Sat.Jun 25, 2022 - Fri.Jul 01, 2022

article thumbnail

Russian Cyberattack on Ukrainian TV Channels Blocked

Data Breach Today

Ukraine Fights Russian Disinformation Perpetuated by Hacking and Social Media Ukraine says it has thwarted multiple Russian misinformation campaigns, including blocking attempts to penetrate the electronic systems of its TV channels on the eve of its Constitution Day holiday. It also flagged social media accounts spreading fake videos.

IT 341
article thumbnail

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Goo

Passwords 273
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

The Last Watchdog

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say

Security 258
article thumbnail

Reflecting on the UK Inaugural DaTA Conference: Top Five Trends to Watch as Global Regulators Step up Enforcement in Digital Markets

Data Matters

Last week, the UK Competition and Markets Authority (CMA) hosted its inaugural Data, Technology, and Analytics (DaTA) Conference. The CMA DaTa Conference has been hailed as a milestone as it convened for the first time regulators, data scientists, engineers, tech companies, and academics to discuss evolving challenges in digital markets. The conference coincided with London Tech Week, during which Chris Philp, UK Minister for Tech and the Digital Economy, unveiled a new UK Digital Strategy: the

Marketing 157
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Malware Breach Affects 1.2 Million Medical Center Patients

Data Breach Today

Baptist Medical Center Latest on Growing List of Entities Reporting Major Hacks A malware incident involving exfiltration of data has affected more than 1.24 million patients of Texas-based Baptist Medical Center and Resolute Health Hospital. It adds to a growing list of major health data breaches reported to regulators in recent weeks as affecting millions of individuals.

More Trending

article thumbnail

Fireside chat: The inevitable replacement of VPNs by ‘ZTNA’ — zero trust network access

The Last Watchdog

Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon. This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to zero trust security principles. I had the chance to visit with David Holmes, network security analyst at Forrester, to learn more about how this dichotomy is playing out as companies accelerate their transition to cloud-centric networking.

Access 216
article thumbnail

Nearly a Million Kubernetes Instances Exposed on Internet

eSecurity Planet

Cybersecurity researchers have found more than 900,000 instances of Kubernetes consoles exposed on the internet. Cyble researchers detected misconfigured Kubernetes instances that could expose hundreds of thousands of organizations. The researchers found a number of indicators of exposure in the open source container orchestration platform: KubernetesDashboard Kubernetes-master Kubernetes Kube K8 Favicon:2130463260, -1203021870.

Risk 143
article thumbnail

Lawsuits in Wake of MCG Health Data Breach Start Piling Up

Data Breach Today

Four Proposed Federal Class Action Lawsuit Filed So Far This Week Four proposed federal class action lawsuits filed in recent days against MCG Health LLC in the wake of a recently disclosed 2020 hacking incident affecting up to 1.1 million individuals allege negligence and violations of various laws by the clinical guidelines vendor.

article thumbnail

WWDC news: Platform Single Sign-On and the future of user logins

Jamf

Apple’s WWDC 2022 announcements included news of a new framework built for identity providers in macOS Ventura, making it easier for users to access cloud services. While Apple continues development on the framework, it may prove to be the easiest way to authenticate to your Mac and organizational apps in the future By leveraging Jamf Connect to automate creating new, on-demand local user accounts based on the identity provider credentials, users can take full advantage of Single Sign-On (

Passwords 139
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

GUEST ESSAY: The many benefits of infusing application security during software ‘runtime’

The Last Watchdog

Vulnerabilities in web applications are the leading cause of high-profile breaches. Related: Log4J’s big lesson. Log4j, a widely publicized zero day vulnerability, was first identified in late 2021, yet security teams are still racing to patch and protect their enterprise apps and services. This notorious incident highlights the security risks associated with open-source software, and the challenges of protecting web applications against zero day attacks.

Security 211
article thumbnail

The government of Lithuania confirmed it had been hit by an intense cyberattack

Security Affairs

Lithuania confirmed it had been hit by an “intense” cyberattack, after Vilnius imposed restrictions on the rail transit of certain goods to Kaliningrad. The government of Lithuania announced on Monday that it had been hit by an “intense” cyberattack, likely launched from Moscow, days after the Russian government protested restrictions Vilnius imposed on the rail transit of certain goods to Kaliningrad.

article thumbnail

Putting Cyberthreat Intelligence Data Into Action

Data Breach Today

How can CISOs put the cyberthreat intelligence data they receive into practice? Kunal Sehgal, former director of global cyber resilience at Standard Chartered Bank, discusses how different industries use cyberthreat intelligence and explains misconceptions about sharing information.

307
307
article thumbnail

Hacking Linux is Easy with PwnKit

eSecurity Planet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added PwnKit as a high-severity Linux vulnerability to its list of actively exploited bugs. Recorded as CVE-2021-4034 , with a CVSS score of 7.8/10, PwnKit was discovered by Qualys in November 2021 and can be used by hackers to gain full root control over major Linux distributions.

Archiving 139
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

List of Data Breaches and Cyber Attacks in June 2022 – 34.9 Million Records Breached

IT Governance

Welcome to our June 2022 review of data breaches and cyber attacks. We identified 80 security incidents during the month, resulting in 34,908,053 compromised records. You can find the full list below, broken down into categories. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.

article thumbnail

LockBit 3.0 introduces important novelties, including a bug bounty program

Security Affairs

The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important noveòties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is one of the most active ransomware gangs.

article thumbnail

Italian Watchdog Says Google Analytics a Privacy Violation

Data Breach Today

Absence of Trans-Atlantic Data Framework Converts Analytics Tool Into a Risk Italy joined France and Austria in warning domestic companies to shy away from Google Analytics. The decision by the Italian data protection authority highlights ongoing legal uncertainty trans-Atlantic transfers of commercial data.

Analytics 275
article thumbnail

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Troy Hunt

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Later in 2018, I did the same thing with the email address search feature used by Mozilla, 1Password and a handful of other paying subscribers. It works beautifully; it's ridiculously fast, efficient and above all, anonymous.

Passwords 122
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Meals on Wheels Disrupted by Suspected Ransomware Attack

IT Governance

The UK’s largest ready-meal provider, Wiltshire Farm Foods, announced this week that its systems have been crippled by a cyber attack. In a statement , the Trowbridge-based organisation said it was “currently experiencing severe difficulties” with its IT network. The disruption has caused major problems for the delivery of Meals on Wheels, a service that brings food to the elderly and vulnerable.

article thumbnail

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

Security Affairs

Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. The explosion took place at the Freeport Liquefied Natural Gas (Freeport LNG) liquefaction plant and export terminal on Texas’ Quintana Island.

Military 131
article thumbnail

Latest Blow Falls on the 'Scourge of Passwords'

Data Breach Today

FIDO Alliance Leader Andrew Shikiar on New Deal With Google, Apple and Microsoft Tired of keeping track of passwords? Recent announcements by major platform vendors Google, Apple and Microsoft could have passwords down for the count in the next six years, says Andrew Shikiar, executive director of the FIDO Alliance, which has been on a 10-year mission to eliminate passwords.

Passwords 264
article thumbnail

Highly Sophisticated Malware Attacks Home and Small Office Routers

eSecurity Planet

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. Such routers are rarely monitored or up-to-date, making them attractive targets for hackers to reach adjacent corporate networks.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Celebrity Crypto Scams Just Keep on Getting Worse

KnowBe4

Bloomberg News recently reported that fake celebrity-endorsed crypto scams have doubled in the UK this year, and on average scammed victims out of $14,540 in stolen value before they realize what happened, which is 65% higher than the average crypto scam theft from the previous year. The article’s source expects celebrity-endorsed crypto scams to increase another 87% next year based on current rising trends.

117
117
article thumbnail

Latest OpenSSL version is affected by a remote memory corruption flaw

Security Affairs

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker.

Libraries 129
article thumbnail

OpenSea Customer Emails Exposed in Third-Party Breach

Data Breach Today

No Bored Apes Were Harmed In Breach Affecting Millions of Users Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks. The cause was a rogue employee at a third party email delivery vendor.

Phishing 246
article thumbnail

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. (“Carnival”), the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation (23 NYCRR Part 500) in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. .

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What’s new in OpenText Identity and Access Management

OpenText Information Management

June 2022: OpenText Identity and Access Management CE 22.2 OT IAM platform 22.2 will deliver primarily on the following themes: Leverages ServiceNow as the primary customer and partner support tool for cloud services related to OpenText Connect. A One-time Passcode (OTP) API enhancement enabling the customer to configure the number of wrong attempts prior to the … The post What’s new in OpenText Identity and Access Management appeared first on OpenText Blogs.

Access 116
article thumbnail

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

Security Affairs

This paper provides a taxonomic classification of non-state actors in the cyberspace, analyzing their role and impact on a state’s socioeconomic structure. Cyber Non-State Actors (CNSA) are key figures in our globalized world: their operations could have a significant impact on international affairs, politics, and on the economy, as much as states do.

Paper 125
article thumbnail

Strategies for Reskilling and Filling Cybersecurity Jobs

Data Breach Today

Infosys CISO Vishal Salvi on Mentoring, Online Training and Foundational Skills The gap between cybersecurity workforce demand and the number of skilled workers available to fill those jobs widened during the pandemic. So organizations need to take a multi-pronged approach to attract, reskill and retain employees, says Vishal Salvi, CISO and head of cyber practice at Infosys.