Mon.Mar 11, 2024

article thumbnail

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Krebs on Security

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Marketing 308
article thumbnail

Dropbox Used in Latest Exploit for Phishing Attacks

Data Breach Today

Darktrace Warns of Malware Hidden in PDF Stored in Dropbox Phishing attacks continue to adapt to exploit popular apps. While many phishing campaigns have focused on mobile banking and payment sites, attackers are also targeting widely used but lower-profile, cloud-based utilities such as the ubiquitous Dropbox storage platform.

Phishing 301
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Massive cyberattacks hit French government agencies

Security Affairs

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) attacks.

article thumbnail

Broadcom Axes Carbon Black Sale, to Merge Unit with Symantec

Data Breach Today

CEO Hock Tan: Joining Carbon Black, Symantec Generates More Value for Shareholders Months after declaring "Carbon Black is Back," the endpoint security unit was gobbled up by Broadcom and folded into its Symantec security team. "We would generate more value to our shareholders by taking Carbon Black - which is not that big - and integrating it into Symantec," CEO Hock Tan said.

Sales 297
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

Security Affairs

Threat actors are hacking WordPress sites by exploiting a vulnerability, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin. In January, Sucuri researchers reported that Balada Injector malware infected over 7100 WordPress sites using a vulnerable version of the Popup Builder WordPress plugin. Sucurity reported that on December 13th, the Balada Injector campaign started infecting websites using older versions of the Popup Builder ( CVE-2023-6000 , CVSS score 8.8).

Cleanup 140

More Trending

article thumbnail

Airbnb Bans All Indoor Security Cameras

WIRED Threat Level

Starting at the end of April, Airbnb will no longer allow hosts to have security cameras inside their rental properties, citing a commitment to prioritizing guest privacy.

Security 135
article thumbnail

Italian Data Regulator Launch Probe Into OpenAI's Sora

Data Breach Today

Company Has 20 Days to Disclose Detail on Data Used for Training the AI System The Italian data protection regulator opened a privacy inquiry to Sora, OpenAI's newly announced text to video artificial intelligence model. The inquiry follows another ongoing probe into ChatGPT. OpenAI has 20 days to respond to a number of questions posed by the Italian agency.

article thumbnail

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. Researchers from Horizon3.ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 and earlier, OpenEdg

article thumbnail

Importance of Resilience in Mitigating Supply Chain Attacks

Data Breach Today

The Change Healthcare attack is already providing valuable lessons to healthcare firms - primarily the importance of resilience, especially when it comes the industry's supply chain and third parties, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

WIRED Threat Level

The Pentagon says it’s not hiding aliens, but it stops notably short of saying what it is hiding. Here are the key questions that remain unanswered—some answers could be weirder than UFOs.

IT 127
article thumbnail

CISA Lacks Staff with Skills Needed to Safeguard OT

Data Breach Today

GAO Report Criticizes CISA's Info Sharing Programs for Critical Infrastructure The U.S. Government Accountability Office found that CISA lacks the skilled staff to effectively share information with critical infrastructure operators about threats. Also, the GAO found that the Pipeline and Hazardous Materials Safety Administration lacked an information-sharing process.

article thumbnail

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Security Affairs

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufacturing, media a

article thumbnail

Why Wiz Is Pursuing Its 2nd Massive Funding Round in 2 Years

Data Breach Today

Cloud Security Vendor Wiz Eyes Unprecedented $800M Funding Round at $10B+ Valuation The New York-based cloud security phenom is speaking with several investors include Thrive, Lightspeed Venture Partners, G Squared, Sequoia and Cyberstarts in hopes of raising roughly $800 million at a valuation of more than $10 billion. The cash infusion would help Wiz finance future acquisitions.

Cloud 271
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Using LLMs to Unredact Text

Schneier on Security

Initial results in using LLMs to unredact text based on the size of the individual-word redaction rectangles. This feels like something that a specialized ML system could be trained on.

120
120
article thumbnail

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. A financially motivated threat actor named Magnet Goblin made the headlines for rapidly adopting and exploiting 1-day vulnerabilities, CheckPoint warned. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

article thumbnail

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

eSecurity Planet

This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues. Apple’s also had plenty to patch, and Cisco, OpenEdge, and VMware appeared in the news, too. JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up in the same products.

article thumbnail

Do more with trusted data: Join us at Data Citizens ’24

Collibra

AI is everywhere. It is in our homes, our businesses, and our schools — and it’s here to stay. While AI offers great opportunities, it can also present enormous risks. That is why we believe trusted data is more important now than ever before. With the increased focus on AI, organizations need to prepare for the future with strong AI governance to mitigate risks and increase ROI.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Binance’s Top Crypto Crime Investigator Is Being Detained in Nigeria

WIRED Threat Level

Tigran Gambaryan, a former crypto-focused US federal agent, and a second Binance executive, Nadeem Anjarwalla, have been held in Abuja without passports for two weeks.

article thumbnail

FBI's 2023 Internet Crime Report Highlights Alarming Trends on Ransomware

KnowBe4

The specter of cybercrime continues to grow, with losses soaring to $12.5 billion in 2023, according to the recently released Internet Crime Report by the FBI's Internet Crime Complaint Center (IC3).

article thumbnail

FTC Chair Asserts Certain Sensitive Data Should Be Excluded from Training AI Models

Hunton Privacy

As reported by Bloomberg Law , on February 27, 2024, at RemedyFest, a conference hosted by Bloomberg Beta and Y Combinator, Federal Trade Commission Chair Lina Khan said that sensitive personal data that is linked to health, geolocation and web browsing history should be excluded from training artificial intelligence (“AI”) models. Khan said that the FTC is focused on creating “bright lines on the rules of development, use and management of AI inputs” which make it clear that certain sensitive d

article thumbnail

The European Union's Unified Approach to Cybersecurity: The Cyber Solidarity Act

KnowBe4

The construction of a more cyber resilient European Union (EU) took a remarkable step forward this past week as negotiators from the European Parliament and the European Council reached a provisional agreement on the proposed Cyber Solidarity Act.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How RFID Authentication Powers Secure Access Around the World: A Spotlight on Italy’s ID Card System

HID Global

Discover how RFID technology played a role in Italy’ secure ID card system, enhancing access with contactless technology and two-factor authentication by HID.

article thumbnail

Three Essential Truths Every CISO Should Know To Guide Their Career

KnowBe4

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.

IT 105
article thumbnail

Why 10,000 Customers Rely on DocuWare Cloud

Docuware

DocuWare was a pioneer when it launched its first cloud offering in 2012. At that point, the company started to explore the potential of cloud technology together with a small group of innovative clients. This year, DocuWare welcomed its 10,000th global cloud customer to its client list.

Cloud 26
article thumbnail

GUEST ESSAY: A DIY guide to recognizing – and derailing – Generative AI voice scams

The Last Watchdog

Americans lost a record $10 billion to scams last year — and scams are getting more sophisticated. Related: Google battles AI fakers Recently used to impersonate Joe Biden and Taylor Swift, AI voice cloning scams are gaining momentum — and one in three adults confess they aren’t confident they’d identify the cloned voice from the real thing. Google searches for ‘AI voice scams’ soared by more than 200 percent in the course of a few months.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Google Is Getting Thousands of Deepfake Porn Complaints

WIRED Threat Level

Content creators are using copyright laws to get nonconsensual deepfakes removed from the web. With the complaints covering nearly 30,000 URLs, experts say Google should do more to help.

Privacy 104
article thumbnail

US Federal Budget Proposes $27.5B for Cybersecurity

Data Breach Today

Budget Proposes Incremental Increases, Not Leaps, But Small Budget Cut for CISA The Biden administration doesn't propose huge leaps in cybersecurity funding in an annual spending blueprint unveiled Monday afternoon. U.S. federal civilian cybersecurity spending would amount to $13 billion, while the military would spend $14.5 billion.

article thumbnail

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

66,702,148 known records breached in 103 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight 36 million MX3 Nutrition records allegedly leaked A threat actor known as Chucky has leaked 36 million customer records a