Sat.Jan 27, 2024 - Fri.Feb 02, 2024

article thumbnail

Facebook’s Extensive Surveillance Network

Schneier on Security

Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies.

Archiving 134
article thumbnail

Top Tips to Avoid Corporate Social Media Account Hijacking

Data Breach Today

Not a Good Look: Hijacked @SECgov Social Media Account Spews Bitcoin Rumors Social media accounts - especially those tied to government agencies, big-name companies and high-profile individuals - continue to be a top target for takeover by fraudsters and scammers, especially when it comes to X, formerly known as Twitter. What's the best way to keep these accounts secure?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Krebs on Security

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.

article thumbnail

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints. Related: The role of ‘attribute based encryption’ There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

Privacy 263
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Empowering Progress: How AIIM's Certification Transformed IsDB's Approach to Intelligent Information Management

AIIM

I am so honored that nine of my colleagues at Islamic Development Bank (IsDB) have successfully been Certified as “Certified Information Professional” (CIPs) by AIIM.

186
186

More Trending

article thumbnail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Passwords 338
article thumbnail

News alert: p0 launches from stealth, leverages Generative AI to improve software integrity

The Last Watchdog

New York City, New York – Jan. 30, 2024; In an increasingly competitive and malicious environment vulnerabilities in enterprise codebases can lead to catastrophic security failures. Many times these can be fatal for businesses built on a foundation of customer trust and reliability. Data security is the most fundamental promise that a business can make to its users.

Analytics 130
article thumbnail

Mercedes-Benz accidentally exposed sensitive data, including source code

Security Affairs

Researchers discovered that Mercedes-Benz accidentally left a private key online exposing internal data, including the company’s source code. RedHunt Labs researchers discovered that Mercedes-Benz unintentionally left a private key accessible online, thereby exposing internal data, including the company’s source code. It’s unclear if the data leak exposed customer data, RedHunt Labs shared its findings with TechCrunch and with the help of the media outlet notified the car maker.

Access 145
article thumbnail

Ivanti Discloses Additional Zero-Day That Is Being Exploited

Data Breach Today

Company Starts Patch Rollout for Flaws Exploited by Likely Chinese Intelligence Op Corporate VPN maker Ivanti on Wednesday began a belated patch rollout for zero-day flaws that many cybersecurity firms say paved the way for an espionage hacking operation likely conducted by China. Ivanti also disclosed two more zero-days and told customers that hackers are exploiting one of them.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Passkeys and The Beginning of Stronger Authentication

Thales Cloud Protection & Licensing

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable. Their own employees, even with their best efforts, remained the weakest link.

article thumbnail

News alert: Aembit, Crowdstrike partner to help companies tighten security of IAM workload access

The Last Watchdog

Silver Spring, Maryland, Jan. 30, 2024 — Aembit , the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, enforce and audit access between workloads, today announced the availability of a new integration with the industry-leading CrowdStrike Falcon® platform to give enterprises the ability to dynamically manage and enforce conditional access policies based on the real-time security posture of their applications and services.

Access 130
article thumbnail

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

Security Affairs

The Main Intelligence Directorate of Ukraine’s Ministry of Defense states that pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center. The Main Directorate of Intelligence of the Ministry of Defense of Ukraine revealed that pro-Ukraine hackers group “BO Team” wiped the database of the Far Eastern Scientific Research Center of Space Hydrometeorology “Planet.” The Russian center processes data received from satellites and also provides relevant p

IT 144
article thumbnail

Breach Roundup: CIA Hacking Tool Leaker Gets 40 Years

Data Breach Today

Also: Cloudflare Was Hacked With Stolen Okta Token This week, former CIA programmer gets 40-year sentence, zero trust prevents widespread damage, possible ransomware attack in Georgia, alleged hacker detained in Ukraine, USB-spread malware in Italy, LockBit attack on non-bank home mortgage lender, and Ukrainian critical infrastructure disrupted.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

A Self-Enforcing Protocol to Solve Gerrymandering

Schneier on Security

In 2009, I wrote : There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. Another way is for one person to divide the piece, and the other person to complain (to the police, a judge, or his parents) if he doesn’t think it’s fair. This also works, but still requires another person—­at least to resolve disputes.

Paper 130
article thumbnail

GUEST ESSAY: Leveraging real-time visibility to quell persistent ‘take-a-USB-stick-home’ attacks

The Last Watchdog

Each of us has probably sat through some level of cybersecurity awareness training during our professional lives. Related: Dangers of spoofed QR codes Stop and think before you click on a link within an email from an unexpected source. Don’t re-use a password across multiple sites. Beware over-sharing personal information online, especially on social media platforms.

Passwords 140
article thumbnail

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Security Affairs

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community.

Libraries 142
article thumbnail

FTC Blasts Blackbaud's 'Shoddy' Practices in Ransomware Hack

Data Breach Today

FTC Is Latest Agency to Rebuke Fundraising Firm for Lax Security in 2020 Attack The Federal Trade Commission is the latest regulatory agency taking action against fundraising and customer relationship management software provider Blackbaud in the aftermath of a 2020 ransomware incident that compromised the data of tens of thousands of clients and millions of consumers.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Telling a Story with Keynotes at AIIM Conference 2024

AIIM

Storytelling has been a trending tactic for event planners for the past couple years. And with good reason. Stories enrich experiences and make education and messaging more memorable. Here's how we are incorporating storytelling at the AIIM Conference 2024 in San Antonio, Texas, April 3-5 and some tips for how you can incorporate storytelling tactics when planning your own meetings and events.

Education 104
article thumbnail

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. But that doesn’t just include thermostats, printers, and other connected devices that you have to protect — it now means electric cars, too. Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered.

IoT 125
article thumbnail

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. BleepingComputer first reported the attack that hit the Sustainability Business division of the company on January 17th.

article thumbnail

SolarWinds Requests Court Dismiss Regulator's Fraud Case

Data Breach Today

Calls Securities and Exchange Commission's Cybersecurity Allegations 'Unfounded' Network monitoring software vendor SolarWinds moved to dismiss a federal lawsuit accusing the company and its CISO of securities fraud after they allegedly misstated the efficacy of its cybersecurity controls. Russian intelligence hacked the company in an incident disclosed in 2020.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

News alert: Oasis Security raises $40M funding to automate the lifecycle of non-human identities

The Last Watchdog

Tel Aviv, Israel, Jan. 31, 2024 — Oasis Security , the leading provider of Non-human Identity Management (NIM) solutions, announced today that it raised a total of $40 million funding led by Sequoia Capital (Doug Leone, Bogomil Balkansky), alongside Accel (Andrei Brasoveanu), Cyberstarts (Lior Simon) and Maple Capital. Guy Podjarny, founder of Snyk and Michael Fey, Co-Founder and CEO of Island, also participated in the financing.

Security 100
article thumbnail

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

eSecurity Planet

Cloud storage security issues refer to the operational and functional challenges that organizations and consumers encounter when storing data in the cloud. The issues stem from internal lapses or deficiencies and may not always include external threats. Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data.

Cloud 127
article thumbnail

Hundreds of network operators’ credentials found circulating in Dark Web

Security Affairs

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from infostealer infections.

Passwords 140
article thumbnail

Cryptohack Roundup: 2024's Biggest Heist - So Far

Data Breach Today

Also: US Courts Announce Guilty Pleas and Hand Out Sentences in Crypto-Linked Cases This week, a Ripple co-founder and a karaoke platform were hacked, Mexican crypto banks were targeted, authorities seized crypto in the U.S. and Germany, the DOJ made charges in crypto cases, people pleaded guilty to money laundering and SIM swapping, monero was traced, and FTX will not restart.

278
278
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

News alert: Reken raises $10M from Greycroft to protect against generative AI-enabled fraud

The Last Watchdog

San Francisco, Calif., Jan. 31, 2024 – Reken, an AI & cybersecurity company, today announced the close of its $10M oversubscribed seed round, led by Greycroft and FPV Ventures. Other investors in the round include Firebolt Ventures, Fika Ventures, Omega Venture Partners, Homebrew, and JAZZ Venture Partners. The funding will be used for core research and development to build new AI technology and products to protect against generative AI threats, such as deepfake social engineering and autono

article thumbnail

David Kahn

Schneier on Security

David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed.

118
118
article thumbnail

750 million Indian mobile subscribers’ data offered for sale on dark web

Security Affairs

Data of 750 million Indian mobile subscribers was offered for sale on dark web hacker forums earlier in January. CloudSEK researchers warned that a database containing data of 750 million Indian mobile subscribers was offered for sale on dark web hacker forums earlier in January. According to the researchers, at least two cybercrime gangs, CYBO CREW affiliates known as CyboDevil and UNIT8200, were offering the database for $3,000.

Sales 139