Thu.Jun 08, 2023

article thumbnail

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely u

IT 346
article thumbnail

Breach Roundup: Barracuda Networks Recalls Hacked Appliances

Data Breach Today

Also: More on MOVEit, Motherboard Vulnerabilities, Bugs and Ransomware This week: Barracuda Networks recalls hacked email security appliances, the latest on MOVEit, and a Gigabyte motherboard firmware security vulnerability is exposed. Also, researchers detail a patched flaw in the Microsoft Visual Studio extension installer, and ransomware hits across the globe.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RSAC Fireside Chat: Fusing ‘TIP’ and ‘SOAR’ to defend hybrid-cloud, multi-cloud networks

The Last Watchdog

When Threat Intelligence Platform ( TIP ) and Security Orchestration, Automation and Response ( SOAR ) first arrived a decade or so ago, they were heralded as breakthrough advances. Related: Equipping SOCs for the long haul TIP and SOAR may yet live up to that promise. I had an evocative discussion about this at RSA Conference 2023 with Willy Leichter , vice president of marketing, and Neal Dennis , threat intelligence specialist, at Cyware , which supplies a cyber fusion solution built around a

Cloud 186
article thumbnail

Nova Scotia Health Says 100,000 Affected by MOVEit Hack

Data Breach Today

Healthcare Sector Poised for Tide of Breaches Linked to The MOVEit Vulnerability Hackers stole personal information of up to 100,000 employees of Nova Scotia Health by exploiting the zero day in Progress Software's MOVEit managed file transfer application. The software is widely used in the healthcare sector, warned the U.S. federal government.

article thumbnail

5 Ways You Can Win Faster with Gen AI in Sales

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

article thumbnail

Cybercrooks Scrape OpenAI API Keys to Pirate GPT-4

Dark Reading

With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world.

115
115

More Trending

article thumbnail

Paragon Solutions Spyware: Graphite

Schneier on Security

Paragon Solutions is yet another Israeli spyware company. Their product is called “Graphite,” and is a lot like NSO Group’s Pegasus. And Paragon is working with what seems to be US approval: American approval, even if indirect, has been at the heart of Paragon’s strategy. The company sought a list of allied nations that the US wouldn’t object to seeing deploy Graphite.

IT 110
article thumbnail

Cryptohack Roundup: Court Summons for Binance Chief

Data Breach Today

Also: Atomic Wallet, Tornado Cash, Coin Dispute Network, Crypto Hacks Down This week: A U.S. federal court issued a summons to Binance CEO Changpeng Zhao, Lazarus may be behind the $35 million Atomic Wallet heist, and Manhattan prosecutors seized a scam crypto recovery website. Also, the Blockchain Association weighs in on Tornado Cash, and crypto security attacks decline.

article thumbnail

51 Must-Know Phishing Statistics for 2023

IT Governance

Phishing is one of the most common and dangerous forms of cyber crime. For years, the deceptively simple attack method has tricked organisations and individuals into handing over sensitive information or downloading malware. All it takes is a well-crafted email, social media post or phone message, and an employee who is too negligent or unaware to spot that its true nature.

Phishing 110
article thumbnail

US DOJ Indicts 6 for $6M Business Email Compromise Scam

Data Breach Today

Alleged Conspirators Each Face Up to 40 Years in Prison U.S. federal prosecutors unsealed indictments Wednesday against six Houston-area men for an alleged six-month spree of business email compromise thefts adding up to nearly $6 million. Business email compromise is a mainstay of social engineering fraud.

147
147
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

City of Dallas Still Clawing Back Weeks After Cyber Incident

Dark Reading

The Texas city's networks have returned to 90% functionality following the May 3 Royal ransomware attack.

article thumbnail

US Supreme Court Curtails Identity Theft Prosecutions

Data Breach Today

High Court Unanimously Says ID Theft Cases Must Hinge on Actual ID Theft The Supreme Court on Thursday narrowed federal prosecutors' ability to bring identity theft charges in an opinion holding that misuse of another person's identification must be the crux of a criminal offense "rather than merely an ancillary feature of a billing method.

147
147
article thumbnail

Cybersecurity Institute to Open in Saudi Arabia

Dark Reading

The Global Cybersecurity Forum branch, which will be in Riyadh, is meant to enable the exchange of ideas and facilitate international projects and partnerships.

article thumbnail

Hacking Group Seen Mixing Cybercrime and Cyberespionage

Data Breach Today

Suspected Belarusian Hacking Group Has Targeted Ukraine; Crime Crossover 'Unusual' Hacking group Asylum Ambuscade, which security researchers say aligns with Belarusian government interests, has an "unusual" twist: it appears to be mixing cybercrime - focused on banking and cryptocurrency customers - with cyberespionage, including attacks targeting Ukraine.

article thumbnail

10 Ways to Leverage Buyer Signals and Drive Revenue

In today’s ultra-competitive markets, it’s no longer enough to wait for buyers to show obvious signs of interest. Instead, sales teams must be proactive, identifying and acting on nuanced buyer behaviors — often before prospects are fully ready to make a purchase. In this eBook from ZoomInfo & Sell Better, learn 10 actionable ways to use these buyer signals to transform your sales strategy and close deals faster.

article thumbnail

60K+ Android Apps Have Delivered Adware Undetected for Months

Dark Reading

A campaign targeting mainly US users disguised malware in fake security software, game cracks, cheats, free Netflix, and other "modded" apps.

Security 101
article thumbnail

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue

Security Affairs

Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and the Windows graphical subsystem.

Risk 98
article thumbnail

China Issues Guidelines regarding Filing Standard Contracts for Cross-Border Transfer of Personal Information

Hunton Privacy

On May 30, 2023, the Cyberspace Administration of China (“CAC ” ) issued the Guideline for Filing the Standard Contract for Cross-border Transfer of Personal Information (“SC”). On June 1, 2023, the SC became an effective mechanism for transferring personal data outside of China. When using the SC as a transfer mechanism, it must be filed with the CAC and the new Guideline provides guidance for doing so.

article thumbnail

Barracuda ESG appliances impacted by CVE-2023-2868 must be immediately replaced

Security Affairs

Barracuda warns customers to immediately replace Email Security Gateway (ESG) appliances impacted by the flaw CVE-2023-2868. At the end of May, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Data Fragmentation No More: Reltio and Google Cloud Partner to Deliver Trusted Data

Reltio

Data fragmentation and poor data quality are persistent challenges organizations face across most industries. With the increasing proliferation of applications and the adoption of cloud technologies, core data such as customer and product information often becomes fragmented and degrades in quality over time. This problem hinders organizations from generating meaningful insights and realizing the full potential of their investments in analytics, artificial intelligence, machine learning, and dat

Cloud 98
article thumbnail

Cisco fixes privilege escalation bug in Cisco Secure Client

Security Affairs

Cisco addressed a high-severity flaw in Cisco Secure Client that can allow attackers to escalate privileges to the SYSTEM account. Cisco has fixed a high-severity vulnerability, tracked as CVE-2023-20178 (CVSS Score 7.8), found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) that can be exploited by low-privileged, authenticated, local attacker to escalate privileges to the SYSTEM account. “A vulnerability in the client update feature of Cisco AnyConnect Secure Mobility

article thumbnail

Sophisticated 'Impulse Project' Crypto Scam Sprawls With 1,000 Affiliate Sites

Dark Reading

Ready-to-defraud turnkey services from Russia's Impulse Team are offered on the cyber underground and have built a campaign that has operated undetected dating back to 2016.

97
article thumbnail

Experts detail a new Kimsuky social engineering campaign

Security Affairs

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. The attacks are part of a broader campaign recently detailed in a joint advisory published by US intelligence.

article thumbnail

Signal-Based Selling: How to Leverage 4 Key Buying Signals

As prospects define their problem, search for solutions, and even change jobs, they are generating high-value signals that the best go-to-market teams can leverage to close more deals. This is where signal-based selling comes into play. ZoomInfo CEO Henry Schuck recently broke down specific ways to put four key buying signals into action with the experts from 30 Minutes to President’s Club.

article thumbnail

My First Booze Cruise

Information Governance Perspectives

My new book, The Bastard of Beverly Hills features a funny (but true) story about how, as a little boy, I played a small part in saving my parents and their friends from drowning at sea on the way to Catalina. It was the start of a long weekend, and the eccentric cohort that boarded the ship that day, comprised of some wildly successful folks in the entertainment industry, including noted publicist Warren Cowan , his socialite wife Barbara Gilbert (mother of Melissa Gilbert from Little House on

IT 96
article thumbnail

Barracuda Warns All ESG Appliances Need Urgent Rip & Replace

Dark Reading

Patching, wiping ESG devices not enough to deny threat actor access following compromise, Barracuda says.

Access 95
article thumbnail

Why Companies Have Great Success Training Employees With Simulated Phishing Tests

KnowBe4

We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find out how various social engineering mitigations work for themselves and their environments.

article thumbnail

Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover

Dark Reading

The bug is very dangerous and impacts a big swath of the developer community, researchers warn.

95
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Overcome the overload

OpenText Information Management

“Water, water, everywhere, nor any drop to drink.” — The Rime of the Ancient Mariner, Samuel Taylor Coleridge Precious commodities evolve over time, creating a reflection of what’s valued most in the world at any given moment. It started with fire, but water, coal, gold, a range of currencies and oil have all taken center … The post Overcome the overload appeared first on OpenText Blogs.

IT 90
article thumbnail

Verizon: Pretexting Now Tops Phishing in Social Engineering Attacks

KnowBe4

The New Verizon DBIR is a treasure trove of data. As we covered here , and here , people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit more in the Social Engineering section.

article thumbnail

The Growing Cyber Threats of Generative AI: Who's Accountable?

Dark Reading

In the wrong hands, malicious actors can use chatbots to unleash sophisticated cyberattacks that could have devastating consequences.

88