Thu.Dec 14, 2023

article thumbnail

Hackers Keep Winning by Gambling on SQL Injection Exploits

Data Breach Today

Gambling and Retail Firms Top Targets of 'GambleForce' Group, Researchers Warn A recently spotted hacking group with a penchant for using open source tools has been using a less-than-novel tactic: exploiting SQL injection flaws. So warn researchers who recently detected attacks by the group, codenamed GambleForce, which appears to focus on gambling and retail firms.

Retail 305
article thumbnail

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

Here’s the final installment of leading technologists sharing their observations about cybersecurity developments in the year that’s coming to a close — and the year to come. Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? •What should I be most concerned about – and focus on – in 2024?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

White House Obtains Safe AI Pledges from 28 Healthcare Firms

Data Breach Today

Companies Commit to Risk Management, Making Care More Affordable More than a dozen healthcare organizations on Thursday signed a White House pledge committing them to responsible deployment of artificial intelligence in a bid to improve health outcomes for Americans while protecting their security and shielding patients against bias.

article thumbnail

McDonald’s Ice Cream Machine Hackers Say They Found the ‘Smoking Gun’ That Killed Their Startup

WIRED Threat Level

Kytch, the company that tried to fix McDonald’s broken ice cream machines, has unearthed a 3-year-old email it says proves claims of an alleged plot to undermine their business.

IT 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hackers Exploiting Critical Apache Struts Flaw

Data Breach Today

Bug Enables Path Traversal Attack Hackers are using publicly disclosed proof-of-concept code to exploit a recently patched critical vulnerability found in the Apache Struts 2 Framework to achieve remote code execution. The Apache Foundation, which manages the Struts library, on Dec. 7 urged developers to apply a patch.

Libraries 285

More Trending

article thumbnail

Breach Roundup: French Police Arrest Alleged Hive Money Man

Data Breach Today

Also: Amazon Sues Alleged Refund Gang, Ukraine Says It Hacked Russian Tax System This week, French police arrested an alleged Hive "banker," Amazon cracked down on a refund fraud ring, Ukraine military intelligence said it hacked the Russian tax system, the U.K. Ministry of Defense was fined and Kraft Heinz said it is doing fine after an alleged ransomware attack.

Military 284
article thumbnail

Ubiquiti users claim to have access to other people’s devices

Security Affairs

Users of Ubiquiti WiFi products started reporting that they are accessing other people’s devices when logging into their accounts. Some users of Ubiquiti wifi products started reporting unexpected access to security camera footage, photos, and other devices upon logging into their accounts. Ubiquiti allows its customers to access and manage their devices through a proprietary cloud-based UniFi platform.

Access 143
article thumbnail

Cryptohack Roundup: Hack Attacks Plummet in 2023

Data Breach Today

Also: Changpeng Zhao to Remain in the US; Vulnerability in Bitcoin Core This week: 2023 hacking statistics, order for ex-Binance chief to stay in U.S., a $25M crypto AI scam indictment, a $2.7M OKX hack, a Bitcoin security flaw in the NVD, a Uranium hacker's laundering scheme, NDAA rejection of crypto provisions, and Poloniex on regulator radar.

Security 278
article thumbnail

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

Security Affairs

Microsoft’s Digital Crimes Unit seized multiple domains used by cybercrime group Storm-1152 to sell fraudulent Outlook accounts. Microsoft’s Digital Crimes Unit seized multiple domains used by a cybercrime group, tracked as Storm-1152, to sell fraudulent accounts. Storm-1152 operates illicit websites and social media pages, selling fake Microsoft accounts and tools to bypass identity verification software on popular technology platforms. “These services reduce the time and effo

Sales 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

ZeroFox Given: The Domain Defender

Data Breach Today

In the fast-evolving landscape of cybersecurity, staying ahead of malicious domains is a strategic imperative.

article thumbnail

Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime

WIRED Threat Level

Ten years in, Microsoft’s DCU has honed its strategy of using both unique legal tactics and the company’s technical reach to disrupt global cybercrime and state-backed actors.

IT 137
article thumbnail

Microsoft Seized Domains that Offered Fake Outlook Accounts

Data Breach Today

Criminals Created 750 Million Fraudulent Microsoft Accounts A U.S. federal court at the behest of Microsoft seized multiple domains used by a Vietnamese cybercrime group that created 750 million fraudulent Microsoft accounts while raking millions of dollars in illicit revenue. Storm-1152 also sold services to bypass CAPTCHA.

273
273
article thumbnail

Surveillance Cameras Disguised as Clothes Hooks

Schneier on Security

This seems like a bad idea. And there are ongoing lawsuits against Amazon for selling them.

Marketing 134
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Dental Plan Administrator Fined $400K for Phishing Breach

Data Breach Today

NY State AG Says Compromised Account Contained 12 Years of Email New York State regulators have smacked one of the largest dental administrators in the state with a $400,000 fine for a 2021 incident in which an attacker gained access to an employee email account containing 12 years' worth of messages, including many holding sensitive member information.

Phishing 270
article thumbnail

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Security Affairs

Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity servers since September 2023. Experts warn that the Russia-linked APT29 group has been observed targeting JetBrains TeamCity servers to gain initial access to the targets’ networks. The APT29 group (aka SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) exploited the flaw CVE-2023-42793 in TeamCity to carry out multiple malicious activities.

article thumbnail

Cyber Patriots: Defending the Digital Frontier

Data Breach Today

In the fast-evolving landscape of cybersecurity, staying ahead of malicious domains is a strategic imperative.

article thumbnail

As the Holiday Season Ramps Up, So Do Scams Impersonating the U.S. Postal Service

KnowBe4

Taking traditional “delayed package” scams up a notch, new phishing and smishing attack campaigns are leveraging freemium DNS services to avoid detection by security solutions.

Phishing 122
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CIPL Releases Paper on Privacy-Enhancing and Privacy-Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age

Hunton Privacy

On December 12, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP (“CIPL”) released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age. The paper explores how organizations are approaching privacy-enhancing technologies (“PETs”) and how PETs can advance data protection principles, and provides examples of how specific types of PETs work.

Paper 118
article thumbnail

Why Security Awareness Training Is Effective in Reducing Cybersecurity Risk

KnowBe4

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk.

article thumbnail

Microsoft’s December 2023 Patch Tuesday Includes Four Critical Flaws

eSecurity Planet

Microsoft has announced a relatively light Patch Tuesday to end the year. The company’s announcement covers a total of 34 flaws, four of them critical. Still, Immersive Labs senior threat director Kev Breen told eSecurity Planet by email that the low number of vulnerabilities shouldn’t suggest any lack of urgency or importance. “A number of the patches released have been identified as ‘more likely to be exploited,’ and as we have seen over the last several years, at

article thumbnail

Brand New BazarCall Phishing Campaign Abuses Google Forms

KnowBe4

A new BazarCall phishing campaign is using Google Forms to send phony invoices, according to researchers at Abnormal Security.

Phishing 119
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Queensland Government moves to modernise recordkeeping legislation, embed cultural integrity into First Nations public records via The Queensland Cabinet and Ministerial Directory (AUS)

IG Guru

Check out the post here. The post Queensland Government moves to modernise recordkeeping legislation, embed cultural integrity into First Nations public records via The Queensland Cabinet and Ministerial Directory (AUS) first appeared on IG GURU.

article thumbnail

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

IBM Big Data Hub

A cybersecurity strategy is not solely about managing risk across a business’ IT infrastructure. The stakes are especially high for organizations in highly regulated industries because they can be exploited through their digital supply chain, giving hackers access to consumers’ valuable and sensitive data. Consequently, these data breaches can rattle customer trust and the confidence of regulators.  When done correctly, cybersecurity can be a strategic initiative that supports

article thumbnail

What is the ROI of BYOD for business?

Jamf

What is the percentage of companies allowing BYOD? In the US alone, 83% of companies have a Bring Your Own Device (BYOD) program of some kind, according to Zippia. But is BYOD cost-effective? Read on to learn more.

81
article thumbnail

Building cyber resiliency for your data with IBM FlashSystem

IBM Big Data Hub

In today’s digital age, the threat landscape continues to evolve and organizations are increasingly vulnerable to cyberattacks. To combat these ever-growing risks, the concept of cyber resiliency has gained significant importance. Cyber resiliency refers to an organization’s ability to prepare for, respond to, and recover from cyber threats while maintaining the continuity of operations.

Risk 78
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Top content management predictions for 2024

OpenText Information Management

As 2023 draws to a close, at OpenText, we’re reflecting on the year behind us, and the remarkable advancements made in how we use information to help organizations work smarter. But this is also an opportunity to look forward with anticipation to the limitless possibilities and shifts in the technology landscape that may impact your … The post Top content management predictions for 2024 appeared first on OpenText Blogs.

article thumbnail

App Builder Release: Financial Chart, Variables Management UI, and More

Enterprise Software Blog

December's update of App Builder TM is here and it includes significant updates. U sers can now efficiently manage all app Variables from a centralized location and benefit from the inclusion of a Financial Chart in the component toolbox. The update also introduces a new Figma UI Kit for Bootstrap , a valuable enhancement with the addition of a "Value Change" interaction event for the Date Picker component.

Cloud 72
article thumbnail

ICO Publishes Employment Guidance for Consultation

Hunton Privacy

On December 12, 2023, the UK Information Commissioner’s Office (“ICO”) announced that it is producing an online resource relating to employment practices and data protection. The ICO also announced that it would be releasing draft guidance on the different topic areas to be included in the resource in stages, and adding to it over time. The ICO provided draft guidance on “ Keeping employment records ” and “ Recruitment and selection ” for consultation.