Sat.Apr 15, 2023 - Fri.Apr 21, 2023

article thumbnail

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Passwords 274
article thumbnail

Nearly One-Half of IT Pros are Told to Keep Quiet About Security Breaches

KnowBe4

At a time when cyber attacks are achieving success in varying degrees and IT pros are keeping quiet about resulting breaches, there is one specific type of attack that has them most worried.

IT 97
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

5 Cybersecurity Pillars Where 85% of Companies Are Lagging

Data Breach Today

Only 15% of Global Orgs Rank as 'Mature' on Cisco’s Cybersecurity Readiness Index Cisco's Cybersecurity Readiness Index shows a mere 15% of global organizations rank as mature across five security pillars.

article thumbnail

Refurbished Routers Contain Sensitive Corporate Data

Data Breach Today

Eset Finds Customer Info, VPN Credentials & Authentication Keys on Used Routers Sanitize IT gear before decommissioning is well-trod cybersecurity advice made to corporations everywhere and yet many persist in disposing of equipment still laden with sensitive data. Cybersecurity firm Eset says it found a wealth of corporate data on secondhand routers.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022

Dark Reading

Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.

More Trending

article thumbnail

RSAC Fireside Chat: Cybersixgill crawls the Dark Web to uncover earliest signs of companies at risk

The Last Watchdog

Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web. Related: In pursuit of a security culture It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.

Risk 235
article thumbnail

North Korean Hackers Chained Supply Chain Hacks to Reach 3CX

Data Breach Today

Mandiant Concludes 3CX Hack Was Result of Earlier Hack on Trading Software Maker North Korean hackers' software supply chain attack on desktop phone developer 3CX was the fruit of a separate and previously undisclosed supply chain attack on a financial trading software maker, is the conclusion of the Mandiant forensics team brought in to investigate.

288
288
article thumbnail

BlueNoroff APT group targets macOS with ‘RustBucket’ Malware

Jamf

Learn about the macOS malware variant discovered by Jamf Threat Labs named 'RustBucket' What it does, how it works to compromise macOS devices, where it comes from and what administrators can do to protect their Apple fleet.

IT 145
article thumbnail

The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’

WIRED Threat Level

The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.

Security 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

The Last Watchdog

No organization is immune to cybersecurity threats. Even the most well-protected companies can be susceptible to attacks if they are not careful about a proactive approach towards cyber security. Related: Why timely training is a must-have That’s why businesses of all sizes need to understand the biggest cybersecurity weaknesses and take steps to mitigate them.

Risk 218
article thumbnail

LockBit Ransomware Tests Taking a Bite Out of Apple Users

Data Breach Today

Don't Panic: Apparent macOS Beta Testing Is Highly Buggy, Poses No Immediate Threat Apple users: Don't fear newly discovered samples of LockBit ransomware designed to target newer macOS devices. Researchers say the still-in-development code, tied to no known in-the-wild attacks, contains numerous errors, leaving it unable to execute.

article thumbnail

'GhostToken' Opens Google Accounts to Permanent Infection

Dark Reading

A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.

Cloud 144
article thumbnail

Threat advisory: Mobile spyware continues to evolve

Jamf

Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.

144
144
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

RSAC Fireside Chat: How timely intel from the cyber underground improves counter measures

The Last Watchdog

Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks. Related: Ukraine hit by amplified DDoS This was the case during World War II in The Battle of Midway and at the Battle of the Bulge and it holds true today in the Dark Web. The cyber underground has become a highly dynamic combat zone in which cyber criminals use engrained mechanisms to shroud communications.

article thumbnail

Emerging Security Concerns About Generative AI in Healthcare

Data Breach Today

Generative AI tools such as ChatGPT will undoubtedly change the way clinicians and healthcare cybersecurity professionals work, but the use of these technologies come with security, privacy and legal concerns, says Lee Kim of the Healthcare Information Management and Systems Society.

Security 277
article thumbnail

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

On April 13, 2023, the Indiana Senate concurred to the Indiana House’s amendments of Senate Bill 5 (“SB 5”) a day after the House returned the bill to the Senate with amendments, and a couple days after the Indiana House unanimously voted to approve SB 5. SB 5 now will head to Governor Eric Holcomb for a final signature, where he will have seven days upon transmission to sign SB 5 into law or veto it.

Privacy 132
article thumbnail

What Is Data Minimisation? Definition & Examples

IT Governance

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation? Data minimisation requires organisations to process personal data only if it serves a specific purpose, and to retain it for only as long as it’s needed to meet that purpose.

GDPR 132
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help

The Last Watchdog

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely. Related: CMMC mandates best security practices Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

article thumbnail

WhatsApp, Signal Preview UK Exit Over Threat to Encryption

Data Breach Today

UK's Online Safety Bill Criticized for Infringing on Private Communications Major internet chat platforms are urging the United Kingdom government to reconsider a bill intended to decrease exposure to online harms but which opponents say would open the door to massive government surveillance. Proponents say online platforms should have a duty of care to protect users.

article thumbnail

Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines

KnowBe4

New data shows that cybercriminals started this year off with a massive effort using new techniques and increased levels of attack sophistication.

Phishing 131
article thumbnail

Recycled Core Routers Exposed Sensitive Corporate Network Info

Dark Reading

Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.

128
128
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

The Last Watchdog

Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge. Related: The fallacy of ‘security-as-a-cost-center’ Multitudes of security flaws quite naturally turn up – and threat actors have become adept at systematically discovering and exploiting these fresh vulnerabilities.

Security 201
article thumbnail

Ukraine Facing Phishing Attacks, Information Operations

Data Breach Today

Russia's Invasion Tactics Include Creating Fake Hacktivist Groups, Researchers Find The Russian government continues to use an array of phishing attacks and information operations - including hack-and-leak efforts and running hacktivist groups such as CyberArmyofRussia - to support its illegal invasion of Ukraine, Google researchers report.

Phishing 273
article thumbnail

Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached

IT Governance

The fallout from Capita’s so-called “cyber incident” last month has been slow and damning. After weeks of insisting that criminal hackers had merely disrupted internal systems, the outsourcing giant has confirmed this week that the damage was more than just an ‘incident’. It was, in fact, ransomware. Capita is one of the largest public-sector service providers in the UK, with £6.5 billion in contracts managing systems such as the BBC licence fee and the London congestion charge.

article thumbnail

Researchers Discover First Ever Major Ransomware Targeting macOS

Dark Reading

In targeting Apple users, LockBit is going where no major ransomware gang has gone before. But it's a warning shot, and Mac users need not worry yet.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

RSAC Fireside Chat: Extending ‘shift left’ to achieve SSCS — ‘software supply chain security’

The Last Watchdog

One of the nascent security disciplines already getting a lot of buzz as RSA Conference 2023 gets ready to open next week at San Francisco’s Moscone Center is “software supply chain security,” or SSCS. Related: How SBOMs instill accountability Interestingly, you could make the argument that SSCS runs counter-intuitive to the much-discussed “ shift left ” movement.

Security 200
article thumbnail

Akamai to Buy Startup Neosec for API Detection and Response

Data Breach Today

Proposed Neosec Deal Will Help Akamai Customers Discover APIs and Assess Their Risk Akamai Technologies has agreed to purchase a finalist in last year's RSA Conference Innovation Sandbox Contest to get more visibility into the API threat landscape. Silicon Valley-based Neosec will help customers discover all their APIs, assess their risk and respond to vulnerabilities and attacks.

Risk 245
article thumbnail

Yeah, That’s Why BuzzFeed News Failed.

John Battelle's Searchblog

I’ll see if, in a few minutes, I can get at least the outlines of a rant out. I’ve got to get to an appointment in half an hour, but I just saw today’s Dealbook newsletter , which focuses on the demise of BuzzFeed News. “Why BuzzFeed News folded” it promises, then goes on to willfully fail to answer the question – in much the same fashion every other story has noted the latest catastrophe in what used to be called “the news business” these days.

ROT 124