Tue.Jan 30, 2024

article thumbnail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Passwords 340
article thumbnail

Ransomware Attack Hits Schneider Electric Sustainability Unit

Data Breach Today

Manufacturer Confirms Systems Down, Data on Energy Consumption, Emission Accessed Schneider Electric confirmed a ransomware attack has locked up corporate systems of its Schneider Electric Sustainability Business division and accessed data. The company said it plans to resume operations in two business days after remediation is complete.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Empowering Progress: How AIIM's Certification Transformed IsDB's Approach to Intelligent Information Management

AIIM

I am so honored that nine of my colleagues at Islamic Development Bank (IsDB) have successfully been Certified as “Certified Information Professional” (CIPs) by AIIM.

184
184
article thumbnail

Weaponized Lying: Unraveling RansomedVC's Business Strategy

Data Breach Today

Group Fakes Stolen Data, Has Ties to Ragnar Locker, Says Researcher Jon DiMaggio While ransomware groups rightly have a reputation for being morally and ethically bankrupt, many do play things straight with their victims. But RansomedVC is a notable exception. In some ways, it is "more dangerous" because of its expert ability to lie, according to researcher Jon DiMaggio.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. BleepingComputer first reported the attack that hit the Sustainability Business division of the company on January 17th.

More Trending

article thumbnail

Hundreds of network operators’ credentials found circulating in Dark Web

Security Affairs

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from infostealer infections.

Passwords 143
article thumbnail

US IaaS Providers Face 'Know Your Customer' Regulation

Data Breach Today

Rule Is a Bid to Deter Malicious Foreign Use of US IaaS Providers Cloud providers told the government they aren't very happy about a proposed regulation requiring them to verify the identity of foreign customers, but their complaints are unlikely to stop the U.S. Department of Commerce from proceeding with the rule.

Cloud 264
article thumbnail

750 million Indian mobile subscribers’ data offered for sale on dark web

Security Affairs

Data of 750 million Indian mobile subscribers was offered for sale on dark web hacker forums earlier in January. CloudSEK researchers warned that a database containing data of 750 million Indian mobile subscribers was offered for sale on dark web hacker forums earlier in January. According to the researchers, at least two cybercrime gangs, CYBO CREW affiliates known as CyboDevil and UNIT8200, were offering the database for $3,000.

Sales 143
article thumbnail

Judge Denies Meta's 2nd Try to Dismiss Pixel Privacy Case

Data Breach Today

Litigation Alleges the Web Tracker Scraped Sensitive Patient Information A federal judge has again given the green light for a proposed consolidated class action lawsuit against Meta to proceed. The litigation claims the firm unlawfully collected patient data from the websites of hospitals and other providers through the use of its Pixel tracking tool.

Privacy 264
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Security Affairs

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246. GNU C Library (glibc) is a free software library that provides essential system services for Linux and other Unix-like operating systems.

Libraries 141
article thumbnail

New York AG Sues Citibank for Poor Phishing Protections

Data Breach Today

State Attorney Alleges Lack of Layered Security to Stop Fraudulent Wire Tranfers The New York attorney general sued the third-largest bank in the United States over its alleged failure to protect consumers from scammers. "If a bank cannot secure its customers' accounts, they are failing in their most basic duty," said Attorney General Letitia James.

Phishing 262
article thumbnail

GUEST ESSAY: Leveraging real-time visibility to quell persistent ‘take-a-USB-stick-home’ attacks

The Last Watchdog

Each of us has probably sat through some level of cybersecurity awareness training during our professional lives. Related: Dangers of spoofed QR codes Stop and think before you click on a link within an email from an unexpected source. Don’t re-use a password across multiple sites. Beware over-sharing personal information online, especially on social media platforms.

Passwords 140
article thumbnail

Italian Data Regulator Slams EU-Funded AI Projects

Data Breach Today

City of Trento Must Pay Regulators 50,000 Euros The Italian data protection regulator fined a midsize northern city 50,000 euros for deploying a pilot artificial intelligence public safety project financed by the European Union. Trento was a partner in three pilots that planned to use AI to detect threats.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Juniper Networks released out-of-band updates to fix high-severity flaws

Security Affairs

Juniper Networks released out-of-band updates to fix high-severity flaws in SRX Series and EX Series that can allow attackers to take over unpatched systems. Juniper Networks has released out-of-band updates to address two high-severity flaws , tracked as CVE-2024-21619 and CVE-2024-21620, in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems.

article thumbnail

FBI and DOJ Disrupt Chinese Hacking Operation

Data Breach Today

Cyberespionage Hacking Group Volt Typhoon Targeting US Critical Infrastructure The FBI and the U.S. Department of Justice used a court order to disrupt a Chinese hacking operation that compromised thousands of internet-connected devices and targeted sensitive areas of U.S. critical infrastructure, according to media reports.

262
262
article thumbnail

Italian data protection authority said that ChatGPT violated EU privacy laws

Security Affairs

Italian data protection authority regulator authority Garante said that ChatGPT violated European Union data privacy regulations. The Italian data protection authority regulator authority, known as “Garante per la protezione dei dati personali”, announced it has notified OpenAI that ChatGPT violated the EU data protection regulation GDPR.

Privacy 136
article thumbnail

News alert: p0 launches from stealth, leverages Generative AI to improve software integrity

The Last Watchdog

New York City, New York – Jan. 30, 2024; In an increasingly competitive and malicious environment vulnerabilities in enterprise codebases can lead to catastrophic security failures. Many times these can be fatal for businesses built on a foundation of customer trust and reliability. Data security is the most fundamental promise that a business can make to its users.

Analytics 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Open Redirects Used to Disguise Phishing Links

KnowBe4

Phishing attacks are increasingly using open redirects to evade detection by security filters, according to researchers at Trustwave.

Phishing 128
article thumbnail

News alert: Aembit, Crowdstrike partner to help companies tighten security of IAM workload access

The Last Watchdog

Silver Spring, Maryland, Jan. 30, 2024 — Aembit , the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, enforce and audit access between workloads, today announced the availability of a new integration with the industry-leading CrowdStrike Falcon® platform to give enterprises the ability to dynamically manage and enforce conditional access policies based on the real-time security posture of their applications and services.

Access 130
article thumbnail

The Percentage of Organizations Globally Struck by Ransomware Hits an All-Time High

KnowBe4

Check Point’s review of ransomware shows that the percent of organizations worldwide hit by this greatest of cyberthreats rose by a whopping 33% in 2023.

article thumbnail

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

eSecurity Planet

Cloud storage security issues refer to the operational and functional challenges that organizations and consumers encounter when storing data in the cloud. The issues stem from internal lapses or deficiencies and may not always include external threats. Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data.

Cloud 123
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

NSA Buying Bulk Surveillance Data on Americans without a Warrant

Schneier on Security

It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise. Some news articles.

IT 123
article thumbnail

Robots Are Fighting Robots in Russia's War in Ukraine

WIRED Threat Level

Aerial drones have changed the war in Ukraine. Now, both Russia's and Ukraine's militaries are deploying more unmanned ground robots—and the two are colliding.

Military 111
article thumbnail

New Images of Colossus Released

Schneier on Security

GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News article.

118
118
article thumbnail

10 must-have data intelligence capabilities for your data cloud migration

Collibra

Everyone knows: The cloud is the norm for companies that seek more scale, more savings, and better performance from their technology stack, especially as leveraging AI becomes more widespread. Your cloud journey is also an opportunity for your organization to redefine your approach to data. To accelerate the time-to-value of your cloud investment, drive data quality across your data ecosystem, and lay a solid foundation for trusted data (especially if you’re building generative AI applications

Cloud 104
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

CyberheistNews Vol 14 #05 Myth of Massive Data Breach Busted: Big Headlines Mask a Minor Threat

KnowBe4

Myth of Massive Data Breach Busted: Big Headlines Mask a Minor Threat

article thumbnail

8 steps to build a successful multicloud strategy

IBM Big Data Hub

Increasingly, enterprise organizations are adopting a multicloud approach—the use of cloud services from more than one cloud vendor—to optimize performance, control costs and prevent vendor lock-in. According to a recent forecast from Gartner (link resides outside ibm.com) worldwide end-user spending on public cloud services is expected to grow 20.4% to total $678.8 billion in 2024, up from $563.6 billion in 2023.

Cloud 91
article thumbnail

Preparing for the EU AI Act: Part 2

Data Matters

Join Sidley and OneTrust DataGuidance for a reactionary webinar on the recently published, near-final text of the EU AI Act on February 5, 2024. This discussion with industry panelists will cover initial reactions to the text of the EU AI Act following finalization by EU legislators and examine the key points in the AI Act that businesses need to understand.

Privacy 74