Data Breach Today
AUGUST 23, 2022
Texas Hospital Still Being Pressured, While French Hospital Responds to Ransomware A Texas-based hospital is apparently still contending with pressure to pay an extortion group that claims to have stolen patient data months ago, while a French medical center responds to a weekend attack and demands to pay a $10 million ransom.
Dark Reading
AUGUST 24, 2022
An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
AUGUST 24, 2022
Takeaway: Behind-the-Scenes Security Reality at Well-Known Brands Not Always Pretty Cybersecurity experts have been reacting to industry veteran Peiter Zatko's allegations of poor information security practices at Twitter, with many noting that he's hardly the first expert to have been hired to remedy serious problems, only to say they were prevented from doing their job.
The Last Watchdog
AUGUST 25, 2022
APIs have come to embody the yin and yang of our digital lives. Related: Biden moves to protect water facilities. Without application programming interface, all the cool digital services we take for granted would not be possible. But it’s also true that the way software developers and companies have deployed APIs has contributed greatly to the exponential expansion of the cyber-attack surface.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Security Affairs
AUGUST 25, 2022
Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted the supply chain attack against SolarWinds, which involved multiple families of impla
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
AUGUST 23, 2022
Accenture's Robert Boyce Advises Firms to Update Monitoring and Approval Processes Accenture analyzed the top 20 most active ransomware leak sites to see how threat actors are posting sensitive corporate information and making the data easy to search and exploit. Accenture's Robert Boyce explains how cybercriminals are weaponizing stolen ransomware data for follow-up attacks.
The Last Watchdog
AUGUST 22, 2022
Short-handed cybersecurity teams face a daunting challenge. Related: ‘ASM’ is cybersecurity’s new centerpiece. In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives. In short, attack surface management has become the main tent pole of cybersecurity.
Security Affairs
AUGUST 25, 2022
Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. “Two weeks ago, we detected some unusual activity within portions of the LastPass development env
WIRED Threat Level
AUGUST 20, 2022
Plus: The Twilio hack snags a reporter, a new tool to check for spyware, and the Canadian weed pipeline gets hit by a cyberattack.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Data Breach Today
AUGUST 26, 2022
Security Experts Continue to Recommend Password Managers As Security Best Practice Password manager stalwart LastPass acknowledged Thursday that a threat actor gained unauthorized access to its source code and proprietary technical information. The attacker does not appear to have gained access to customer data or encrypted password vaults.
Schneier on Security
AUGUST 25, 2022
Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user.
Security Affairs
AUGUST 24, 2022
Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server.
WIRED Threat Level
AUGUST 22, 2022
As a graduation prank, four high school students hijacked 500 screens across six school buildings to troll their classmates and teachers.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Data Breach Today
AUGUST 23, 2022
Agency Tells Federal Government to Patch Misconfiguration by Sept. 12 Attackers could take advantage of a misconfiguration in Palo Alto firewalls to launch amplification DDoS attacks, a vulnerability that led the U.S. Cybersecurity and Infrastructure Security Agency added the vulnerability its catalog of actively exploited vulnerabilities.
Schneier on Security
AUGUST 22, 2022
This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […].
Security Affairs
AUGUST 24, 2022
The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords.
WIRED Threat Level
AUGUST 25, 2022
An Ohio judge ruled that such surveillance to prevent cheating could form a slippery slope to more illegal searches.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Data Breach Today
AUGUST 26, 2022
Reward for White Hats Valid till Sept. 8 for Merge-related Vulnerabilities Ethereum is offering up to $1 million bounty to white hat hackers who identify merge-related critical vulnerabilities on its blockchain. The four-fold increase in reward will be applicable between Wednesday and Sept. 8. The merge is set to be completed by Sept.
KnowBe4
AUGUST 25, 2022
If you've been approached by recruiters on LinkedIn for a potential job opportunity, you may want to pay attention to this recent scam.
Security Affairs
AUGUST 25, 2022
GAIROSCOPE: An Israeli researcher demonstrated how to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. The popular researcher Mordechai Guri from the Ben-Gurion University of the Negev in Israel devise an attack technique, named GAIROSCOPE , to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes.
WIRED Threat Level
AUGUST 23, 2022
Peiter “Mudge” Zatko’s claims about the company’s lax security are all bad. But one clearly captures the extent of systemic issues.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Data Breach Today
AUGUST 25, 2022
Retailer Accused of Selling Customer Data While Failing to Honor Opt-Out Requests Retailer Sephora has been fined $1.2 million as part of a settlement agreement with California's attorney general, over accusations that it violated the California Consumer Privacy Act by failing to disclose that it was selling customers' data and not honoring their opt-out requests.
KnowBe4
AUGUST 25, 2022
Companies heavily reliant on operational technology (OT) to function are just as much a target as businesses relying in traditional IT and are facing some of the same challenges to stop attacks.
Security Affairs
AUGUST 23, 2022
Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched.
WIRED Threat Level
AUGUST 24, 2022
Without robust federal protections, the country's widespread mass surveillance systems could be used against citizens like never before.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
AUGUST 26, 2022
In many healthcare entities, the amount of data that is being generated and retained continues to grow - and that mounting trove of legacy data is often never disposed, expanding the surface for cyberattacks and other compromises, says Matthew Bernstein of consulting firm Bernstein Data.
Threatpost
AUGUST 25, 2022
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Security Affairs
AUGUST 21, 2022
A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. Grandoreiro is a modular backdoor that supports the following capabilities: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific websites Command execution Manipulating windows Guiding
Expert insights. Personalized for you.
328 
Let's personalize your content