2018 ‘Hacking Attempt’ Claimed By Georgia Was A Security Test They’d Requested Themselves

An anonymous reader quotes the Atlanta Journal-Constitution: It was a stunning accusation: Two days before the 2018 election for Georgia governor, Republican Brian Kemp used his power as secretary of state to open an investigation into what he called a “failed hacking attempt” of voter registration systems involving the Democratic Party. But newly released case files from the Georgia Bureau of Investigation reveal that there was no such hacking attempt.

The evidence from the closed investigation indicates that Kemp’s office mistook planned security tests and a warning about potential election security holes for malicious hacking.

Why Manual Penetration Testing and Automation are Important Aspects of an AppSec Program

Authored by Jacques Lopez and Tom Estonツ?

As a result of the current COVID-19 pandemic, most companies are operating remotely. This ???new normal??? has led to an increased demand for digital transformations and cloud migrations. But Verizon???s 2020 Data Breach Investigations Report recently noted that cyberattackers are taking advantage of the digital transformations, finding new ways to attack web applications. As Tami Erwin, CEO of Verizon Business, recently stated, ???As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount.???

Career Choice Tip: Cybercrime is Mostly Boring

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.

Maze: the ransomware that introduced an extra twist

An extra way to create leverage against victims of ransomware has been introduced by the developers of the Maze ransomware. If the victim is not convinced that she should pay the criminals because her files are encrypted, there could be an extra method of extortion. Over time, more organizations have found ways to keep safe copies of their important files or use some kind of rollback technology to restore their systems to the state they were in before the attack.

AWS Shield Threat Landscape report is now available

AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Response Team (TRT), who continually monitors and assesses the threat landscape to build protections on behalf of AWS customers. This includes rules and mitigations for services like AWS Managed Rules for AWS WAF and AWS Shield Advanced. You can use this information to expand your knowledge of external threats and improve the security of your applications running on AWS.