve the problem'
  The Estée Lauder Companies has created a chief analytics officer position as part of its senior leadership team. Learn about this important role and its impact on digital transformation efforts. From data science to culture, it's more complicated than you might think.
• Pizza vending machine looking for some dough
  Kiosk concepts are rolling out in the touch-free era.
• Windows 11 just hit beta - but there's no Chat for Teams button just yet
  The latest build of Windows 11 hits the Beta channel in the Windows Insiders Program, but the new Chat button won't be enabled for a few weeks.
• This unusual malware attack can go from first contact to launching ransomware in just 48 hours
  Human operators make BazaCall malware harder than usual to detect malicious email. The group sometimes installs nasty Ryuk ransomware.
• New Aussie legislation to target use of personal information by social media
  The Attorney-General's Department said the legislation, separate from its review of the Privacy Act, will target social media companies to ensure greater transparency about how personal information is being used and how consent is obtained.

• 8 Security Tools to be Unveiled at Black Hat USA
  Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
• 7 Hot Cyber Threat Trends to Expect at Black Hat
  A sneak peek of some of the main themes at Black Hat USA next month.
• Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack
  Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
• US Accuses China of Using Criminal Hackers in Cyber Espionage Operations
  DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
• NSO Group Spyware Used On Journalists & Activists Worldwide
  An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
• Researchers Create New Approach to Detect Brand Impersonation
  A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
• Recent Attacks Lead to Renewed Calls for Banning Ransom Payments
  While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.
• Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
  At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.
• State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks
  The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.
• CISA Launches New Website to Aid Ransomware Defenders
  StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.
• Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
  Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
• IoT-Specific Malware Infections Jumped 700% Amid Pandemic
  Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
• SonicWall: 'Imminent' Ransomware Attack Targets Older Products
  The attack exploits a known vulnerability that was fixed in new versions of firmware released this year.
• Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw
  A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.
• New Phishing Campaign Targets Individuals of Interest to Iran
  TA453 group spoofed two scholars at University of London to try and gain access to email inboxes belonging to journalists, think tank personnel, academics, and others, security vendor says.
• Why We Need to Raise the Red Flag Against FragAttacks
  Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
• Can Government Effectively Help Businesses Fight Cybercrime?
  From the Biden administration's pledge to take action to INTERPOL's focus on ransomware as a global threat, governments are looking to help businesses cope with cyberattacks. But can it really work?
• SolarWinds Discloses Zero-Day Under Active Attack
  The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.
• Kaseya Releases Security Patch as Companies Continue to Recover
  Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.
• How Dangerous Is Malware? New Report Finds It's Tough to Tell
  Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.

• Breaking Down the Threat of Going All-In With Microsoft Security
  Limit risk by dividing responsibility for infrastructure, tools, and security.
• 7 Ways AI and ML Are Helping and Hurting Cybersecurity
  In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
• Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw
  A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.
• Tool Sprawl & False Positives Hold Security Teams Back
  Security teams spend as much time addressing false positive alerts as they do addressing actual cyberattacks, survey data shows.
• Kaseya Releases Security Patch as Companies Continue to Recover
  Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.
• AI and Cybersecurity: Making Sense of the Confusion
  Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.
• How Dangerous Is Malware? New Report Finds It's Tough to Tell
  Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.
• Cartoon Caption Winner: Sight Unseen
  And the winner of Dark Reading's June contest is ...
• Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
  Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.
• Fake Android Apps Promise Cryptomining Services to Steal Funds
  Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.
• Are Security Attestations a Necessity for SaaS Businesses?
  Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?
• Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln
  It urges organizations to immediately apply security update, citing exploit activity.
• Autonomous Security Is Essential if the Edge Is to Scale Properly
  Service demands at the network edge mean customers need to get cost, performance, and security right.
• Workers Careless in Sharing & Reusing Corporate Secrets
  A new survey shows leaked enterprise secrets costs companies millions of dollars each year.
• It's High Time for a Security Scoring System for Applications and Open Source Libraries
  A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.
• Cyberattack on Kaseya Nets More Than 1,000 Victims, $70M Ransom Demand
  The provider of remote monitoring and management services warns customers to not run its software until a patch is available and manually installed.
• Barracuda Agrees to Acquire Skout Cybersecurity
  The acquisition will bring Barracuda into the extended detection and response (XDR) market with a tool for managed service providers.
• Secured-Core PCs May Mitigate Firmware Attacks, but Adoption Lags
  Microsoft maintains that exploitation of recent Dell vulnerabilities would be blocked on ultra-secure PCs - but most systems do not have the technology yet.
• GitHub Unveils AI Tool to Speed Development, but Beware Insecure Code
  The company has created an AI system, dubbed Copilot, to offer code suggestions to developers, but warns that any code produced should be tested for defects and vulnerabilities.
• WhiteHat Security Rebrands as NTT Application Security
  The name change follows NTT Security Corporation's acquisition of WhiteHat in 2019.

Cyber Security Feed.