Tue.Dec 19, 2023

article thumbnail

BlackCat Ransomware 'Unseizing' a Dark Web Stunt

Data Breach Today

Ransomware Group Declares Nothing Off Limits Outside of CIS Countries The BlackCat ransomware as service operation's putative "unseizing" of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The stung was a "tactical error" that could alienate affiliates.

article thumbnail

BlackCat Ransomware Raises Ante After FBI Disruption

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Okta to Acquire Spera Security

Data Breach Today

Okta Says Acquisition Will Expand Its Ability to Detect High-Risk Accounts Okta finalized an agreement to acquire Spera Security, saying the purchase will expand its ability to track risky accounts and access misconfigurations. Spera, a Tel Aviv startup, touts itself as a tool for giving security teams "real-time visibility into their entire identity surface.

Security 298
article thumbnail

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

Security Affairs

Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for Identity and citizenship ahead of the Holiday Season Resecurity, Inc. (USA) has identified a new fraudulent campaign by the Smishing Triad gang in which they are impersonating the United Arab Emirates Federal Authority for Identity and Citizenship. This campaign involves malicious SMS/iMessage texts that pretend to be on behalf of the General Directorate of Residency and Foreigners Affairs, targeting digital identity

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Report Says CISA is Failing to Identify High-Risk Exploits

Data Breach Today

CISA Failed to Include High-Risk Vulnerabilities in Known Exploit List, Report Says The Cybersecurity and Infrastructure Security Agency maintains an exhaustive list that the U.S. cyber agency describes as "the authoritative source of vulnerabilities that have been exploited in the wild," but a new report says it has failed to identify nearly 100 high-risk vulnerabilities in 2023.

Risk 286

More Trending

article thumbnail

Iowa Medical Center Latest Victim of Transcription Firm Hack

Data Breach Today

Lawsuits Keep Stacking Up Against Perry Johnson and Associates An Iowa medical center is among the latest healthcare entities reporting to federal regulators a breach tied to a data theft hack on medical transcription vendor Perry Johnson and Associates earlier this year. Meanwhile, stacks of federal lawsuits continue to pile up against the Nevada firm.

284
284
article thumbnail

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.

article thumbnail

Looking Ahead: Mobile Driver's Licenses for ID Verification

Data Breach Today

Prove's Mary Ann Miller Discusses Innovative Approaches to Identity Verification Fraudsters can now easily create fake driver's licenses to scam banks and merchants. Moving to electronic identification that can be stored on mobile devices has the potential to unlock innovation in the identity verification space, said Mary Ann Miller, vice president of client experience at Prove.

284
284
article thumbnail

Comcast’s Xfinity customer data exposed after CitrixBleed attack

Security Affairs

Comcast’s Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability. Comcast’s Xfinity is notifying its customers about the compromise of their data in a cyberattack that involved the exploitation of the CitrixBleed flaw. CitrixBleed is a critical vulnerability, tracked as CVE-2023-4966 , in Citrix NetScaler ADC (Application Delivery Controller) software.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

FBI Seizes BlackCat Infrastructure; Group Has New Domain

Data Breach Today

Agency Developed a Tool to Decrypt the Systems of More Than 500 Victims U.S. authorities seized dark web infrastructure of the BlackCat ransomware-as-a-service group, also known as Alphv, although the Russian-speaking threat actor said it has reestablished operations. The group's data leak site and its Tox instant messaging account went offline Dec. 7.

article thumbnail

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI.

Privacy 136
article thumbnail

OpenAI Formulates Framework to Mitigate 'Catastrophic Risks'

Data Breach Today

A Preparedness Team Will Warn of Current, Future Dangers in the Firm's AI Models OpenAI on Monday released a framework it says will help assess and protect against the "catastrophic risks" posed by the "increasingly powerful" AI models it develops. "We believe the scientific study of catastrophic risks from AI has fallen far short of where we need to be," the company said.

Risk 280
article thumbnail

A Major Ransomware Takedown Suffers a Strange Setback

WIRED Threat Level

After an 18 month rampage, global law enforcement finally moved against the notorious Alphv or Blackcat ransomware group. Within hours, the operation faced obstacles.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

BMW dealer at risk of takeover by cybercriminals

Security Affairs

By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk. The Cybernews research team has discovered that the Bengaluru branch of BMW Kun Exclusive, a BMW dealership in India, has exposed sensitive data to the public. The data leak could have resulted in unauthorized access to sensitive clients’ and business data or even a full takeover of the BMW outlet’s internal systems by threat actors.

Risk 129
article thumbnail

I tested the Whoop 4.0 band with its ChatGPT-like fitness coach, and the results blew me away

Collaboration 2.0

The new Whoop Coach feature can give you more insight into your biometric data, including what actions to take to improve your health.

IT 128
article thumbnail

New Remote “Job” Scam Tells Victims They'll Get Paid For Liking YouTube Videos

KnowBe4

Researchers at Bitdefender warn that scammers are tricking victims with fake remote job opportunities. In this case, the scammers tell victims that they’ll get paid for liking YouTube videos.

Security 128
article thumbnail

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Holiday Scams Include Thousands of Impersonation Phishing Domains per Brand

KnowBe4

Midstride in this year’s holiday shopping, it’s important to realize just how many websites exist that impersonate legitimate online retailers. More importantly, your users need to know how to spot these types of attacks before falling victim.

Phishing 124
article thumbnail

Navigating Ediscovery and AI in Legal Tech - 2023 Trends

Hanzo Learning Center

In 2023, the legal landscape has been significantly shaped by two key trends: the rapid evolution of Artificial Intelligence (AI) and the advancements in ediscovery. These developments have not only transformed legal processes but also presented new challenges and opportunities for legal professionals. As we delve into this first part of our series, we examine the top blogs that have been at the forefront of these trends.

article thumbnail

CyberheistNews Vol 13 #51 Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL Spike

KnowBe4

Phishing Is Still the No.

Phishing 115
article thumbnail

IaaS Security: Top 8 Issues & Prevention Best Practices

eSecurity Planet

Infrastructure as a service security is a concept that assures the safety of organizations’ data, applications, and networks in the cloud. Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as shedding light on the security benefits of IaaS, you can better secure your cloud security infrastructure.

Security 109
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Re-evaluate UEM ROI for a brighter 2024.

Jamf

Why do specialized solutions outperform one-size-fits approaches? And why does it matter in challenging economic times? Read on to find out.

IT 92
article thumbnail

CJEU Rules That Fear May Constitute Damage Under the GDPR

Hunton Privacy

On December 14, 2023, the Court of Justice of the European Union (“CJEU”) issued its judgment in the case of VB v. Natsionalna agentsia za prihodite (C‑340/21), in which it clarified, among other things, the concept of non-material damage under Article 82 of the EU General Data Protection Regulation (“GDPR”) and the rules governing burden of proof under the GDPR.

GDPR 78
article thumbnail

How cloud-based Macs transformed Dropbox

Jamf

Learn how Dropbox used Jamf-managed Amazon EC2 Mac instances to turn the sudden loss of a critical infrastructure component into an opportunity to step into the future.

Cloud 89
article thumbnail

Episode 254: Dennis Giese’s Revolutionary Robot Vacuum Liberation Movement

The Security Ledger

Security researcher and IoT hacker Dennis Giese talks about his mission to liberate robot vacuums from the control of their manufacturers, letting owners tinker with their own devices and - importantly - control the data they collect about our most intimate surroundings. The post Episode 254: Dennis Giese’s Revolutionary Robot Vacuum. Read the whole entry. » Click the icon below to listen.

IoT 75
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Accelerate release lifecycle with pathway to deploy: Part 2

IBM Big Data Hub

As enterprises embrace cloud native and everything as code, the journey from code to production has become a critical aspect of delivering value to customers. This process, often referred to as the “pathway to deploy,” encompasses a series of intricate steps and decisions that can significantly impact an organization’s ability to deliver software efficiently, reliably and at scale.

Cloud 74
article thumbnail

“World Quality Report 2023-2024: The future up close” is now available!

OpenText Information Management

World Quality Report is back for its 15th edition! The only global report of its kind analyzes the latest in quality engineering and software testing trends. OpenText has teamed up with Capgemini™ and Sogeti™ to conduct the global survey (see the recent press release). This year, we interviewed 1,750 executives and professionals across 8 sectors from … The post “World Quality Report 2023-2024: The future up close” is now available!

IT 69
article thumbnail

Anomaly detection in machine learning: Finding outliers for optimization of business functions

IBM Big Data Hub

As organizations collect larger data sets with potential insights into business activity, detecting anomalous data, or outliers in these data sets, is essential in discovering inefficiencies, rare events, the root cause of issues, or opportunities for operational improvements. But what is an anomaly and why is detecting it important? Types of anomalies vary by enterprise and business function.