Sat.Aug 05, 2023 - Fri.Aug 11, 2023

article thumbnail

Law Enforcement Takes Down Phishing As A Service Site

Data Breach Today

Authorities In Multiple Countries Arrest Operators of 16Shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 236
article thumbnail

Understanding Security Frameworks: Guide for IT Security Professionals

Jamf

In this webinar series, Aaron Webb explains what security frameworks are, their importance and explains the critical role they play when securing your organization’s environment. This includes the importance of establishing risk management and compliance best practices and how Jamf solutions brings together device management, user identity and endpoint security for a comprehensive security solution based on the security framework that meets your organizational needs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

It's Time for Cybersecurity to Talk About Climate Change

Dark Reading

From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.

article thumbnail

Black Hat insights: JupiterOne’s whodunnit puts CISOs on the trail of solving a devastating breach

The Last Watchdog

LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach. Related: A call to regulate facial recognition That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Colorado Warns Ransomware Attack Caused Massive Data Breach

Data Breach Today

Information From 2004 to 2020 Exposed for High School Students, Teachers and Others Colorado's Department of Higher Education is warning that it suffered a ransomware attack in June, in which attackers stole personal data on current and past students and teachers, dating from 2004 to 2020. While the state has yet to wrap its probe, the victim count could be massive.

More Trending

article thumbnail

AI and the Role of the Board of Directors

Data Matters

Artificial intelligence (AI) has the capacity to disrupt entire industries, with implications for corporate strategy and risk, stakeholder relationships, and compliance that require the attention of the board of directors. The post AI and the Role of the Board of Directors appeared first on Data Matters Privacy Blog.

article thumbnail

Black Hat Fireside Chat: Horizon3.ai makes a strong case for continuous, self-service pentesting

The Last Watchdog

LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time. Related: Going on the security offensive Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.

Risk 189
article thumbnail

Spanish Police Arrest 3 Suspected of Payment Card Fraud

Data Breach Today

Cybercrime Group Defrauded Nearly 200,000 Euros Spanish police estimate that a group that mainly targeted ATMs of Spanish national banks using cloned payment cards had fraudulently pocketed nearly 196,000 euros. Authorities arrested three suspected members of the group Sunday in the Spanish coastal city of Valencia.

246
246
article thumbnail

What is SASE? Secure Access Service Service Edge Explained

eSecurity Planet

Large, sprawling organizations often struggle to apply consistent security policies outside of their network to remote workers accessing cloud-hosted resources, branch offices, and edge computing. Secure access service edge (SASE) provides an integrated service solution to secure large virtual networks that encompasses users and resources no matter where they are or how they access each other.

Access 104
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

SEC Proposes Sweeping New Rules on Use of Data Analytics by Broker-Dealers and Investment Advisers

Data Matters

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC or Commission) proposed new rules for broker-dealers (Proposed Rule 15(1)-2) and investment advisers (Proposed Rule 211(h)(2)-4) on the use of predictive data analytics (PDA) and PDA-like technologies in any interactions with investors. 1 However, as discussed below, the scope of a “covered technology” subject to the rules is much broader than what most observers would consider to constitute predictive data analytics.

Analytics 147
article thumbnail

GUEST ESSAY: Why any sudden influx of spam emails is an indicator of a likely security issue

The Last Watchdog

We all get spam emails, and while it’s annoying, it’s not usually anything to worry about. However, getting a huge influx of spam at once is a warning sign. People suddenly getting a lot of spam emails may be the target of a sophisticated cyber-attack. Related: How AI can relieve security pros What causes spam emails? Someone leaking, stealing or selling account information can cause a sudden influx of spam emails.

Security 188
article thumbnail

Rubrik Buys Startup Laminar to Unify Cyber Posture, Recovery

Data Breach Today

Rubrik Spent More Than $100M to Acquire the Data Security Posture Management Vendor Rubrik purchased a data security posture management startup backed by Salesforce and SentinelOne to provide visibility into where a company's data lives and who has access. The Laminar buy will help organizations expand beyond network and endpoint security and into cloud and data security.

Cloud 246
article thumbnail

Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR

Dark Reading

A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems.

98
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Power Generator in South Africa hit with DroxiDat and Cobalt Strike

Security Affairs

Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant of the SystemBC proxy malware, named DroxiDat, in an attack against a power generation company in southern Africa.

article thumbnail

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

Palo Alto, Calif., Aug. 8, 2023 – SandboxAQ today announced Sandwich, an open source framework and meta-library of cryptographic algorithms that simplifies modern cryptography management. With an intuitive, unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications and to change them as technologies and threats evolve – without rewriting code.

Libraries 188
article thumbnail

Lawsuits Mounting Against Florida Hospital in Wake of Breach

Data Breach Today

So Far, 3 Proposed Class Actions Allege Negligence in Case Affecting 1.3M People Tampa General Hospital is facing at least three proposed federal class action lawsuits filed in recent days following the nonprofit Florida healthcare provider's disclosure late last month of a data theft incident that affected 1.3 million patients and employees.

245
245
article thumbnail

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung On July 24, 2023, the People’s Bank of China (“ PBOC ”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“ Draft Measures” ) for public consultation, which closes on August 24, 2023. The Draft Measures regulate the processing of electronic data collected and generated during the course of business activities that are under the supervision and management of

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The Evolution of API: From Commerce to Cloud

Security Affairs

API (or Application Programming Interface) is a ubiquitous term in the tech community today, and it’s one with a long history. As a concept, APIs (or Application Programming Interfaces) have been around since the 1950s. What started out as a potential method to facilitate communication between two computers then evolved to describe the interaction between a singular application and the rest of the computer system in the 60s and 70s.

Cloud 98
article thumbnail

Black Hat Fireside Chat: ‘UEM’ solutions seek to protect endpoints, preserve user experience

The Last Watchdog

LAS VEGAS — Shadow IT and BYOD security exposures have long bedeviled businesses – ever since the iPhone and Dropbox first came on the scene. Covid 19 only intensified the problem of how to securely manage the personally owned devices and unvetted apps employees gravitate to. At Black Hat USA 2023 , taking place here this week, suppliers of unified endpoint management ( UEM ) solutions collectively will lay out a roadmap for resolving Shadow IT and BYOD once and for all.

Security 186
article thumbnail

Nigerian Man Admits to $1.3M Business Email Compromise Scam

Data Breach Today

Scammers Used Malware and Spoofed Domain Name to Trick UK Financial Services Firm A Nigerian national has pleaded guilty to participating in a business email compromise scheme that stole $1.25 million from a Boston investment firm. Perpetrators used malware to intercept an employee's emails as well as spoofed email accounts to trick the employee's London financial services firm.

article thumbnail

Watch the Accenture + Collibra Fireside Chat: Drive trusted AI for your organization

Collibra

Is your organization excited by the potential of generative AI? As a data practitioner, are you wondering how you’ll navigate your company’s journey to LLM-inspired success? You’re in luck. Recently, Collibra’s Co-founder & Chief Data Citizen, Stijn “Stan” Christiaens, and Accenture’s Cloud First Chief Technologist, Teresa Tung, sat down to chat about the current craze around generative AI and the renewed importance of data.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. The flaw is a command injection vulnerability that resides in the Remote System Log forwarding function, which is accessible by an unauthenticated user.

Access 97
article thumbnail

News alert: Fireblocks uncovers vulnerabilities impacting dozens of major wallet providers

The Last Watchdog

New York, N.Y., Aug.9, 2023 – Today, the Fireblocks Cryptography Research Team announced the findings of multiple zero-day vulnerabilities in some of the most used cryptographic multi-party computation (MPC) protocols, including GG-18, GG-20, and implementations of Lindell 17. If left unremediated, the exposures would allow attackers and malicious insiders to drain funds from the wallets of millions of retail and institutional customers in seconds, with no knowledge to the user or vendor.

Retail 100
article thumbnail

Rapid7 Lays Off 18% of Employees Amid Shift to MDR Services

Data Breach Today

Loss of 470 Workers Is Cybersecurity Industry's Second-Largest Workforce Reduction Rapid7 will lay off close to 1 in 5 of its employees in cuts that amount to the second-largest round of layoffs of any pure-play cybersecurity company since worries about an economic downturn began percolating in spring 2022. The vendor will reduce its 2,623-person staff by 18%.

article thumbnail

What Is Cloud Security Posture Management (CSPM)?

eSecurity Planet

Cloud security posture management (CSPM) discovers and manages infrastructure and configuration risks across cloud environments. As most cloud security failures are due to customer error, CSPM’s ability to find and fix those errors has made it a critical cloud security tool. CSPM ensures cloud computing security and compliance by incorporating risk management capabilities to discover, analyze, and manage infrastructure and configuration risks across cloud environments and infrastructure.

Cloud 98
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CISA adds actively exploited flaw in.NET, Visual Studio to its Known Exploited Vulnerabilities catalog

Security Affairs

US CISA added zero-day vulnerability CVE-2023-38180 affecting.NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting.NET and Visual Studio to its Known Exploited Vulnerabilities Catalog.

IT 98
article thumbnail

Recent Updates From our Office

National Archives Records Express

We would like to call your attention to three recent releases from our office. First, the GRS team has recently produced an updated version of the machine-implementable GRS file. This update adds a new field containing the full disposition instruction in text form. We produce this version of the GRS as a resource for agencies. Agencies can upload the CSV file into their records management systems as an aid to applying the GRS to their records.

article thumbnail

Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails

Data Breach Today

Threat Actor Coaxes Users Into Downloading MerlinAgent Hackers attempting to spy on the Ukrainian government are using an open-source remote access Trojan, said Kyiv cyber defenders. The RAT, MerlinAgent, is available on GitHub. The threat actor spoofed the Computer Emergency Response Team of Ukraine in phishing emails.

Phishing 242