Sat.Aug 05, 2023 - Fri.Aug 11, 2023

article thumbnail

Law Enforcement Takes Down Phishing As A Service Site

Data Breach Today

Authorities In Multiple Countries Arrest Operators of 16Shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 244
article thumbnail

Understanding Security Frameworks: Guide for IT Security Professionals

Jamf

In this webinar series, Aaron Webb explains what security frameworks are, their importance and explains the critical role they play when securing your organization’s environment. This includes the importance of establishing risk management and compliance best practices and how Jamf solutions brings together device management, user identity and endpoint security for a comprehensive security solution based on the security framework that meets your organizational needs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

It's Time for Cybersecurity to Talk About Climate Change

Dark Reading

From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.

article thumbnail

Black Hat insights: JupiterOne’s whodunnit puts CISOs on the trail of solving a devastating breach

The Last Watchdog

LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach. Related: A call to regulate facial recognition That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Spanish Police Arrest 3 Suspected of Payment Card Fraud

Data Breach Today

Cybercrime Group Defrauded Nearly 200,000 Euros Spanish police estimate that a group that mainly targeted ATMs of Spanish national banks using cloned payment cards had fraudulently pocketed nearly 196,000 euros. Authorities arrested three suspected members of the group Sunday in the Spanish coastal city of Valencia.

246
246

More Trending

article thumbnail

AI and the Role of the Board of Directors

Data Matters

Artificial intelligence (AI) has the capacity to disrupt entire industries, with implications for corporate strategy and risk, stakeholder relationships, and compliance that require the attention of the board of directors. The post AI and the Role of the Board of Directors appeared first on Data Matters Privacy Blog.

article thumbnail

Black Hat Fireside Chat: Horizon3.ai makes a strong case for continuous, self-service pentesting

The Last Watchdog

LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time. Related: Going on the security offensive Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.

Risk 189
article thumbnail

Lawsuits Mounting Against Florida Hospital in Wake of Breach

Data Breach Today

So Far, 3 Proposed Class Actions Allege Negligence in Case Affecting 1.3M People Tampa General Hospital is facing at least three proposed federal class action lawsuits filed in recent days following the nonprofit Florida healthcare provider's disclosure late last month of a data theft incident that affected 1.3 million patients and employees.

246
246
article thumbnail

What is SASE? Secure Access Service Service Edge Explained

eSecurity Planet

Large, sprawling organizations often struggle to apply consistent security policies outside of their network to remote workers accessing cloud-hosted resources, branch offices, and edge computing. Secure access service edge (SASE) provides an integrated service solution to secure large virtual networks that encompasses users and resources no matter where they are or how they access each other.

Access 103
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

SEC Proposes Sweeping New Rules on Use of Data Analytics by Broker-Dealers and Investment Advisers

Data Matters

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC or Commission) proposed new rules for broker-dealers (Proposed Rule 15(1)-2) and investment advisers (Proposed Rule 211(h)(2)-4) on the use of predictive data analytics (PDA) and PDA-like technologies in any interactions with investors. 1 However, as discussed below, the scope of a “covered technology” subject to the rules is much broader than what most observers would consider to constitute predictive data analytics.

Analytics 113
article thumbnail

GUEST ESSAY: Why any sudden influx of spam emails is an indicator of a likely security issue

The Last Watchdog

We all get spam emails, and while it’s annoying, it’s not usually anything to worry about. However, getting a huge influx of spam at once is a warning sign. People suddenly getting a lot of spam emails may be the target of a sophisticated cyber-attack. Related: How AI can relieve security pros What causes spam emails? Someone leaking, stealing or selling account information can cause a sudden influx of spam emails.

Security 188
article thumbnail

Rubrik Buys Startup Laminar to Unify Cyber Posture, Recovery

Data Breach Today

Rubrik Spent More Than $100M to Acquire the Data Security Posture Management Vendor Rubrik purchased a data security posture management startup backed by Salesforce and SentinelOne to provide visibility into where a company's data lives and who has access. The Laminar buy will help organizations expand beyond network and endpoint security and into cloud and data security.

Cloud 246
article thumbnail

The Evolution of API: From Commerce to Cloud

Security Affairs

API (or Application Programming Interface) is a ubiquitous term in the tech community today, and it’s one with a long history. As a concept, APIs (or Application Programming Interfaces) have been around since the 1950s. What started out as a potential method to facilitate communication between two computers then evolved to describe the interaction between a singular application and the rest of the computer system in the 60s and 70s.

Cloud 98
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Verizon expands Jamf partnership for enhanced MDM and security

Jamf

The partnership between Verizon and Jamf continues to grow, extending access to Jamf’s comprehensive solutions for mobile device management and security.

MDM 98
article thumbnail

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

Palo Alto, Calif., Aug. 8, 2023 – SandboxAQ today announced Sandwich, an open source framework and meta-library of cryptographic algorithms that simplifies modern cryptography management. With an intuitive, unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications and to change them as technologies and threats evolve – without rewriting code.

Libraries 188
article thumbnail

Colorado Warns Ransomware Attack Caused Massive Data Breach

Data Breach Today

Information From 2004 to 2020 Exposed for High School Students, Teachers and Others Colorado's Department of Higher Education is warning that it suffered a ransomware attack in June, in which attackers stole personal data on current and past students and teachers, dating from 2004 to 2020. While the state has yet to wrap its probe, the victim count could be massive.

article thumbnail

Power Generator in South Africa hit with DroxiDat and Cobalt Strike

Security Affairs

Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant of the SystemBC proxy malware, named DroxiDat, in an attack against a power generation company in southern Africa.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Be Aware of SEO and Waterhole Attacks

KnowBe4

Most social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The attackers take an active role in seeking out and making contact with their victims. For that reason, we often say that everyone needs to be initially suspicious of any unrequested contact, no matter how it arrives, that is requesting an action that if performed by the receiver, could harm their or their organization’s i

IT 98
article thumbnail

Black Hat Fireside Chat: ‘UEM’ solutions seek to protect endpoints, preserve user experience

The Last Watchdog

LAS VEGAS — Shadow IT and BYOD security exposures have long bedeviled businesses – ever since the iPhone and Dropbox first came on the scene. Covid 19 only intensified the problem of how to securely manage the personally owned devices and unvetted apps employees gravitate to. At Black Hat USA 2023 , taking place here this week, suppliers of unified endpoint management ( UEM ) solutions collectively will lay out a roadmap for resolving Shadow IT and BYOD once and for all.

Security 186
article thumbnail

Rapid7 Lays Off 18% of Employees Amid Shift to MDR Services

Data Breach Today

Loss of 470 Workers Is Cybersecurity Industry's Second-Largest Workforce Reduction Rapid7 will lay off close to 1 in 5 of its employees in cuts that amount to the second-largest round of layoffs of any pure-play cybersecurity company since worries about an economic downturn began percolating in spring 2022. The vendor will reduce its 2,623-person staff by 18%.

article thumbnail

CISA adds actively exploited flaw in.NET, Visual Studio to its Known Exploited Vulnerabilities catalog

Security Affairs

US CISA added zero-day vulnerability CVE-2023-38180 affecting.NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting.NET and Visual Studio to its Known Exploited Vulnerabilities Catalog.

IT 98
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating

WIRED Threat Level

Security researchers accessed an internal camera inside the Deckmate 2 shuffler to learn the exact deck order—and the hand of every player at a poker table.

Access 98
article thumbnail

News alert: Fireblocks uncovers vulnerabilities impacting dozens of major wallet providers

The Last Watchdog

New York, N.Y., Aug.9, 2023 – Today, the Fireblocks Cryptography Research Team announced the findings of multiple zero-day vulnerabilities in some of the most used cryptographic multi-party computation (MPC) protocols, including GG-18, GG-20, and implementations of Lindell 17. If left unremediated, the exposures would allow attackers and malicious insiders to drain funds from the wallets of millions of retail and institutional customers in seconds, with no knowledge to the user or vendor.

Retail 100
article thumbnail

ISMG Editors: The White House Drive to Secure Code With AI

Data Breach Today

Also: Crypto's Bonnie and Clyde Plead Guilty; Hackers Hacking Hackers In the latest weekly update, ISMG editors discuss the White House's debut of a $20 million contest to exterminate bugs with AI, a New York man admitting to being behind the Bitfinex hack, and a new malware campaign that is targeting newbie cybercriminals in order to steal sensitive information.

Security 245
article thumbnail

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR

Dark Reading

A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems.

98
article thumbnail

News alert: Picus Security attack simulations report reveals organizations prevent 6 of 10 attacks

The Last Watchdog

San Francisco, Calif., Aug. 8, 2023 – Picus Security , the pioneer of Breach and Attack Simulation (BAS) technology, has released The Blue Report 2023. Based on an analysis of more than 14 million cyber attacks simulated by The Picus Platform*, the report highlights four “impossible trade-offs” limiting modern security teams’ ability to manage their organization’s threat exposure.

Security 100
article thumbnail

Nigerian Man Admits to $1.3M Business Email Compromise Scam

Data Breach Today

Scammers Used Malware and Spoofed Domain Name to Trick UK Financial Services Firm A Nigerian national has pleaded guilty to participating in a business email compromise scheme that stole $1.25 million from a Boston investment firm. Perpetrators used malware to intercept an employee's emails as well as spoofed email accounts to trick the employee's London financial services firm.