Security News > 2021 > September

Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network. I blogged about a previous prototype here

The person who reformatted the Guntrader hack data as a Google Earth-compatible CSV has said they are prepared to go to prison - while denying their actions amounted to a criminal offence. The pseudonymous person spoke to The Register by email late last week after dumping the personal data of 111,000 UK firearm and shotgun certificate owners online in a CSV formatted for ease of importing into Google Earth, pinpointing gun owners' homes.

A Glasgow-based company is facing a £150,000 penalty handed down by the UK's data watchdog for making more than half a million nuisance calls about bogus green energy deals. The Information Commissioner's Office fined DialADeal Scotland Ltd after an investigation found that it had targeted numbers registered with the Telephone Preference Service where people had expressly withdrawn their consent to receive marketing calls.

The Ragnar Locker ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities, like the FBI. Ragnar Locker has previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payments. In an announcement published on Ragnar Locker's darknet leak site this week, the group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack.

According to a recent report from the Institute for Security and Technology, ransomware attacks cost businesses 21 days of downtime, on average. Because WordPress is the market share leader, my team of SOC analysts aren't strangers to responding to WordPress security issues.

Seven years ago she passed the CISSP exam, and today she teaches a CISSP course based on materials she co-authored. Many wonder about the benefits of getting a CISSP, how did it help your career?

From factory machinery that can analyze its sensor data for predictive maintenance, to driverless cars that can collect and process real-time traffic data without the cloud, the fast-approaching age of smart devices at the edge promises plenty for users and businesses. Let's dive deeper into the age of AI-powered devices at the edge and what it means for cybersecurity.

Panther Labs released the findings from their report which surveyed over 400 security professionals who actively use a SIEM platform as part of their job, including CISOs, CIOs, CTOs, security engineers, security analysts, and security architects, to gain insight into their current SIEM challenges, frustrations, and desires when it comes to capabilities. "Insights from this report confirm what my team and I have also experienced working at companies like Amazon and Airbnb - traditional SIEM platforms no longer meet the growing needs of security practitioners who face new and emerging threats," said Jack Naglieri, CEO and founder of Panther Labs.

Automated traffic takes up 64% of internet traffic - and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals. These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots.

The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "Successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts.