SC Media
@SCMagazine
Followers
120K
Following
1K
Media
6K
Statuses
95K
The official Twitter feed for all things IT security. A CyberRisk Alliance Resource.
Joined November 2008
The legitimate @Google Calendar platform was abused to facilitate malicious command-and-control (C2) server connection in a stealthy NPM malware campaign discovered by @Veracode researchers. #cybersecurity #infosec #ITsecurity
0
1
0
The person behind the ���Devin Nunes’ cow” #Twitter account should remain anonymous, the ACLU asserted in a friend-of-the-court brief filed in response to a defamation lawsuit.
21
60
386
.@C_C_Krebs on his time at @DHSgov: "We were really focused on state actors and the exquisite threats posed by the Chinese MSS, the Russian GRU and SVR. But what I was seeing was American communities functionally disrupted by ransomware on a daily basis."
2
115
312
.@Microsoft reported that domain controllers were breached in more than 78% of human-operated cyberattacks, while the primary device used to spread #ransomware at scale was a domain controller in over 35% of cases. #cybersecurity #infosec #ITsecurity
1
56
162
The Meow bot has wiped out more than 1,000 open-source databases, mostly on #ElasticSearch and #MongoDB. The bot clears out a database, only leaving the word “Meow” in the file. Here are 5 steps to secure your data from this strange threat. #Meowbot.
3
67
101
Backdoor placed in popular Ukrainian software enabled NotPetya attack
0
24
65
See what @brysonbort , @DragosInc @RobertMLee and others from industry have to say about @CISA Chris Krebs, who just got fired by @realDonaldTrump. Says Lee: “folks should be thankful for his time there"
1
21
67
SC Media Women in IT Security 2021: ADVOCATES | .@redcanary’s Katie Nickels: Keeping calm to carry on #cybersecurity
0
7
56
Giuliani and top Trump White House officials hacked, passwords leaked
18
81
45
WikiLeaks makes FinFisher surveillance software available to public | http://t.co/OFd9DmNzSD.
1
82
42
We are pleased to announce that @JoeUchill has joined our team as senior reporter. Joe brings a terrific track record in cyber reporting, having spent time at @axios and @thehill. You can hit him up directly at joe.uchill@cyberriskalliance.com.
3
3
52
Congrats to @Cisco, winner of the SC Award for Best Security Company. Among the highlights: breadth of products and size of customer base; the power of threat research team @TalosSecurity; and an integrated platform approach for third-party tools
2
14
47
0
9
47
.@azeria_labs' Maria Markstedter at #BlackHatUSA opening keynote: “AI language models are like troubled teenagers” that need supervision. #cybersecurity #infosec #ITsecurity
2
5
45
Former hacker Kevin Mitnick shows WannaCry to Wall Street execs
3
27
44
Vulnerability addressed in Cisco IMC Supervisor and Cisco UCS Director | http://t.co/mlFa4feIAk.
0
70
44
.@TeamViewer confirmed that it experienced a cyberattack tied to the credentials of a standard employee account within its internal corporate IT network. #cybersecurity #infosec #ITsecurity
5
10
38
A simple mail transfer protocol (SMTP) abuse tool dubbed "Legion" can scan Shodan to identify misconfigured cloud servers and then take over SMTP email marketing programs or launch phishing campaigns. #cybersecurity #infosec #ITsecurity
0
17
37
.@CISAJen, director of the @CISAgov, described Chinese cyberattacks against U.S. critical infrastructure as the most serious threat to the nation she has seen in her 30-plus year career. #cybersecurity #infosec #ITsecurity .
1
23
37
Tesla hit by insider saboteur who changed code, exfiltrated data
0
46
35
Story behind how low-level Apple employee leaked iBoot source code
2
19
33
Imagine: researchers able to publicly prove the existence of a vulnerability without also giving away their underlying research to attackers. @DARPA is making progress
0
19
37
Court ruling allows gov't to collect Microsoft data stored on foreign servers | http://t.co/FGy48fCvcX.
1
14
30
The @NSAGov is urging organizations to harden their systems against BlackLotus UEFI bootkit malware, warning there is “significant confusion” and a “false sense of security” regarding the threat it poses. #cybersecurity #infosec #ITsecurity
0
14
25
Misconfigured Amazon S3 server leaks Australian Broadcasting Corporation
0
39
27
The Cyber Threat Alliance announced its 100 millionth shared observable data point on Wednesday. SC Media spoke with CTA CEO Michael Daniel, former White House cybersecurity czar, about what threat sharing means to the industry & end users. @CyberAlliance.
0
14
25
Congratulations to @k8em0, Founder and Chief Executive at @LutaSecurity, and one of our #WomeninItSecurity Advocate honorees.
2
8
30
Twitter will effectively ban SMS two-factor authentication in two weeks. Failing to shift users into a more secure authenticator is a "missed opportunity," experts say. #cybersecurity #infosec #ITsecurity
1
15
29
2 Coalfire pentesters are lobbying for a Good Samaritan law that would protect their industry peers from the kind of overzealous prosecution they say they faced after they were arrested while assessing the security of an Iowa courthouse. @CoalfireSys.
0
12
25
Gas station software flaws offer cheap gas, admin rights, and more
2
19
29
A @Microsoft Outlook vulnerability that leaks hashed passwords through malicious calendar invites is one of three Microsoft password-stealing exploits detailed by security researchers. #cybersecurity #infosec #ITsecurity
1
12
26
New trojan spreads via Facebook instant messaging and Yahoo Messenger | http://t.co/YSROfxVFvG.
2
17
24
Another misconfigured Amazon S3 server leaks data of 50,000 Australian employees
0
44
27
The hacker collective known as #DeathStalker has recently widened its footprint to include small to medium-sized business targets in the financial sector throughout Europe, Middle East, Asia and Latin America, says Kaspersky. #SMB @kaspersky .
1
14
27
Taiwanese police reward malware laced USB sticks as prizes for cybersecurity quiz
0
24
23
British hacker arrested for cyberattacks against Pokemon, Google, and Skype.
0
33
24
Apple iOS 11 makes it harder for law enforcement to access data
0
22
25
Former CISO: Knowledge of cyber should be requirement to join board of directors
1
18
26
Study: 67 percent of hotel websites grant third parties access to personal booking data, reservations l
0
28
22
A report from @StaySafeOnline found that after suffering a #databreach 10% of small businesses shut down, 25% had to file for bankruptcy and 37% experienced a financial loss. #NCSAM.
1
22
23
Facing potential layoffs of at least 500 probationary employees, the @NIST announced that it will defer all common vulnerabilities and exposures (CVEs) prior to Jan. 1, 2018. #cybersecurity #infosec #ITsecurity
0
7
26
Congratulations to our #WomeninITSecurity Advocate winners! Join us throughout the week for more stories on how our honorees are advancing the cybersecurity industry: @evacide @k8em0 @InfosecVandana @tarah
0
6
21
The Log4j vulnerability is being targeted in new malicious campaigns dubbed "proxyjacking" where adversaries attempt to install proxyware on unsuspecting victims in order to resell a target's bandwidth. #cybersecurity #infosec #ITsecurity
0
13
23
Cisco predicts a major increase in cyberattacks designed to destroy systems
2
50
21
The @SECGov this week pushed back its timeline for finalizing new regulations that would require public companies to notify the agency within four days of a cybersecurity breach. #cybersecurity #infosec #ITsecurity
0
5
20
U.S. urges Linux users to secure kernels from new Russian malware threat #Drovorub #Linux #FancyBear #Sofacy #APT28 @McAfee @KnowBe4 @OneIdentity @CrowdStrike @splunk .
0
18
23
Two mornings that will change your mind: Join elite speakers @geoffbelknap, @CamilleEsq, @MerrittBaer, @Edna_Conway, @jonathanreiber and more for this must attend event.
0
9
20
1
17
23
Windows Defender can be hijacked to ignore malware, falsely recognize benign files as malicious and even delete critical system files to render a machine inoperable, @safebreach researchers demonstrated at #BlackHatUSA. #cybersecurity #infosec #ITsecurity
0
19
22
Thank you to the SC Media Women in IT Security Advisory Board for supporting the editorial team through interviews, commentaries, and insight on our 2020 nominations. Join us next week as we celebrate the honorees! #WomeninITSecurity
0
4
22
We spoke to Craig Froelich, CISO of @BankofAmerica, about the benefits of seeking out individuals with ADHD, autism, dyslexia or dyspraxia, etc. For cyber teams, 'neurodiverse people "connect dots that we may not be able to connect."
5
14
22
Hidden Cobra malware infects Android devices with RAT, turns Windows machines into proxies
0
23
18
Lieu, Markey introduce Cyber Shield Act of 2017 for IoT devices
0
20
19
The SC Magazine Women In IT Security Issue is available now. Check it out here! | http://t.co/Ao1r0eVrYK
#SCMag_WIS
http://t.co/DOaGy7fTxY.
5
23
18
Congratulations to @hacks4pancakes, Principal Threat Analyst at @DragosInc and one of our #WomeninITSecurity Power Player honorees.
1
2
21
Ukraine’s cyber agency tracks ‘significant increase’ in malware-directed attacks #cybersecurity #infosec
0
10
22
DeFi brings the freedoms of blockchain to traditional finance – earning interest from a global user base rather than a bank. Centralization rears its conventional head for a number of reasons, some of which can be noble and intentional. Others careless
2
5
18
Twitter takes down thousands of state-affiliated malicious accounts.
0
18
19
.@TrustedSec said in tests that the exploit succeeded when tested against a fully patched system. Until a patch comes out, CEO David Kennedy and others in the infosec community are advising organizations to disable the print spooler option completely.
0
14
20
#HBO breach accomplished with hard work by hacker, poor security practices by victim l @Centrify @PrevalentNet.
0
39
9
The #Twitter hack raises questions as to whether orgs are implementing effective security controls that limit insider threats’ access to back-end admin tools. Featuring commentary from @kierstentodt @Cyber_Readiness @varonis @armorblox @okta @DomainTools .
1
15
20
New Phishing scam combines FedEx and Google Drive to lure victims
0
36
18
1
9
22
1
13
20
An otherwise unremarkable find of an open #Elasticsearch database containing millions of records has become a Sherlock Holmes mystery, as researchers cannot figure out the database’s origins. @haveibeenpwned @troyhunt.
0
14
18
Intel redesigns chips to address Spectre and Meltdown vulnerabilities
0
14
20
Intel redesigns chips to address Spectre and Meltdown vulnerabilities
1
33
21
New Jersey email admin charged with accessing former company's account
1
23
19
A vulnerability affecting all major browsers, dubbed “0.0.0.0 Day,” could enable attackers to send malicious requests to local networks, potentially leading to remote code execution (RCE). #cybersecurity #infosec #ITsecurity
2
15
18
The cost of reported cybercrime in the U.S. jumped 22% last year to more than $12.5 billion, according to the @FBI’s Internet Crime Complaint Center (IC3) 2023 annual report. #cybersecurity #infosec #ITsecurity .
0
12
19
.@Google has used a large language model (LLM) agent called “Big Sleep” to discover a previously unknown, exploitable memory flaw in a widely used software for the first time, the company announced. #AI #infosec #cybersecurity #ITsecurity
0
10
18
Malicious websites can steal from vulnerable Electrum cryptocurrency wallets
1
20
19
"Let me state for the record that Peter Sunde doesn't belong in jail. He should be freed immediately." Mikko Hypponen #BlackHat.
0
36
19
Save the date: RiskSec is heading to Philadelphia on May 8th, 2019. Secure your spot today and save $150 with promo code SOCIAL150! #RiskSec
4
16
18
Tyler McLellan, principal threat analyst at @Mandiant, told SC Media that their team has observed three Ukrainian government entities being compromised in an operation using a modified version of Windows 10. #cybersecurity #infosec #ITsecurity
0
6
20