Thu.Sep 26, 2024

article thumbnail

Breach Roundup: How to Spot North Korean IT Workers

Data Breach Today

Also: Ransomware Surged in 2023, MoneyGram Back in Service After Cyberattack This week, advice on spotting North Korean staff; ransomware attacks rose; MoneyGram back online; FCC fined political operative; CISA warned of water system attacks; Ukraine restricted Telegram use; North Korean hackers used new malware; U.K. arrested alleged hacker; PSNI is in data leak talks.

article thumbnail

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NIST Calls for Major Overhaul in Typical Password Practices

Data Breach Today

Draft Guidelines Call for Longer, Randomized Passwords Instead of Memorized Phrases The National Institute of Standards and Technology is calling for longer, randomized passwords instead of memorized phrases containing combinations of upper and lowercase letters in new guidance that aims to modernize current password practices across the public and private sectors.

Passwords 282
article thumbnail

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

WIRED Threat Level

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Privacy 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Visa Acquires AI Leader Featurespace for Payments Protection

Data Breach Today

Featurespace's AI Expertise Will Enhance Visa's Fraud, Risk and Payments Technology Visa has signed a definitive agreement to acquire AI-driven fraud prevention leader Featurespace. This acquisition will reinforce Visa's fraud detection capabilities, integrating advanced machine learning technology to strengthen financial crime prevention and protect global transactions.

Risk 173

More Trending

article thumbnail

Memory-Safe Coding Cuts Android System Flaws by 75%

Data Breach Today

Google Says Rust Language Initiative Eliminates Cross-Site Scripting, Other Flaws Google says switching to a memory-safe language such as Rust under its Safe Coding program has helped significantly reduce the number of vulnerabilities in Android systems. The number of vulnerabilities uncovered in Android devices has fallen from over 200 in 2019 to fewer than 50 by 2024.

IT 173
article thumbnail

Critical RCE vulnerability found in OpenPLC

Security Affairs

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.

article thumbnail

Zero-Day Vulnerabilities in Automatic Tank Gauge Systems

Data Breach Today

Hackers Could Cause Tanks to Overfill and Disable Leak Detection Industrial control systems made by different manufacturers for monitoring fuel storage tanks including those used in everyday gas stations contain critical zero-days that could convert them into targets for cyberattacks that cause physical damage.

article thumbnail

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying out disruptive cyberattacks.

IoT 136
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

OpenAI Exits, Appointments and New Corporate Model

Data Breach Today

OpenAI Seeks to Become a For-Profit Company Wednesday brought more turmoil in the top ranks of OpenAI after three executives in leadership positions quit the company at a time when the AI giant seeks to convert itself into a for-profit entity. The new structure may affect how the company prioritizes and addresses AI risks.

Risk 173
article thumbnail

Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature

Security Affairs

Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox for enabling tracking in Firefox without user consent. Privacy non-profit None Of Your Business (noyb) has filed a complaint with Austria’s data protection authority (DSB) against Mozilla for enabling the privacy feature Privacy-Preserving Attribution (PPA) in Firefox without user consent.

Privacy 129
article thumbnail

Cryptohack Roundup: BingX, Truflation Exploits

Data Breach Today

Also: Reimbursements in Banana Gun Hack; Germany Shutters 47 Exchanges This week, BingX, Truflation, OpenAI X account hacked; Germany shut 47 exchanges; Caroline Ellison sentenced; two got crypto theft charges; one got crypto scam fine; Banana Gun will refund victims; WazirX, Liminal in dispute; SEC settled with TrueCoin, TrustToken; CFTC may settle with Mango Markets.

Marketing 173
article thumbnail

Amid Air Strikes and Rockets, an SMS From the Enemy

WIRED Threat Level

As Israel intensifies its attacks on Lebanon, eerie messages have been arriving on the phones of civilians on both sides of the border, with authorities in each country accusing the other of psychological warfare.

IT 111
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Sophos: Attacks Drop in Nearly All Sectors But Healthcare

Data Breach Today

Survey Finds 37% of Providers Take Over a Month to Recover From Ransomware Ransomware attacks are declining across many sectors - but not in healthcare, where an ongoing surge is reaching a four-year high in incidents, according to new research from security firm Sophos, which surveyed 5,000 IT leaders across 15 sectors and 14 countries between January and February.

article thumbnail

Auto-remediation: the future of AppSec?

OpenText Information Management

Organizations need to develop applications in a fast and agile way. Security is essential, but lengthy manual security reviews are an unacceptable bottleneck. Application security testing solutions like Fortify address this by automating the security review process. Once the security testing is automated, a second bottleneck emerges: Humans must still review and act on the test results.

Security 102
article thumbnail

'Vanilla Tempest' Now Using INC Ransomware in Health Sector

Data Breach Today

Microsoft: Ransomware-as-a-Service Group Keeps Shifting Malware to Avoid Detection Threat actors tracked as "Vanilla Tempest" - and also known as Vice Society - appear to be changing up the ransomware they use to attack on U.S. healthcare organizations. Likely in a move to avoid detection, the ransomware-as-a-service group has shifted to INC Ransom malware, according to Microsoft.

article thumbnail

How hackers could have remotely controlled millions of cars

Collaboration 2.0

A website flaw - since patched - enabled these researchers to remotely track a car's location, unlock its doors, honk the horn, and start the engine.

IT 98
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

State Lawmakers to Give Banks Tools to Fight Elder Fraud

Data Breach Today

With No Federal Help in Sight, 6 Legislatures Hope to Stop Suspicious Transactions As cyber fraud against senior citizens rises, at least four U.S. states are considering new legislation to fill the gaps in fraud protection normally covered by the federal Consumer Financial Protection Bureau. The bills would protect seniors by empowering banks to block suspicious transactions.

162
162
article thumbnail

These Anker headphones offer unmatched comfort and out-of-this-world ANC

Collaboration 2.0

Soundcore's most expensive headphones have a powerful ANC feature that delivers an immersive audio experience.

98
article thumbnail

Proof of Concept: Boosting Security and Taming AI 'Lies'

Data Breach Today

Troy Leach and Avani Desai on Risks of AI Hallucination and Misleading Outputs In the latest "Proof of Concept," Troy Leach of the Cloud Security Alliance and Avani Desai of Schellman discuss the risks of AI hallucinations. As AI models advance, hallucinations pose serious threats to security, especially when quick and accurate decision-making is essential.

Security 162
article thumbnail

Posting ‘Goodbye Meta AI’ is pointless. But we can stop big tech stealing our Facebook pictures | Chris Stokel-Walker

The Guardian Data Protection

Sharing these posts may seem harmless, but don’t be drawn in. There are better ways to combat the threats to our data If you’ve spent any time on Instagram or Facebook lately, you will probably have encountered concerned citizens sharing posts denying Meta, the parent company of both platforms as well as WhatsApp, the right to use their data to train AI systems.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

What Are ISO 27017 and ISO 27018, and What Are Their Controls?

IT Governance

Extending your ISMS to address Cloud security risks ISO 27001 sets out the specification – the requirements – for an effective ISMS (information security management system). But did you know you can extend your ISO 27001 ISMS to cover specific aspects of Cloud security ? Two ISO standards in particular stand out: ISO 27017 ISO 27018 Let’s take a closer look at both ISO 27017 and ISO 27018.

Cloud 92
article thumbnail

An Analysis of the EU’s Cyber Resilience Act

Schneier on Security

A good —long, complex—analysis of the EU’s new Cyber Resilience Act.

article thumbnail

Meta is suddenly crushing Apple in the innovation battle - but wait, there's more!

Collaboration 2.0

I never thought I'd say this, but Meta's announcements - from affordable Quest 3 headsets to updated Ray-Ban smart glasses - are a lot more exciting than Apple's right now.

75
article thumbnail

Configuring Jamf Teacher with Jamf School: from zero to hero

Jamf

Learn to create EdTech roles to support classroom workflows and enhance educational technology integration with Jamf School and Jamf Teacher.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Storm coming? Take these steps to prep your tech before weather emergencies strike

Collaboration 2.0

Technology can help keep you and your family safe during extreme weather - but only if it's powered up and you know how to use it.

IT 76
article thumbnail

Comparing Top VPN Solutions: SurfShark vs ExpressVPN

eSecurity Planet

Surfshark and ExpressVPN are both popular VPNs for individuals and home office setups. Surfshark is a highly affordable solution with many useful features for basic and advanced VPN needs. ExpressVPN offers strong security and privacy for customers who are willing to pay more for a quality solution. I’ve compared the two products, including their features, cost, and overall privacy, to help you select the one that’s better for you.

Privacy 58
article thumbnail

Rust in Linux now: Progress, pitfalls, and why devs and maintainers need each other

Collaboration 2.0

Where do Linux and Rust go from here? A roundtable of kernel developers share their thoughts.

76