Tue.May 28, 2024

article thumbnail

Microsoft Warns of North Korea's 'Moonstone Sleet'

Data Breach Today

Pyongyang Threat Actor Is After Money and Information A North Korean hacking group wants to make money for the cash-starved Pyongyang regime and conduct bread-and-butter cyberespionage, say Microsoft researchers in a profile of a group they track as "Moonstone Sleet." North Korea has a well-established history of hacking for profit.

314
314
article thumbnail

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Krebs on Security

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

Cloud 259
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

UK Government Urged to Publish Guidance for Electoral AI

Data Breach Today

Need to Prevent Use of AI to Create False or Misleading Info, Researchers Say Artificial intelligence has a limited impact on the outcome of specific elections, says the U.K.'s Alan Turing Institute, but evidence suggests its application in campaign settings creates second-order risks such as polarization and damaging trust in online sources.

article thumbnail

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

WIRED Threat Level

Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.

Passwords 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

OpenAI Sets Up New Security Oversight Team

Data Breach Today

Committee Comes After Key Personnel Resign and Criticize the Company Over Safety OpenAI on Tuesday set up a committee to make "critical" safety and security decisions for all of its projects, as the technology giant begins to train its next artificial intelligence model. The committee's formation comes after OpenAI disbanded its "superalignment" security team.

More Trending

article thumbnail

US Sanctions Chinese National for Running 911 S5 Botnet

Data Breach Today

Treasury Department Says Botnet Users Committed Fraud, Made Bomb Threats The U.S. Department of the Treasury sanctioned Chinese national Yunhe Wang for his role in directing the 911 S5 botnet, which uses hacked residential computers as proxies and is often used to commit fraud. The government also sanctioned a co-conspirator and a real estate business associate.

article thumbnail

WordPress Plugin abused to install e-skimmers in e-commerce sites

Security Affairs

Threat actors are exploiting a WordPress plugin to insert malicious PHP code in e-commerce sites and steal credit card data. Sucuri researchers observed threat actors using a PHP snippet WordPress plugin to install malicious code in WooCommerce e-stores and harvest credit card details. In the campaign spotted by the experts, attackers use a very obscure WordPress plugin called Dessky Snippets , which has only a few hundred active installations at the time of writing.

CMS 141
article thumbnail

Transcend Gets $40M to Advance Privacy Tech for Enterprises

Data Breach Today

StepStone Group Leads Series B Round for Enhanced Privacy Solutions for Businesses Transcend raised $40 million in a Series B funding round led by StepStone Group to enhance privacy controls in business systems. This investment will support the company's efforts to capture market share, expand R&D and better serve a broader range of Fortune 500 and Global 2000 customers.

Privacy 162
article thumbnail

Experts released PoC exploit code for RCE in Fortinet SIEM

Security Affairs

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at Horizon3’s Attack Team released a proof-of-concept (PoC) exploit for a remote code execution issue, tracked as CVE-2024-23108 , in Fortinet’s SIEM solution. The PoC exploit allows executing commands as root on Internet-facing FortiSIEM appliances.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Union Demands Patient Safety Fixes in Ascension Cyber Outage

Data Breach Today

Medical Staff Says Resorting to Manual, Paper Charting Is Posing Risks to Patients A local union representing medical professionals at an Ascension hospital in Michigan is demanding the organization take actions to protect patient safety in the wake of a cyberattack that took out electronic health records, forcing clinicians to use manual processes and paper charts.

Paper 162
article thumbnail

Cops Are Just Trolling Cybercriminals Now

WIRED Threat Level

Police are using subtle psychological operations against ransomware gangs to sow distrust in their ranks—and trick them into emerging from the shadows.

article thumbnail

Check Point Alert: Attackers Targeting Poorly Secured VPNs

Data Breach Today

Criminal and Nation-State Focus on Network Edge Devices Continues, Researchers Warn Attackers have been escalating their attempts to compromise poorly secured virtual private networks - including appliances set for password-only authentication - to gain remote, initial access to enterprise networks, Check Point Software Technologies warns.

Security 162
article thumbnail

RSAC Fireside Chat: Dispersive adapts WWII radio-signal masking tool to obfuscating network traffic

The Last Watchdog

Spread spectrum technology helped prevent the jamming of WWII radio-controlled torpedoes and subsequently became a cornerstone of modern-day telecom infrastructure. For its next act, could spread spectrum undergird digital resiliency? I had an evocative discussion about this at RSAC 2024 with Dispersive CEO Rajiv Plimplaskar. For a full drill down, please give the accompanying podcast a listen.

Military 130
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Schneier on Security

Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST) has been hosting a competition since 2017, and there already are several proposed standards.

Paper 127
article thumbnail

China Threat Actor Targeting African and Caribbean Entities With Spear Phishing Attacks

KnowBe4

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point.

Phishing 122
article thumbnail

News Alert: INE Security enables CISOs to secure board support for cybersecurity training

The Last Watchdog

Cary, NC, May 28, 2024, CyberNewsWire — If there is a single theme circulating among Chief Information Security Officers (CISOs) right now, it is the question of how to get stakeholders on board with more robust cybersecurity training protocols. There are key points debated about why you should provide cybersecurity training to your IT professionals, like the alarming increase in cyberattacks (an increase of 72% over the all-time high in 2021, according to the Identity Theft Research Cente

article thumbnail

KnowBe4 Free Tools Now Available On CISA’s Website

KnowBe4

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The Digital Markets, Competition and Consumers Act is Approved: Key Things to Know About the UK’s New Competition and Consumer Powers

Data Matters

On May 23, 2024, the UK finally passed its Digital Markets, Competition and Consumers Act (DMCCA), introducing a new “pro-competition” regime for digital markets and marking the biggest reform to UK competition and consumer laws in a decade. The DMCCA is the latest piece of legislation aiming to tackle the power of Big Tech, as regulators around the world debate new ways to oversee competition in the digital sector.

article thumbnail

[FedRAMP Phishing Rule]: "Users are the last line of defense and should be tested."

KnowBe4

If you want to sell cloud-based software to the U.S. Government, you need to be FedRAMP authorized.

Phishing 107
article thumbnail

Data protection strategy: Key components and best practices

IBM Big Data Hub

Virtually every organization recognizes the power of data to enhance customer and employee experiences and drive better business decisions. Yet, as data becomes more valuable, it’s also becoming harder to protect. Companies continue to create more attack surfaces with hybrid models, scattering critical data across cloud, third-party and on-premises locations, while threat actors constantly devise new and creative ways to exploit vulnerabilities.

article thumbnail

Modern device management can lower Apple Total Cost of Ownership (ROI).

Jamf

Sure, Apple devices have the lowest ROI of any other hardware available. But what if you could lower it even further with modern device management practices?

IT 81
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

User Outcry as Slack Scrapes Customer Data for AI Model Training via Security Week

IG Guru

Check out the post here. The post User Outcry as Slack Scrapes Customer Data for AI Model Training via Security Week first appeared on IG GURU.

article thumbnail

Top Cloud Security Issues: Threats, Risks, Challenges & Solutions

eSecurity Planet

Cloud security issues refer to the threats, risks, and challenges in the cloud environment. Threats are active attacks that target system weaknesses. Risks include potential damage from cyber threats and vulnerabilities. Challenges are gaps and barriers to attaining good security. To combat these cloud security issues, develop a robust cloud security strategy that addresses all three to provide comprehensive protection.

Cloud 71
article thumbnail

Transforming your customer interactions

OpenText Information Management

Today’s businesses are challenged to transition their services and offerings into a digital, frictionless customer experience with real-time insights, quick response times, and self-service experiences. Low code platforms like Microsoft Power Platform (which include Power Pages for self-service portals, Power Automate for process data alignment) and business operation applications like Microsoft Dynamics 365 for operational efficiencies are key components for seamless customer experiences and ke

article thumbnail

What Is Security Service Edge (SSE): All You Need to Know

eSecurity Planet

Security service edge (SSE) is a security technology that secures access to assets outside of the corporate network. SSE works by extending security to cover the dispersed threat landscape where websites, cloud assets, and many employees operate outside of the traditional firewall protection. To fully explain SSE, I’ll cover its key features, benefits, challenges, use cases, vendors, and trends as well as contrast SSE against alternative solutions.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Ads, Ads Everywhere

John Battelle's Searchblog

The Times’s piece decries all the ads on TV. But is this a surprise?! The advertising world is uncomplicated at its core, and utterly bewildering when seen from the outside. The easy bit stems from a simple axiom: Wherever you can find the attention of potential customers, you pay to get your message in front of them. That’s the essence of advertising: paying for attention.

Retail 59
article thumbnail

Libraries Change Lives – Join the campaign in the build up to the general election

CILIP

Libraries Change Lives – Join the campaign in the build up to the general election This summer, a change of government will take place, and potentially hundreds of new MPs will join the House of Commons for the first time. In the build-up to the general election, we will be launching the Libraries Change Lives social media and press campaign to engage politicians and decision-makers so that they truly understand the impact and value that library and information professionals add to their communi

article thumbnail

Adapture Earns Spot on CRN’s 2024 Solution Provider 500 List

Adapture

Adapture Recognized on CRN 2024 Solution Provider 500 List for the Ninth Consecutive Year ATLANTA, May 28, 2024 — CRN ® , a brand of The Channel Company , has today announced that Adapture has been ranked 286 on its prestigious 2024 Solution Provider 500 list. This is the ninth consecutive year Adapture has been recognized. CRN’s annual Solution Provider 500 recognizes North America’s largest solution providers by revenue and serves as a prominent benchmark of many of the channel’s most successf