Security Affairs

JUNE 11, 2021

The current era, where all data is digital, the threats of fraud, breach and data sprawl are more of a reality than ever. In these times, organizations not only take a hit because of the breached data and cyber threats, but also are heavily fined under global privacy regulations. These privacy regulations are in place to encourage security operations within organizations to protect their data from malicious intent.

Privacy 117

Privacy Risk Information Security Security 117

Dark Reading

JUNE 2, 2021

Pen-testing today's threat deception technology is not for the faint-hearted. Do modern deception tools truly frustrate adversaries, and are they ready for the enterprise SOC?

114

114

Data Breach Today

JUNE 5, 2021

Dr. Claudia Natanson Describes Vision of U.K.’s New Self-Regulatory Body U.K. Cyber Security Council is a new self-regulatory body for the profession. It is tasked by the U.K. Government to execute their vision for the U.K. to be one of the safest places to work and do business online, says the chair of the Council’s Board of Trustees, Dr. Claudia Natanson.

Education 363

Education Security Government IT 363

Krebs on Security

JUNE 21, 2021

Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems — a basic first step in protecting networks from cyberattacks.

Cybersecurity 329

Cybersecurity Access Authentication Passwords 329

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

Artificial Intelligence

Troy Hunt

JUNE 9, 2021

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago , then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.

IT 144

IT 144

Security Affairs

JUNE 29, 2021

A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users. A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total 756M users, is available for sale on forums on the dark web. The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experi

Sales 144

Sales Archiving Phishing Authentication 144

The Guardian Data Protection

JUNE 15, 2021

Swedish retailer found guilty of gathering data to sift out potential trouble-makers among employees The home furnishings group Ikea has been ordered to pay €1.1m (£861,000) in fines and damages by a French court after being found guilty of spying on staff. Two former Ikea France executives were also convicted and fined over an elaborate scheme to gather information on hundreds of employees, job applicants and even customers over several years, using private detectives and police sources.

Retail 140

Retail 140

Data Breach Today

JUNE 16, 2021

U.S Wants 16 Critical Infrastructure Entities Off-Limits to Attack At their Geneva summit meeting Wednesday, U.S. President Joe Biden told Russian President Vladimir Putin that if Russia continued to wage cyberattacks against the U.S., it would face retaliation.

IT 361

IT 361

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School , the University of California , and University of Maryland. A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.

Ransomware 321

Ransomware Encryption Cybersecurity Access 321

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

Troy Hunt

JUNE 14, 2021

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on the Finnish government. Finland is now the 5th Nordic country and 21st national CERT to be onboarded with many more from around the globe to be announced shortly.

Government 143

Government Data breaches Access Security 143

Schneier on Security

JUNE 11, 2021

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announced 800 arrests based on text messages sent over the app.

Encryption 140

Encryption Blockchain Security IT 140

Security Affairs

JUNE 4, 2021

Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724 , that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and

Communications 141

Communications Access IT Security 141

Threatpost

JUNE 24, 2021

Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.

Risk 144

Risk Security 144

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Data Breach Today

JUNE 26, 2021

New JSSLoader Variant is Being Spread by TA543 Group A cybercrime group tracked as TA543 by security firm Proofpoint is deploying a new variant of a malware loader to target victims as part of a phishing campaign, the company reports.

Phishing 360

Phishing Security 360

Krebs on Security

JUNE 15, 2021

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her

Ransomware 312

Ransomware Passwords Government Access 312

Troy Hunt

JUNE 5, 2021

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out.

Passwords 141

Passwords IT 141

Schneier on Security

JUNE 2, 2021

The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ran

Ransomware 139

Ransomware Communications Security 139

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

JUNE 19, 2021

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. South Korean representatives declared on Friday that North Korea-linked APT group Kimsuky is believed to have breached the internal network of the South Korean Atomic Energy Research Institute (KAERI). The Korea Atomic Energy Research Institute (KAERI) in Daejeon, South Korea was established in 1959 as the sole professional research-oriented institute for nuclea

Phishing 141

Phishing Government Data collection Cybersecurity 141

The Guardian Data Protection

JUNE 24, 2021

Proposed changes to policing, surveillance and judicial review will jeopardise right to peaceful protest, says special rapporteur Boris Johnson’s government is introducing three pieces of legislation that will make human rights violations more likely to occur and less likely to be sanctioned even as averting climate catastrophe depends on these rights, the UN special rapporteur for human rights and the environment has said.

Government 130

Government 130

Data Breach Today

JUNE 14, 2021

Service Employees International Union 775 Benefits Group: PII and PHI Deleted A Seattle-based benefits administrator for unionized home healthcare and nursing home workers has reported a hacking incident affecting 140,000 individuals that involved deleting certain data.

360

360

Krebs on Security

JUNE 23, 2021

In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.

Encryption 310

Encryption IT Marketing 310

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Troy Hunt

JUNE 8, 2021

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ? Many people certainly noticed the time because I kept getting asked when it was actually going to happen.

Passwords 138

Passwords IT Security 138

Schneier on Security

JUNE 17, 2021

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.” GEA-1 was d

Encryption 135

Encryption Paper Security 135

Security Affairs

JUNE 10, 2021

Google this week addressed 14 vulnerabilities in the Chrome browser, including a zero-day flaw that has been exploited in the wild. Google released security updates to address 14 vulnerabilities in the Chrome browser, including a zero-day issue that has been exploited in the wild. The most severe of these flaws, tracked as CVE-2021-30544, is a critical use-after-free issue that impacts BFCache.

Access 140

Access Security IT Cybersecurity 140

Threatpost

JUNE 28, 2021

After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.

Sales 143

Sales Security IT Privacy 143

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Data Breach Today

JUNE 10, 2021

New Stand-Alone Firm Is Tasked With Combatting Digital Commerce Fraud RSA Security LLC has spun off its fraud and risk intelligence business into a stand-alone company named Outseer. The new company will be led by Reed Taussig as CEO, and it will serve a worldwide customer and partner community.

Risk 353

Risk Security IT 353

Krebs on Security

JUNE 25, 2021

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device. One of many similar complaints on Western Digital’s user forum.

Access 303

Access Marketing IT 303

Troy Hunt

JUNE 28, 2021

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come.

Government 137

Government Data breaches Access 137