Krebs on Security

DECEMBER 19, 2023

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con

Ransomware 257

Ransomware Encryption IT Access 257

Data Breach Today

DECEMBER 18, 2023

Cyber Group Dubbed Predatory Sparrow Takes Responsibility for Widespread Attack A group known as Predatory Sparrow claimed responsibility for a Monday cyberattack that shut down a majority of gas stations across Iran as officials blamed the attack on foreign powers. The group has previously taken credit for a number of attacks targeting Iran's fuel supply and rail system.

330

330

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf. This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge.

IoT 264

IoT Cloud Authentication Manufacturing 264

AIIM

DECEMBER 21, 2023

As organizations have settled into the business of the business, one thing seems clear: the new workplace is much different than the one we were used to. Remote work and virtual teams are now a prevalent way of working, with on-site employees often the exception rather than the rule. Now that work-from-home has proven to be a viable alternative, C-Suite executives and business owners are less likely to invest in the resources, infrastructure, and space needed for all of their workers to return t

153

153

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

Artificial Intelligence

Security Affairs

DECEMBER 22, 2023

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. The company refused to pay the ransom and the ransomware gang threatened to leak the alleged stolen documents, including project data, clients’ and partners’ info, and NDAs. “We’ve obtained 100 GB of data of N

Ransomware 123

Ransomware Data breaches Financial Services Archiving 123

Hunton Privacy

DECEMBER 18, 2023

As we previously reported , the U.S. Securities and Exchange Commission’s (“SEC”) new Form 8-K rules for reporting material cybersecurity incidents take effect today, December 18, for filers other than smaller reporting companies. The new rules require reporting to the SEC within four business days from the determination of materiality. Incident response will potentially become more complicated as the incremental burdens of timely compliance with the new Form 8-K requirements add additional comp

Cybersecurity 121

Cybersecurity Risk Compliance Security 121

WIRED Threat Level

DECEMBER 18, 2023

On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.

Security 121

Security 121

Security Affairs

DECEMBER 18, 2023

An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider Westpole disrupted multiple services of local and government organizations and municipalities. A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. The incident impacted a Westpole’s customer company named PA Digitale which offers its services to various local and government organizations that rely on its platform

Ransomware 120

Ransomware Cloud Government Privacy 120

Data Breach Today

DECEMBER 19, 2023

Ransomware Group Declares Nothing Off Limits Outside of CIS Countries The BlackCat ransomware as service operation's putative "unseizing" of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The stung was a "tactical error" that could alienate affiliates.

Ransomware 316

Ransomware Security IT 316

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

Hanzo Learning Center

DECEMBER 19, 2023

In 2023, the legal landscape has been significantly shaped by two key trends: the rapid evolution of Artificial Intelligence (AI) and the advancements in ediscovery. These developments have not only transformed legal processes but also presented new challenges and opportunities for legal professionals. As we delve into this first part of our series, we examine the top blogs that have been at the forefront of these trends.

Artificial Intelligence 119

Artificial Intelligence 119

IT Governance

DECEMBER 22, 2023

DORA’s supply chain security requirements IT Governance’s research for November 2023 found that 48% of the month’s incidents originated from the supply chain (i.e. were third-party attacks). For Europe , this number rises to 61%. Admittedly, it only takes a comparatively small number of supply chain attacks to skew the number of incidents. It’s in their nature for one attack to compromise potentially hundreds or even thousands of organisations.

Risk 114

Risk Information Security Compliance GDPR 114

Security Affairs

DECEMBER 17, 2023

A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets. Threat actors pushed a malicious version of the “ @ledgerhq/connect-kit ” npm module developed by crypto hardware wallet maker Ledger, leading to the theft of more than $600,000 in virtual assets. Once the attack was discovered, the Crypto hardware wallet maker Ledger published a new version (version 1.1.8) of its npm module.

Phishing 115

Phishing Libraries Authentication Access 115

Data Breach Today

DECEMBER 21, 2023

Also: Hackers Scrooge The North Face Holiday Shipments This week, MongoDB blamed a phishing email for causing unauthorized access to its corporate environment, hackers interrupted VF Corp. holiday shipping, Britain electrical grid operator National Grid dropped a Chinese supplier, German authorities shut down an online criminal bazaar, and more.

Phishing 314

Phishing Access IT 314

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Schneier on Security

DECEMBER 22, 2023

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.

113

113

eSecurity Planet

DECEMBER 20, 2023

Attack surface management (ASM) is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation (BAS) and applies them to an organization’s entire IT environment, from networks to the cloud. That makes ASM’s ambitions much greater than legacy vulnerability management tools.

Cloud 113

Cloud Risk Compliance Security 113

Security Affairs

DECEMBER 17, 2023

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems. MongoDB is a US company that developed the popular open-source NoSQL database management system. The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information.

Metadata 115

Metadata Data breaches Phishing Authentication 115

Data Breach Today

DECEMBER 22, 2023

Hackers Crippled Systems, Stole Patient Data From ESO Solutions Hackers carried out a double-extortion ransomware attack on medical software company ESO Solutions, exposing personal details and healthcare information of 2.7 million U.S. patients and encrypting some of the company's systems. Double-extortion attacks also exfiltrate data.

Encryption 302

Encryption Ransomware 302

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

OpenText Information Management

DECEMBER 22, 2023

Remaining at the forefront of the ever-evolving innovation curve is imperative for ensuring the financial vitality of any organization. Despite this urgency, numerous treasury management departments rely on outdated data and manual processes, oblivious to the extensive ramifications of such practices. In a previous blog, I looked at the cost and resource savings companies can … The post Treasury Management: The true cost of manual processes and outdated data appeared first on OpenText Blog

111

111

eSecurity Planet

DECEMBER 19, 2023

Infrastructure as a service security is a concept that assures the safety of organizations’ data, applications, and networks in the cloud. Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as shedding light on the security benefits of IaaS, you can better secure your cloud security infrastructure.

Security 113

Security Cloud Encryption Authentication 113

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. So, how do you protect against them? Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Sales 112

Sales Ransomware Passwords Communications 112

Data Breach Today

DECEMBER 18, 2023

Financial Stability Oversight Council Expects AI Use to Increase U.S. regulators for the first time detailed the risks artificial intelligence poses to the financial system and classified the technology as an "emerging vulnerability." The Financial Stability Oversight Council in its annual report flagged AI's ability to introduce "certain risks.

Risk 304

Risk Artificial Intelligence IT 304

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

KnowBe4

DECEMBER 20, 2023

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its’ victims for everything of value they have on their computer.

IT 115

IT Phishing 115

eSecurity Planet

DECEMBER 18, 2023

The impending holidays don’t mean a break from cybersecurity threats. This week’s news includes open-source software vulnerabilities, endangered data, and continued attacks from state-sponsored Russian threat groups. Google’s Dataproc security issues could be exploited not just through the analytics engine but through Google Compute Engine, too.

Analytics 113

Analytics Cybersecurity Authentication Access 113

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will roll out over the coming days/weeks.

Libraries 111

Libraries Access IT Information Security 111

Data Breach Today

DECEMBER 22, 2023

Attackers Masquerade as Hotels to Steal Clients' Payment Card Data, Experts Warn Scammers are stealing hotels' log-in credentials for online travel site Booking.com and targeting their customers, experts warn. In many cases, attackers use Booking's own messaging system to contact customers and request their payment card data, they say.

298

298

Advertisement

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

Analytics

KnowBe4

DECEMBER 19, 2023

Researchers at Bitdefender warn that scammers are tricking victims with fake remote job opportunities. In this case, the scammers tell victims that they’ll get paid for liking YouTube videos.

Security 115

Security 115

Schneier on Security

DECEMBER 18, 2023

More unconstrained surveillance : Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila Jayapal (D-Wash.), and Rep. Sara Jacobs (D-Calif.)—said their investigation pulled information from briefings with eight big prescription drug suppliers.

Government 109

Government IT Privacy 109

Security Affairs

DECEMBER 17, 2023

The Mirai-based botnet InfectedSlurs was spotted targeting QNAP VioStor NVR (Network Video Recorder) devices. In November, Akamai warned of a new Mirai -based DDoS botnet, named InfectedSlurs , actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022.

Honeypots 111

Honeypots IoT Communications Security 111