Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.

Information Security 310

Information Security Communications IT Cybersecurity 310

Data Breach Today

SEPTEMBER 20, 2022

Cybercriminals Using Social Engineering, Phishing to Divert Payments Cybercriminals are netting multimillion-dollar hauls by targeting healthcare industry payment processing, the FBI warns. The criminals use publicly available personally identifiable information and deploy social engineering techniques to impersonate care providers.

Phishing 275

Phishing 275

Data Matters

SEPTEMBER 6, 2022

Privacy never sleeps in California. In recent days and as California’s legislative session comes to a close, there have been a number of significant legislative and regulatory developments in the state, each of which will likely (again) change the privacy landscape in California and, by extension, the rest of the country. For businesses operating in California or whose websites, products or services reach California residents, these changes mean new compliance obligations, some of which could

Privacy 197

Privacy B2B Sales Compliance 197

Security Affairs

SEPTEMBER 3, 2022

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information. The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information.

Data breaches 144

Data breaches Communications Cybersecurity Authentication 144

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

Artificial Intelligence

Troy Hunt

SEPTEMBER 8, 2022

The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor

Passwords 143

Passwords IoT Sales Data breaches 143

Krebs on Security

SEPTEMBER 9, 2022

Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions.

Sales 290

Sales Paper Risk IT 290

Data Breach Today

SEPTEMBER 20, 2022

Assume Password, Email and IPs Leaked as an Attempt to Export User Database Made One of the internet's worst websites is down following a weekend hack that may have exposed the email, password and IP address of Kiwi Farms yses. A statement on the site says hackers gained access to site administrator Joshua Moon's account. Site users stalk trans and non-binary people.

Passwords 340

Passwords Access 340

eSecurity Planet

SEPTEMBER 9, 2022

Nearly a quarter of healthcare organizations hit by ransomware attacks experienced an increase in patient mortality, according to a study from Ponemon Institute and Proofpoint released today. The report , “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care,” surveyed 641 healthcare IT and security practitioners and found that the most common consequences of cyberattacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of the healthcare prov

Ransomware 135

Ransomware Cybersecurity Cloud Phishing 135

Security Affairs

SEPTEMBER 2, 2022

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware README note (see Figure 1).

Ransomware 143

Ransomware Encryption File names IT 143

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

Dark Reading

SEPTEMBER 2, 2022

Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers.

Security 145

Security 145

IT Governance

SEPTEMBER 16, 2022

This week, we discuss allegations of data security failures at Twitter, a €405 million fine for Instagram, a cyber attack on InterContinental Hotels Group, and why Cloud security is so important. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. The post IT Governance Podcast Episode 8: Twitter, Instagram, InterContinental and Cloud security appeared first on IT Governance UK Blog.

Cloud 130

Cloud Government IT Security 130

Krebs on Security

SEPTEMBER 15, 2022

A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here’s a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.

IT 275

IT 275

Data Breach Today

SEPTEMBER 10, 2022

Log4Shell Vulnerability on VMWare Horizon Servers Exploited The Lazarus Group, a North Korean advanced persistent threat gang, recently targeted energy companies in Canada, the U.S. and Japan to establish long-term access into victim networks to conduct espionage operations by deploying custom-built malware implants, VSingle, YamaBot and MagicRAT.

Access 326

Access 326

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

eSecurity Planet

SEPTEMBER 22, 2022

During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

Encryption 126

Encryption Ransomware Cybersecurity Education 126

Security Affairs

SEPTEMBER 9, 2022

Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and media files.

Authentication 140

Authentication Security IT Information Security 140

WIRED Threat Level

SEPTEMBER 28, 2022

Want to speak up against Big Tech, unjust data collection, and surveillance? Here's how to be an activist in your community and beyond.

Data Privacy 145

Data Privacy Data collection Privacy Security 145

IT Governance

SEPTEMBER 20, 2022

Cyber crime is an increasingly lucrative business, with threat actors reportedly pocketing $6.9 billion (about £6 billion) last year. With the help of progressively more sophisticated techniques and organisations’ growing reliance on digital technology, it’s easy to see why there are so many breaches. Organisations are being urged to respond to the threat by investing more in cyber security defences, but if those solutions aren’t part of a cohesive strategy, the benefits will be minimal.

Phishing 126

Phishing Data breaches Risk Insurance 126

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Schneier on Security

SEPTEMBER 30, 2022

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were allowed to access on users’ mobile phones, 49 of which had additional permissions deemed “dangerous” by Google.

Privacy 126

Privacy Security GDPR Communications 126

Data Breach Today

SEPTEMBER 13, 2022

Attack Requires 2 People, Customized Gear and Very Close Proximity to the Victim Security researchers revealed yet another method for stealing a Tesla although the brand is one of the least-stolen cars and among the most recovered once pilfered. The newest example comes from internet of things security company IOActive in an attack involving two people and customized gear.

Security 283

Security 283

eSecurity Planet

SEPTEMBER 21, 2022

A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to those performed by TeamTNT, a threat actor specializing in cloud platforms and online instances such as Kubernetes clusters, Redis servers, and Docker APIs.

Cloud 126

Cloud Encryption Honeypots Mining 126

Security Affairs

SEPTEMBER 9, 2022

Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA). After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were offered for sale on the darkweb, the Portuguese agency discovered it has suffered a cyberattack. The Armed Forces General Staff (Portuguese: Estado-Maior-General das Forças Armadas), or EMGFA, is the supreme military body of Portugal.

Military 141

Military Sales Data breaches Cybersecurity 141

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

SEPTEMBER 29, 2022

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

Ransomware 123

Ransomware 123

IT Governance

SEPTEMBER 15, 2022

You’ll often see the terms cyber security and information security used interchangeably. That’s because, in their most basic forms, they refer to the same thing: the confidentiality, integrity and availability of information. But there’s a crucial difference between them that affects the way your organisation operates. In this blog, we explain what information security and cyber security are, the differences between them and how they fit into your data protection practices.

Information Security 126

Information Security Security Computer and Electronics Encryption 126

KnowBe4

SEPTEMBER 8, 2022

Researchers at Resecurity have discovered a new Phishing-as-a-Service (PhaaS) platform called “EvilProxy” that’s being offered on the dark web. EvilProxy is designed to target accounts on a variety of platforms, including Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, Yandex.

Phishing 123

Phishing 123

Data Breach Today

SEPTEMBER 9, 2022

Also: Vice Society Ransomware Gang Claims Credit for Attack The only surprising aspect of the ransomware attack against Los Angeles Unified School District is that it didn’t happen sooner. The district was warned of cybersecurity weaknesses in the 20 months leading to its ransomware attack. The Vice Society gang has claimed credit.

Risk 271

Risk Ransomware Cybersecurity IT 271

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Schneier on Security

SEPTEMBER 23, 2022

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].

Paper 123

Paper Privacy Access IT 123

Security Affairs

SEPTEMBER 8, 2022

Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 (CVSS score: 7.5) and CVE-2022-28199 (CVSS score: 8.6) respectively.

Authentication 137

Authentication Access Phishing Security 137

Preservica

SEPTEMBER 16, 2022

To celebrate this year's Electronic Records Day on October 10th, guest authors Pari Swift, Jacqueline Johnson, and the Ohio Records Committee share their thoughts on the key differences between document management systems and digital preservation systems in this blog post. According to the Council of State Archivists' site , "Electronic Records Day is designed to raise awareness among state government agencies, the general public, related professional organizations, and other stakeholders about

Digital preservation 122

Digital preservation Metadata Authentication Government 122