Fri.May 03, 2024

article thumbnail

How Intel 471's Buy of Cyborg Is Reshaping Threat Hunting

Data Breach Today

Why Customers Benefit From Bringing Threat Hunting and Threat Intelligence Together Intel 471 bought a threat hunting startup led by a Raytheon and Swimlane leader to help clients more effectively address complex cyberthreats. Buying Cyborg Security will bring threat hunting and threat intelligence together to beef up security posture and take proactive measures against hackers.

Security 297
article thumbnail

GUEST ESSAY: A primer on how, why ‘dynamic baselining’ fosters accurate DDoS protection

The Last Watchdog

Businesses today need protection from increasingly frequent and sophisticated DDoS attacks. Service providers, data center operators, and enterprises delivering critical infrastructure all face risks from attacks. Related: The care and feeding of DDoS defenses But to protect their networks, they’ll need to enable accurate attack detection while keeping operations manageable and efficient.

Risk 229
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Botnet 'Goldoon' Targets D-Link Devices

Data Breach Today

FortiGuard Labs Identifies Botnet Exploiting Decade-Old D-Link Vulnerability Hackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." The vulnerability allows attackers to execute arbitrary commands remotely via the proprietary Home Network Administration Protocol.

284
284
article thumbnail

These Dangerous Scammers Don’t Even Bother to Hide Their Crimes

WIRED Threat Level

“Yahoo Boy” cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more. And they’re not afraid to show it off online.

IT 144
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Report Exposes Iranian Hacking Group's Media Masquerade

Data Breach Today

Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of Data Members of the Iranian state hacking group APT42 have been observed posing as journalists from credible news outlets and well-known research institutions as part of a global effort to harvest credentials and hack into victim cloud networks, according to a Mandiant report published Wednesday.

Cloud 283

More Trending

article thumbnail

ISMG Editors: RSA Conference 2024 Preview

Data Breach Today

Also: Insights From Verizon's Data Breach Investigations Report; Investment Trends In the latest weekly update, ISMG editors discussed what the thousands of attendees at RSA Conference 2024 can expect this year, key insights from Verizon's Data Breach Investigations Report, and how significant funding rounds are shaping the cybersecurity industry.

article thumbnail

ZLoader Malware adds Zeus’s anti-analysis feature

Security Affairs

Zloader continues to evolve, its authors added an anti-analysis feature that was originally present in the Zeus banking trojan. Zloader (aka Terdot, DELoader, or Silent Night) is a modular trojan based on the leaked ZeuS source code. After a hiatus of almost two years, Zloader reappeared with new obfuscation techniques, domain generation algorithm (DGA), and network communication.

article thumbnail

Russian GRU Hackers Compromised German, Czech Targets

Data Breach Today

APT28 Used Microsoft Outlook Zero-Day, Governments Said The German and Czech governments on Friday disclosed that Russian military intelligence hackers targeted political parties and critical infrastructure as part of an espionage campaign that began last year. "The EU will not tolerate such malicious behavior," the European Union said in a statement.

Military 272
article thumbnail

Dirty stream attack poses billions of Android installs at risk

Security Affairs

Microsoft devised an attack technique, dubbed ‘Dirty Stream,’ impacting widely used Android applications, billions of installations are at risk. Microsoft is warning Android users about a new attack technique, named Dirty Stream, that can allow threat actors to take control of apps and steal sensitive data. The IT giant describes Dirty Stream as an attack pattern, linked to path traversal, that affects various popular Android apps.

Risk 132
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Web Trackers Persist in Healthcare Despite Privacy Risks

Data Breach Today

While fewer healthcare websites appear to be using online trackers now than a year ago, nearly 1 in 3 firms are still using Meta Pixel and similar tech tools despite warnings from regulators and a rise in class action litigation alleging privacy violations, said Ian Cohen, CEO of Lokker.

Privacy 241
article thumbnail

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet , called Moobot , used by the APT28 group is still active and is also used by cyber criminal organizations. In January, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are u

article thumbnail

Verizon: The Percentage of Users Clicking Phishing Emails is Still Rising

KnowBe4

The long-awaited annual Verizon Data Breach Investigations Report is out, and it’s made very clear that users continue to be a problem in phishing attacks.

Phishing 126
article thumbnail

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

Schneier on Security

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography.

124
124
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Protecting Your Digital Footprint: The Dangers of Sharing Too Much on Social Media

KnowBe4

For most folks, social media has become integral to their daily lives in today's hyperconnected world. They use platforms like Facebook, Twitter and Instagram to share their thoughts, experiences and personal moments with friends and family.

119
119
article thumbnail

My TED Talks

Schneier on Security

I have spoken at several TED conferences over the years. TEDxPSU 2010: “ Reconceptualizing Security ” TEDxCambridge 2013: “ The Battle for Power on the Internet ” TEDMed 2016: “ Who Controls Your Medical Data ?” I’m putting this here because I want all three links in one place.

Security 111
article thumbnail

MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’

The Last Watchdog

SAN FRANCISCO — On the eve of what promises to be a news-packed RSA Conference 2024 , opening here on Monday, Microsoft is putting its money where its mouth is. Related: Shedding light on LLM vulnerabilities More precisely the software titan is putting money within reach of its senior executives’ mouths. Screenshot In a huge development, Microsoft announced today that it is revising its security practices, organizational structure, and, most importantly, its executive compensation in an at

Security 100
article thumbnail

Maximize efficiency with modern device management

Jamf

Discover how to enhance workforce efficiency and streamline operational processes with modern device management for Apple. Boost your operational efficiency.

75
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The new wave of channel marketing: What partners can expect in H2 2024 

OpenText Information Management

We’re well into 2024 now and the channel marketing landscape continues to change, thanks to a blend of innovation and connectivity. At OpenText™, we're not just observers; we're actively shaping what's next. In this blog, we aim to provide a comprehensive overview of the key trends that are set to redefine channel marketing in the second half of the year.

article thumbnail

TikTok may be banned in the US. Here’s what happened when India did it via AP

IG Guru

Check out the article here. The post TikTok may be banned in the US. Here’s what happened when India did it via AP first appeared on IG GURU.

IT 52
article thumbnail

Vacancy Announcement

National Archives Records Express

Our office has posted a vacancy announcement for GS-13 positions on one of our oversight teams. The position is located in our College Park, MD office. There is an announcement for both internal government candidates and for candidates from the general public. This announcement opens today, Friday May 3, and will close on Wednesday, May 15, 2024. Please see USAJOBS for full details on each position and information on how to apply.

article thumbnail

Regulating AI: 'It's Going to Be a Madhouse'

Data Breach Today

Information Security Media group CTO and CISO Dan Grosu discusses the challenges of realistically implementing the directives in President Joe Biden's executive order on artificial intelligence. Hint: He thinks it's going to be "a madhouse" if enterprises don't get more educated about AI.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

RSAC Fireside Chat: The necessary care and feeding of DDoS detection and protection systems

The Last Watchdog

At the start, Distributed Denial of Service (DDoS) attacks were often motivated by bragging rights or mischief. Related: The role of ‘dynamic baselining’ DDoS attack methodology and defensive measures have advanced steadily since then. Today, DDoS campaigns are launched by political activists, state-sponsored operatives and even by business rivals.

Privacy 100
article thumbnail

What you need to know about the CCPA rules on AI and automated decision-making technology

IBM Big Data Hub

In November 2023, the California Privacy Protection Agency (CPPA) released a set of draft regulations on the use of artificial intelligence (AI) and automated decision-making technology (ADMT). The proposed rules are still in development, but organizations may want to pay close attention to their evolution. Because the state is home to many of the world’s biggest technology companies, any AI regulations that California adopts could have an impact far beyond its borders.

article thumbnail

Friday Squid Blogging: Squid Purses

Schneier on Security

Squid-shaped purses for sale. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Sales 106