Wed.Sep 13, 2023

article thumbnail

Big MGM Resorts Outage Traces to Ransomware, Researchers Say

Data Breach Today

Alphv/BlackCat Group Reportedly Hit Casino Operator via Social Engineering Attack Booking and reservation systems, as well as slot machines, hotel room door locks, ATMs and more remain offline at multiple MGM Resorts properties as the publicly traded casino hotel giant battles "a cybersecurity issue" that one group of security researchers has tied to a ransomware group attack.

article thumbnail

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold.

Passwords 321
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

DOD Cyber Strategy Aims to Disrupt Hackers, Deepen Ally Work

Data Breach Today

Defense Department Will Conduct Defensive Ops on Internal Network, Invest in People The Defense Department's updated cyber strategy calls for disrupting malicious actors and boosting the cyber capabilities of U.S. allies to take on Chinese threats to critical infrastructure. Defense officials also plan to conduct defensive operations to protect the department's information network.

312
312
article thumbnail

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

The Last Watchdog

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life. Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks. I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd , a pioneer in the crowdsourced security market.

Security 228
article thumbnail

5 Ways You Can Win Faster with Gen AI in Sales

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

article thumbnail

EU Chief Announces Plans to Boost AI Development

Data Breach Today

EU Will Grant AI Startups Access to Supercomputers, Commission President Says The European Union will open up supercomputers to artificial intelligence startups in a bid to boost innovation inside the trading bloc, European Commission President Ursula von der Leyen said Wednesday. She said Europe has a "narrowing window of opportunity" to guide responsible innovation.

More Trending

article thumbnail

Journey to the Cloud: Navigating the Transformation - Part 1

Data Breach Today

Nikko Asset Management's Marcus Rameke Defines the Requirements In Part 1 of this three-part blog post, Nikko Asset Management's Marcus Rameke provides an introduction and defines the requirements for making the transformative journey to the cloud. Parts 2 and 3 will discuss more detailed aspects of making the shift to the cloud.

Cloud 291
article thumbnail

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Security Affairs

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863 , in Firefox and Thunderbird that has been actively exploited in the wild. The vulnerability is a heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187, The vulnerability allowed a remote attacker to perform an out-of-bounds memory write via

article thumbnail

Feds Warn Healthcare Sector of Akira Ransomware Threats

Data Breach Today

HHS: Group Seems to Favor Targeting Small & Midsized Entities that Lack MFA on VPNs Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many industries, including healthcare, and seems to favor entities that lack MFA on VPNs.

article thumbnail

A new ransomware family called 3AM appears in the threat landscape

Security Affairs

3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure. Symantec’s Threat Hunter Team discovered a new ransomware family, which calls itself 3AM, that to date has only been deployed in a single incident in which the threat actors failed to deploy the LockBit ransomware.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft Patches Fix Word and Streaming Services Zero-Days

Data Breach Today

Patch Contains 59 Bugs Fixes, Including 5 Critical Ones Microsoft's September dump of fixes addresses two actively exploited zero-day vulnerabilities, including one in Microsoft Word that has a proof-of-concept code available publicly. "Definitely put this one on the top of your test-and-deploy list," wrote Dustin Childs.

284
284
article thumbnail

Redfly group infiltrated an Asian national grid as long as six months?

Security Affairs

A threat actor tracked as Redfly had infected the systems at a national grid located in an unnamed Asian country for six months starting in January. Symantec’s Threat Hunter Team discovered that a threat actor called Redfly used the ShadowPad backdoor to compromise a national grid in an Asian country for as long as six months earlier this year. While ShadowPad is known to be part of the arsenal of multiple China-linked APT groups, the TTPs observed in the attack on the national power grid overla

article thumbnail

Chinese APT41 Implicated in Asian National Power Grid Hack

Data Breach Today

Symantec Finds APT41 Fingerprint in a ShadowPad Trojan Attack on Asian Power Grid Cybersecurity researchers at Symantec said a cybercriminal entity with possible ties to the Chinese government used the ShadowPad Trojan to target an Asian country's national power grid earlier this year. The Redfly APT group focused on stealing credentials and compromising multiple computers.

article thumbnail

Zero-Click Exploit in iPhones

Schneier on Security

Make sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061 , allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachment

Security 133
article thumbnail

10 Ways to Leverage Buyer Signals and Drive Revenue

In today’s ultra-competitive markets, it’s no longer enough to wait for buyers to show obvious signs of interest. Instead, sales teams must be proactive, identifying and acting on nuanced buyer behaviors — often before prospects are fully ready to make a purchase. In this eBook from ZoomInfo & Sell Better, learn 10 actionable ways to use these buyer signals to transform your sales strategy and close deals faster.

article thumbnail

The Twisted Eye in the Sky Over Buenos Aires

WIRED Threat Level

A scandal unfolding in Argentina shows the dangers of implementing facial recognition—even with laws and limits in place.

Privacy 124
article thumbnail

Can You Guess Common Phishing Themes in Southeast Asia?

KnowBe4

Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks.

Phishing 118
article thumbnail

FTC to Hold Open Meeting on Stealth Advertising in Digital Media Targeting Children

Hunton Privacy

On September 7, 2023, Lina M. Khan, Chair of the Federal Trade Commission, announced that the FTC will hold an open meeting virtually at 11 am ET on Thursday, September 14, 2023. The agenda of the open meeting includes a vote by the FTC on whether to release a staff perspective and recommendations on the blurring of advertising and content on digital media and its effects on children and teens.

Marketing 113
article thumbnail

Congratulations to our Jammies Awards Finalists

Jamf

We're excited to announce the finalists chosen from the applicants for the Jammies Awards, the customer appreciation awards celebrating those who exemplify Jamf values and innovative usage of Jamf solutions.

111
111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cybersecurity Skills Gap: Roadies & Gamers Are Untapped Talent

Dark Reading

Gamers and former sound engineers and roadies can help boost the cybersecurity talent pool. Their flexible mindset and attention to detail make them valuable resources.

article thumbnail

The US Congress Has Trust Issues. Generative AI Is Making It Worse

WIRED Threat Level

Senators are meeting with Silicon Valley's elite to learn how to deal with AI. But can Congress tackle the rapidly emerging tech before working on itself?

IT 104
article thumbnail

Microsoft Azure HDInsight Plagued With XSS Vulnerabilities

Dark Reading

To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.

Security 108
article thumbnail

Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

eSecurity Planet

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802 , an elevation of privilege flaw in Microsoft Streaming Service with a CVSS score of 7.8 that could provide an attacker with system privileges.

article thumbnail

Signal-Based Selling: How to Leverage 4 Key Buying Signals

As prospects define their problem, search for solutions, and even change jobs, they are generating high-value signals that the best go-to-market teams can leverage to close more deals. This is where signal-based selling comes into play. ZoomInfo CEO Henry Schuck recently broke down specific ways to put four key buying signals into action with the experts from 30 Minutes to President’s Club.

article thumbnail

When LockBit Ransomware Fails, Attackers Deploy Brand-New '3AM'

Dark Reading

Nothing good happens after 2 a.m., they say, especially when hackers have two kinds of ransomware at their disposal.

article thumbnail

Ubotica partners with IBM for one-click deployment of space AI applications

IBM Big Data Hub

Space AI leader Ubotica Technologies is partnering with IBM to leverage IBM cloud infrastructure and watsonx.ai components, intending to simplify the process for a developer to get their application running onboard a satellite. With a single click, mutual customers will be able to securely deploy their AI models directly to satellites that use the Ubotica CogniSAT TM platform.

Cloud 97
article thumbnail

Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors

Dark Reading

The operators of the Rhysida ransomware-as-a-service have claimed credit for a crippling attack on Mississippi's Singing River health system.

article thumbnail

Data breach prevention: 5 ways attack surface management helps mitigate the risks of costly data breaches

IBM Big Data Hub

Organizations are wrestling with a pressing concern: the speed at which they respond to and contain data breaches falls short of the escalating security threats they face. An effective attack surface management (ASM) solution can change this. According to the Cost of a Data Breach 2023 Report by IBM, the average cost of a data breach reached a record high of USD 4.45 million this year.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns

Dark Reading

All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds.

102
102
article thumbnail

Clear data ownership paves the way for data-driven manufacturing

CGI

Businesses across industries generate and use large amounts of data to make strategic insights-led decisions and improve their operations. Within manufacturing, data is produced at every stage of the production process—from design and prototyping to production and quality control. However, the question of who owns this data can be complex, and it's becoming increasingly important for businesses to understand their rights and responsibilities of data ownership.

article thumbnail

A 2-Week Prescription for Eliminating Supply Chain Threats

Dark Reading

Giving users time to detect and then update hijacked packages can help developers avoid using malicious code in software development.

100
100