Data Breach Today
NOVEMBER 1, 2023
As Ed Gerck Readies Research Paper, Security Experts Say They Want to See Proof A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world's most commonly used public key algorithm. If true, this would be a breakthrough that comes years before experts predicted. Now, they're asking for proof.
Krebs on Security
NOVEMBER 11, 2023
In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
NOVEMBER 19, 2023
A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. Related: Russia puts the squeeze on US supply chain This cost the Las Vegas gambling meccas more than $100 million while damaging their reputations. As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA).
Data Breach Today
NOVEMBER 13, 2023
Report Reveals How Hackers Targeted Danish Energy Infrastructure in Sweeping Attack Critical infrastructure operators across Denmark experienced the most extensive cybersecurity incident in Danish history earlier this year when hackers exploited zero-day vulnerabilities in firewalls meant to protect their networks from attacks, according to a new report published by SektorCERT.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
WIRED Threat Level
NOVEMBER 20, 2023
A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
NOVEMBER 6, 2023
Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure. Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “To use GRC, only a Gmail account is require
Security Affairs
NOVEMBER 30, 2023
A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne live hacking event H1-4420. Zoom Rooms is a feature of the Zoom video conferencing platform designed to enhance collaboration in physical meeting spaces, such as conference rooms or huddle rooms.
Security Affairs
NOVEMBER 11, 2023
The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. A joint international operation conducted by the Malaysian police, the FBI, and the Australian Federal Police took down several domains employed in the cybercriminal operation. “We seized around RM960,000 put inside an e-wallet, apart from other
Security Affairs
NOVEMBER 25, 2023
The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site. Energy China [link] TL;DR That's huuuge! China Energy Engineering Group ranks 3rd in ENR Top 150 Global Engineering Design Firms and 13th in ENR Top 250 Global Contractors.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Security Affairs
NOVEMBER 3, 2023
The FSB arrested two Russian hackers who are accused of having helped Ukrainian entities carry out cyberattacks on critical infrastructure targets. The Russian intelligence agency Federal Security Service (FSB) arrested two individuals who are suspected of supporting Ukrainian entities to carry out cyberattacks to disrupt Russian critical infrastructure.
Security Affairs
NOVEMBER 12, 2023
The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital. In early November, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it was experiencing a computer network incident that prevented the hospital from accessing some of its systems and severely limiting the operability of its phone system.
Security Affairs
NOVEMBER 24, 2023
Almost a million files with minors’ data, including home addresses and photos were left open to anyone on the internet, posing a threat to children. During a recent investigation, the Cybernews research team discovered that IT company Appscook – which develops applications used by more than 600 schools in India and Sri Lanka for education management – leaked a staggering amount of sensitive data, including photos of minors, home addresses, and birth certificates, due to a misconfiguration
Security Affairs
NOVEMBER 3, 2023
Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained access to files belonging to 134 customers, the company revealed. Some of the files accessed by the attackers are HAR files that contained session tokens. According to the company, the threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
NOVEMBER 10, 2023
After ChatGPT, Anonymous Sudan took down the Cloudflare website with a distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. Cloudflare confirmed that a DDoS attack took down its website for a few minutes and ponited out that it did not impact other products or services. “ To be clear, there was no Cloudflare breach.
Security Affairs
NOVEMBER 13, 2023
North Korea-linked APT group Sapphire Sleet set up bogus skills assessment portals in attacks aimed at IT job seekers. The North Korea-linked APT group Sapphire Sleet (aka APT38 , BlueNoroff , CageyChameleon , and CryptoCore ) is considered a sub-group of the popular Lazarus APT group. The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks.
Security Affairs
NOVEMBER 9, 2023
On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. Cybercriminals are hardly a trustworthy bunch. Case in point: Dolly.com. The Cybernews research team believes that the platform suffered a ransomware attack and at least partially paid the ransom – but was duped. The attackers complained that the payment wasn’t generous enough and published the stolen data.
Security Affairs
NOVEMBER 3, 2023
Researchers disclosed four zero-day flaws in Microsoft Exchange that can be remotely exploited to execute arbitrary code or disclose sensitive information on vulnerable installs. Trend Micro’s Zero Day Initiative (ZDI) disclosed four zero-day vulnerabilities in Microsoft Exchange that can be remotely exploited by an authenticated attacker to execute arbitrary code or disclose sensitive information on vulnerable installs.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
NOVEMBER 19, 2023
8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads.
Security Affairs
NOVEMBER 2, 2023
Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. Cloud identity and access management solutions provider Okta warns nearly 5,000 employees that their personal information was exposed due to a data breach suffered by the third-party vendor Rightway Healthcare. According to the data breach notification, Rightway Healthcare notified Okta that an unauthorized actor gained access an eligibility census file maintained by
Security Affairs
NOVEMBER 16, 2023
Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations.
Security Affairs
NOVEMBER 20, 2023
The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. The British Library is a research library in London that is the national library of the United Kingdom. It is one of the largest libraries in the world.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
NOVEMBER 29, 2023
The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. King Edward VII’s Hospital is a private hospital located on Beaumont Street in the Marylebone district of central London. It is a leading provider of acute and specialist medical care, with a focus on musculoskeletal health, urology, women’s health, and digestive health.
Security Affairs
NOVEMBER 27, 2023
Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ The attack is the result of a complex special cyber operation. “The Defence Intelligence of Ukraine informs that as a result of a successful complex special operation in cyberspace, a large volume of confidential documents of the
Security Affairs
NOVEMBER 17, 2023
Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unauthorized activity on systems in a limited number of its locations. “Toyota Financial Services Europe & Africa recently identified unauthorised activity on systems in a limited number of its locations.
Security Affairs
NOVEMBER 26, 2023
The cyber attack that hit the managed service provider (MSP) CTS potentially impacted hundreds in the United Kingdom. CTS is a trusted provider of IT services to the legal sector in the UK. The company announced that it is investigating a cyber attack that caused a service outage. The incident impacted a portion of the services. The security incident potentially impacted hundreds of British law firms. “ We are experiencing a service outage which has impacted a portion of the services we de
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
NOVEMBER 23, 2023
Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of the ClearFake campaign. Atomic Stealer (AMOS) macOS information stealer is now being delivered via a fake browser update chain tracked as ClearFake, Malwarebytes researchers warn. The malware focuses on macOS, designed to pilfer sensitive information from the compromised systems.
Security Affairs
NOVEMBER 24, 2023
Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations. Aqua Nautilus researchers warn of publicly exposed Kubernetes configuration secrets that put organizations at risk of supply chain attacks. The experts noticed that these misconfigurations impact hundreds of organizations and open-source projects.
Security Affairs
NOVEMBER 16, 2023
Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.
Expert insights. Personalized for you.
364 
Let's personalize your content