Sat.Feb 18, 2023 - Fri.Feb 24, 2023

article thumbnail

New HardBit 2.0 Ransomware Tactics Target Insurance Coverage

Data Breach Today

Hackers Demand Info on Victim's Cyber Insurance Policy to Negotiate Ransom Demand The newly relaunched HardBit 2.0 ransomware group is now demanding victims disclose details of their cyber insurance coverage before negotiating a ransom demand. The group, which has been active since 2022, has demanded that one victim pay $10 million in ransom, according to researchers at Varonis.

Insurance 267
article thumbnail

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

The Last Watchdog

Well-placed malware can cause crippling losses – especially for small and mid-sized businesses. Related: Threat detection for SMBs improves Not only do cyberattacks cost SMBs money, but the damage to a brand’s reputation can also hurt growth and trigger the loss of current customers. One report showed ransomware attacks increased by 80 percent in 2022, with manufacturing being one of the most targeted industries.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Scammers Mimic ChatGPT to Steal Business Credentials

Dark Reading

Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.

IT 123
article thumbnail

DDoS Attacks Becoming More Potent, Shorter in Duration

Data Breach Today

US, India and East Asia Were Top Targets in 2022, Microsoft Report Says In a new report, tech giant Microsoft says distributed denial-of-service attacks became shorter in duration but more potent in 2022. The United States, India and East Asia were the top regions affected by DDoS attacks, and IoT devices continued to be the preferred mode of attack.

IoT 290
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cyberwar Lessons from the War in Ukraine

Schneier on Security

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “ The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.” Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others.

Paper 133

More Trending

article thumbnail

The IG Business Case is Like Playing with Table Stakes

Weissman's World

Oddly enough, the term “table stakes” applies to information governance (IG) as well as gambling because you’ll usually have but one chance to convince the other people at the table that IG makes good business sense and can’t readily add to your argument. Here’s 171 seconds more about this! The post The IG Business Case is Like Playing with Table Stakes appeared first on Holly Group.

article thumbnail

Crime Blotter: Hackers Fail to Honor Promises to Delete Data

Data Breach Today

Police Say Gang Extorted Millions From Victims Not Just by Stealing, But Lying Too Cybercrime experts have long urged victims to never pay a ransom in return for any promise an attacker makes to delete stolen data. That's because, as a recent case highlights, whatever extortionists might promise, stolen personal data is lucrative, and it often gets sold six ways from Sunday.

article thumbnail

Evasive cryptojacking malware targeting macOS found lurking in pirated applications

Jamf

Over the past few months Jamf Threat Labs has been following a family of malware that resurfaced and has been operating undetected, despite an earlier iteration being a known quantity to the security community. In this article, we’ll examine this malware and the glimpse it offers into the ongoing arms race between malware authors and security researchers as well as highlight the need for enhanced security on Apple devices to ensure their safe and effective use in production environments.

Security 145
article thumbnail

Putting Undetectable Backdoors in Machine Learning Models

Schneier on Security

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier.

Access 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover

Dark Reading

With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.

Access 136
article thumbnail

Breach Roundup: Activision, SAS, Dole, Atlassian, VGTRK

Data Breach Today

Incidents at Video Game Maker, Airline, Fruit Processor, SW and Broadcast Companies In this week's roundup of cybersecurity incidents happening around the world, ISMG looks at incidents affecting the maker of the video game Call of Duty, Scandinavian Airlines, renowned fruit and vegetable giant Dole, Australian software maker Atlassian, and Russian broadcast company VGTRK.

article thumbnail

Should You Click on Unsubscribe?

KnowBe4

Some common questions we get are “Should I click on an unwanted email’s ’Unsubscribe’ link? Will that lead to more or less unwanted email?

Phishing 133
article thumbnail

Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep ? ? ? ? ? ?

Troy Hunt

I found myself going down a previously unexplored rabbit hole recently, or more specifically, what I thought was "a" rabbit hole but in actual fact was an ever-expanding series of them that led me to what I refer to in the title of this post as "6 rabbits deep" It's a tale of firewalls, APIs and sifting through layers and layers of different services to sniff out the root cause of something that seemed very benign, but actually turned out to be highly impactful.

Metadata 133
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

87% of Container Images in Production Have Critical or High-Severity Vulnerabilities

Dark Reading

At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.

130
130
article thumbnail

Twitter to Charge for Second-Factor Authentication

Data Breach Today

Decision Sparks Concerns That Twitter Accounts Will Be Less Secure Twitter says it will turn off SMS second-factor authentication for all but paying customers starting March 20 in a decision provoking concerns that many customers will be less secure than before. Twitter says 2.6% of active Twitter accounts have activated second-factor authentication.

article thumbnail

A Device to Turn Traffic Lights Green

Schneier on Security

Here’s a story about a hacker who reprogrammed a device called “Flipper Zero” to mimic Opticom transmitters—to turn traffic lights in his path green. As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data (or transmit it, with the right firmware in approved regions) on the same wireless frequencies as keyfobs and other devices.

IT 25
article thumbnail

EDPB Adopts Three Sets of Guidelines in Final Form

Hunton Privacy

On February 24, 2023, following public consultation, the European Data Protection Board (EDPB) published the following three sets of adopted guidelines: Guidelines on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V GDPR (05/2021) ( final version ); Guidelines on certification as a tool for transfers (07/2022) ( final version ); and Guidelines on deceptive design patterns in social media platform interfaces (03/2022) ( final versio

GDPR 123
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Coinbase Attack Used Social Engineering

KnowBe4

Coinbase describes a targeted social engineering attack that led to the theft of some employee data. The attacker first sent smishing messages to several Coinbase employees, urging them to click a link and log in to their Coinbase work account. One employee fell for the attack, and the threat actor then attempted to use the victim’s account to gain access to Coinbase’s internal systems.

Access 119
article thumbnail

The Security Perks and Perils of OpenAI on Microsoft Bing

Data Breach Today

OpenAI on Bing Carries Code and Traffic Risks But Will Also Simplify Code Analysis Embedding OpenAI technology in Microsoft Bing will help both hackers and cyber defenders. The AI tool could make it easier for hackers to drive traffic to malicious sites, avoid search engine blocking and distribute malware, but it could also help security teams with code analysis and threat intel.

Security 208
article thumbnail

TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount

Dark Reading

Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security.

article thumbnail

Top 9 reasons to modernize

OpenText Information Management

How do your top reasons stack up? Nine strategic reasons to put modernization at the top of your list: Reason #1 – Improve total experience Customer experience and employee experience are inextricably linked – there is no one without the other. Modernizing legacy technology helps improve total experience, boosting employee and customer satisfaction, loyalty and … The post Top 9 reasons to modernize appeared first on OpenText Blogs.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

What Is a Good Survey Rating for Security and Compliance Training?

KnowBe4

We received great feedback from many of you after sharing data about completion percentages last month so much that we thought, “What other things can we share from our vast amount of training data?

article thumbnail

5 Lawsuits Filed in Ransomware Breach Affecting 3.3 Million

Data Breach Today

Proposed Class Actions Against Regal Medical Group Allege Negligence, Other Claims Five proposed class action lawsuits have been filed so far in the wake of a California medical group's Feb. 1 report of a ransomware attack last December affecting more than 3.3 million individuals. The incident is the largest health data breach reported to federal regulators so far this year.

article thumbnail

Tackling Software Supply Chain Issues With CNAPP

Dark Reading

The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain.

Marketing 111
article thumbnail

Red Team vs Blue Team vs Purple Team: Differences Explained

eSecurity Planet

Red, blue and purple teams simulate cyberattacks and incident responses to test an organization’s cybersecurity readiness. Blue teams defend an organization from attacks and simulate incident response teams by following company policies and using existing resources Red teams simulate or actually conduct pentesting and threat hunting attacks to test the effectiveness of an organization’s security — sometimes including physical security, social engineering, and other non-IT-related methods P

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Malware Report: The Number of Unique Phishing Emails in Q4 Rose by 36%

KnowBe4

With nearly 280 million phishing emails detected by just one vendor , and the increase in the number of unique emails, organizations have a lot to be worried about in 2023.

Phishing 114
article thumbnail

Why Is AT&T Cybersecurity Such a Good Acquisition Target?

Data Breach Today

Analysts Praised AT&T Cybersecurity for Bringing Threat Intel and MSS Together AT&T wants to unload its cyber assets just five years after doubling down on security through its $600 million purchase of threat intelligence vendor AlienVault. The Dallas-based carrier has been working with British banking firm Barclays to solicit bids for its cybersecurity business, Reuters said.

article thumbnail

CISA: Beware of DDoS, Web Defacements on Anniversary of Russian Invasion of Ukraine

Dark Reading

The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia.