Fri.Aug 23, 2024

article thumbnail

Local Networks Go Global When Domain Names Collide

Krebs on Security

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register.

article thumbnail

Is AI Making Banking Safer or Just More Complicated?

Data Breach Today

As Banks Combat Fraud, Customers Feel the Strain of Overly Cautious Measures In today’s AI-driven world, banks are becoming increasingly vigilant, often freezing accounts or demanding extensive documentation at the slightest hint of suspicious activity. Sending money, once a straightforward task, is now fraught with complexity.

296
296
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Qilin ransomware steals credentials stored in Google Chrome

Security Affairs

Sophos researchers investigated a Qilin ransomware breach attack that led to the theft of credentials stored in Google Chrome browsers. Sophos researchers investigated a Qilin ransomware attack where operators stole credentials stored in Google Chrome browsers of a limited number of compromised endpoints. The experts pointed out that the credential harvesting activity is usually not associated with ransomware infections.

article thumbnail

Karakurt Ransomware Group Suspect Appears in US Courtroom

Data Breach Today

Latvian Charged With Serving as Extortion Specialist for Russian-Speaking Group A Latvian national accused of serving as a Russian-speaking ransomware group's extortion specialist appeared in a U.S. courtroom this week to face a four-count indictment filed against him. Moscow resident Deniss Zolotarjovs, 33, was recently extradited to the U.S. from the country of Georgia.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Phishing attacks target mobile users via progressive web applications (PWA)

Security Affairs

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The threat actors used fake apps almost indistinguishable from real banking apps on both iOS and Android. The technique was first disclosed in Poland in July 2023 and later observed in Czechia and other countries like Hungary and Georgia.

Phishing 138

More Trending

article thumbnail

New malware Cthulhu Stealer targets Apple macOS users

Security Affairs

Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. Cthulhu Stealer targets macOS users via an Apple disk image (DMG) that disguises itself as legitimate software.

Passwords 136
article thumbnail

DOJ Lawsuit Accuses Georgia Tech of Cybersecurity Failures

Data Breach Today

New Lawsuit Alleges Georgia Tech Submitted 'False' Cybersecurity Score to DOD The Justice Department intervened in a whistleblower lawsuit against the Georgia Institute of Technology and the Georgia Tech Research Corp. for allegedly failing to implement federally required cybersecurity protections while overseeing sensitive government data.

article thumbnail

China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches

Security Affairs

China-linked APT group Velvet Ant exploited a recently disclosed zero-day in Cisco switches to take over the network appliance. Researchers at cybersecurity firm Sygnia reported that the China-linked APT group Velvet Ant has exploited the recently disclosed zero-day CVE-2024-20399 in Cisco switches to take over the network devices. In July 2024, Cisco addressed the NX-OS zero-day CVE-2024-20399 (CVSS score of 6.0) that China-linked group Velvet Ant exploited to deploy previously unknown malw

article thumbnail

Banking Lobby Asks Ginnie Mae to Modify Cyber Reporting Rule

Data Breach Today

Banking and Housing Policy Groups Call New Cyber Reporting Measures 'Impractical' A group of banking and housing lobbyists are urging Ginnie Mae to redo its latest set of cybersecurity incident reporting requirements for custodians of mortgage-backed securities, calling the new measures "impractical" and potentially burdensome for many organizations.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Member of cybercrime group Karakurt charged in the US

Security Affairs

The Russian national Deniss Zolotarjovs has been charged in a U.S. court for his role in the Karakurt cybercrime gang. Deniss Zolotarjovs (33), a Russian cybercriminal, has been charged in a U.S. court for his role in the Russian Karakurt cybercrime gang. The man has been charged with money laundering, wire fraud, and extortion. The man was arrested in Georgia in December 2023 and recently extradited to the U.S. “According to court documents, Zolotarjovs is a member of a known cybercrimina

article thumbnail

Feds to Health Sector: Don't Skimp on Physical Security

Data Breach Today

Cyberattacks Soar, But Guarding PHI From Break-Ins, Natural Disasters Is Critical Despite the endless barrage of cyberattacks hitting the healthcare sector, HIPAA-regulated entities must not neglect their duty to protect electronic patient information against physical threats, including burglaries and natural disasters, U.S. regulators said.

Security 173
article thumbnail

When War Came to Their Country, They Built a Map

WIRED Threat Level

The Telegram channel and website Deep State uses public data and insider intelligence to power its live tracker of Ukraine’s ever-shifting front line.

IT 123
article thumbnail

Slack Patches Prompt Injection Flaw in AI Tool Set

Data Breach Today

Hackers Could Exploit Bug to Manipulate Slack AI's LLM to Steal Data Chat app Slack patched a vulnerability in its artificial intelligence tool set that hackers could have exploited to manipulate an underlying large language model to phish employees and steal sensitive data. Slack said it was a low-severity bug.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The Number of Email-Based Cyber Attacks Detected Surge 239% in 1H 2024

KnowBe4

New data shows the most prevalent and obvious path into an organization – email – continues to be exploited by a growing number of cybercriminals.

article thumbnail

A Tangled Web We Weave: When Reported M&A Never Materializes

Data Breach Today

Why Acquisition Reports Emerge in the Media, and What It Means for Those Mentioned Companies historically responded to M&A reports with milquetoast statements about "not commenting on rumors or speculation," but aggressive clapbacks have become much more common. Increasingly, executives are willing to attract more publicity by publicly - and vocally - denying acquisition reports.

IT 162
article thumbnail

Malvertising Campaign Impersonates Dozens of Google Products

KnowBe4

A malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a tech support scam.

article thumbnail

Medibank to Spend AU$126M on Post-Breach Security Upgrade

Data Breach Today

Australian Insurer Expects Years of Litigation Related to 2022 Hack Australia's largest provider of private health insurance says it expects to spend a total of AU$126 million, or $84.78 million, over a three-year period to upgrade its IT security. A Russia-based cybercriminal group hacked Medibank in October 2022.

Insurance 162
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Take a Selfie Using a NY Surveillance Camera

Schneier on Security

This site will let you take a selfie with a New York City traffic surveillance camera.

Privacy 121
article thumbnail

The Trouble with Procurement Departments, Resellers and Stripe

Troy Hunt

It should be so simple: you're a customer who wants to purchase something so you whip out the credit card and buy it. I must have done this thousands of times, and it's easy! I've bought stuff with plastic credit cards, stuff with Apple Pay on my phone and watch and, like all of us, loads of stuff simply by entering credit card details into a website.

IT 118
article thumbnail

Deceptive AI: A New Wave of Cyber Threats

KnowBe4

As artificial intelligence (AI) technology advances, its influence on social media has become more and more pervasive and riddled with challenges. In particular, the ability for humans to discern genuine content from AI-generated material.

article thumbnail

How much can a 2GB Raspberry Pi handle? I put it to the ultimate test

Collaboration 2.0

Trying to save a few bucks can make or break your next Raspberry Pi project.

IT 98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Business Email Compromise Scams Rise 20%, Making up Nearly Half of all Spam Emails

KnowBe4

New research on email threats points to AI-based tools to assist in generating BEC content. And the overwhelming targeted role may or may not surprise you.

article thumbnail

Microsoft says its killing Windows Control Panel - here's why I'm not holding my breath

Collaboration 2.0

Finally, the 40-year-old tool will be deprecated in favor of the Settings app? Raise your hand if you still use Control Panel.

IT 76
article thumbnail

After Migrating to a New Version of Db2 for z/OS, Rebind All Your Plans and Packages

Robert's Db2

At this writing, a lot of Db2 for z/OS-using organizations are actively engaged in migrating to Db2 13 from Db2 12, and plenty of sites have recently gotten to Db2 13. That being the case, it seems like a good time to remind people of an important step to take after migrating to Db2 13, while still at the V13R1M100 function level (the initial Db2 13 function level when you've migrated from Db2 12): rebind all your plans and packages.

Access 48
article thumbnail

ChatGPT is (obviously) the most popular AI app - but the runners up may surprise you

Collaboration 2.0

ChatGPT still leads the way in generative AI apps, but the runners-up give some interesting insight into which tools are most popular - and how people are using them.

76
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Business Information Management:  Your Guide to Secure Document Storage

Docuware

Business landscapes have evolved rapidly in the last decade, and they continue to change at a breakneck pace. Traditional organizations are now seeing the value of effective information management strategies to stay competitive and drive success. This has made business information management (BIM) more important than ever before. BIM encapsulates the strategies, processes, and technologies used to collect, organize, store, and retrieve information within a company.

article thumbnail

Want a programming job? Make sure you learn these three languages

Collaboration 2.0

The 2024 IEEE Spectrum Top Programming Languages report is out. We've seen some movement at the top of the jobs list that you should know about. A few fell off the list, too.

76
article thumbnail

Oxygen and CloudNine: Device Collection Through Production

eDiscovery Daily

With 27 billion text messages sent daily, smartphones had unsurprisingly become a top request in legal discovery, alongside email, corporate chat applications, and electronic files. Recognizing this trend, this webinar brought together experts Richard Clark and Brian Kelley from CloudNine, along with Keith Lockhart from Oxygen Forensics, to discuss practical solutions for reducing the time and cost associated with smartphone and device collections.