WIRED Threat Level

DECEMBER 28, 2022

The password manager's most recent data breach is so concerning, users need to take immediate steps to protect themselves.

Data breaches 144

Data breaches Passwords IT Security 144

Dark Reading

DECEMBER 29, 2022

Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.

Encryption 130

Encryption 130

Krebs on Security

DECEMBER 19, 2022

Photo: BrandonKleinPhoto / Shutterstock.com. Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arri

Passwords 328

Passwords Access IT Security 328

Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Energy and Utilities 363

Energy and Utilities Sales Communications Data breaches 363

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Data Breach Today

DECEMBER 19, 2022

Move Infrastructure to the Cloud and Hone Incident Response Plans, Experts Say To avoid having to even consider paying a ransom, experts have long urged all organizations to put in place appropriate defenses. Two defensive strategies for healthcare firms are moving backup and recovery to the cloud and practicing incident response scenarios.

Ransomware 329

Ransomware Cloud 329

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice Society ransomware has been active since June 2021, it is considered by researchers a spin-off of the HelloKitty ransomware , the malware targets both Windows and L

Ransomware 145

Ransomware Encryption File names Education 145

eSecurity Planet

DECEMBER 15, 2022

Released on November 30, ChatGPT has instantly become a viral online sensation. In a week, the app gained more than one million users. Unlike most other AI research projects, ChatGPT has captivated the interest of ordinary people who do not have PhDs in data science. They can type in queries and get human-like responses. The answers are often succinct.

Cybersecurity 143

Cybersecurity Phishing Data science Blockchain 143

Schneier on Security

DECEMBER 30, 2022

Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.

Manufacturing 143

Manufacturing Privacy IT Paper 143

Krebs on Security

DECEMBER 14, 2022

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

Computer and Electronics 328

Computer and Electronics Education IT Risk 328

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

DECEMBER 13, 2022

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.

Ransomware 353

Ransomware Personal data Government Access 353

The Last Watchdog

DECEMBER 13, 2022

It’s all too easy to take for granted the amazing digital services we have at our fingertips today. Related: Will Matter 1.0 ignite the ‘Internet of Everything’ Yet, as 2022 ends, trust in digital services is a tenuous thing. A recent survey highlights the fact that company leaders now understand that digital trust isn’t nearly what it needs to be.

Digital transformation 41

Digital transformation Encryption Authentication Cloud 41

Security Affairs

DECEMBER 19, 2022

IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software. Below are the critical vulnerabilities being exploited in attacks in the wild: CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the D

Security 145

Security Access IT Information Security 145

KnowBe4

DECEMBER 10, 2022

ChatGPT could give Google a serious run for its money. We are not quite there yet, but the capabilities are rapidly improving. Just have a look at the command I gave it. In 5 seconds the copy rolled out.

IT 138

IT 138

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Schneier on Security

DECEMBER 22, 2022

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is): Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems.

Authentication 28

Authentication IT Security 28

Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

Ransomware 306

Ransomware Metadata Insurance Encryption 306

Data Breach Today

DECEMBER 20, 2022

Breach Is Latest in Long List of Complex Vendor Incidents An Oklahoma-based provider of administrative and technology services to healthcare organizations is notifying more than 271,000 individuals that their personal information may have been compromised in a hacking incident involving a third-party data storage vendor.

330

330

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Related: Why FIDO champions passwordless systems. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

Authentication 203

Authentication Passwords Artificial Intelligence Financial Services 203

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Original post at [link]. When you spy on your neighborhood or your cafe customers, do you wonder if someone is watching Big Brother – you, in this case?

Passwords 145

Passwords Manufacturing Authentication Government 145

eSecurity Planet

DECEMBER 7, 2022

It has certainly been a rough year for the tech industry. There have been many layoffs, the IPO market has gone mostly dark, and venture funding has decelerated. Despite all this, there is one tech category that has held up fairly well: Cybersecurity. Just look at a report from M&A advisory firm Houlihan Lokey , which found that private cybersecurity company funding grew by 9.4% to $26.9 billion between September 2021 and September 2022.

Cybersecurity 137

Cybersecurity Compliance Risk Ransomware 137

Schneier on Security

DECEMBER 5, 2022

This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? (Seems not.) Is it a Magritte-like existential question? (It’s not a bicycle. It’s a drawing of a bicycle. Actually, it’s a photograph of a drawing of a bicycle. No, it’s really a computer image of a photograph of a drawing of a bicycle.

IT 136

IT Authentication 136

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.

Phishing 284

Phishing Passwords Access Cloud 284

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

DECEMBER 2, 2022

Some Customers at Risk of Identity Theft, South Staffordshire Water Belatedly Warns Is a four-month delay between learning your systems were breached and notifying affected customers acceptable? After spotting an attack in August, private utility South Staffordshire Water in England is only beginning to alert customers that they're at risk of identity theft.

Risk 329

Risk 329

The Last Watchdog

DECEMBER 8, 2022

Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises. Related: Deploying employees as human sensors. Recent research from our team revealed that while consumers are being exposed to these kinds of attacks (31 percent of respondents reported they received these types of messages multiple times a day), they continue to disregard cyber safety guidelines.

Cybersecurity 203

Cybersecurity Passwords Ransomware Personal data 203

Security Affairs

DECEMBER 2, 2022

Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328 , with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.

Access 145

Access Security IT Information Security 145

eSecurity Planet

DECEMBER 1, 2022

The Wiz Research Team recently discovered a supply chain vulnerability in IBM Cloud that they say is the first to impact a cloud provider’s infrastructure. In a dramatic flair, they named the flaw Hell’s Keychain. The security issues were reported to IBM Cloud in late August, and were patched in early September. Before it was patched, an attacker with knowledge of the vulnerability could run malicious code and modify data being stored by any IBM Cloud customer using PostgreSQL.

Cloud 135

Cloud Access Security Passwords 135

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Schneier on Security

DECEMBER 12, 2022

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, cont

Encryption 135

Encryption Access IT Cloud 135

Krebs on Security

DECEMBER 20, 2022

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.

Data breaches 275

Data breaches Data collection Paper Personal data 275

Data Breach Today

DECEMBER 8, 2022

Indian Firm Accuses 'Notorious Cyber Security Company' in Ongoing Incident Indian cybersecurity firm CloudSEK says another cybersecurity firm used a compromised collaboration platform credential to obtain access to its training webpages. CEO Rahul Sasi did not identify the alleged perpetrator and says the hacker did not obtain access to the company code base and database.

Cybersecurity 328

Cybersecurity Access Security IT 328