Sat.Jun 24, 2023 - Fri.Jun 30, 2023

article thumbnail

Millions of GitHub Repositories Vulnerable to Repo Jacking

Data Breach Today

Google, Lyft Among Vulnerable Repositories, Aqua Researchers Say Millions of GitHub repositories are vulnerable to a repository renaming flaw that that could enable supply chain attacks, a new report by security firm Aqua said. They found 36,983 GitHub repositories vulnerable to repo jacking attacks including Google and Lyft.

Security 257
article thumbnail

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

News Alert: Swissbit introduces small-capacity memory for IIoT, smart city applications

The Last Watchdog

Westford, Mass., June 27, 2023 – The industry is vying for ever-increasing gigabyte capacities. And yet there are countless applications that only require a fraction of this storage space. Typical applications include green IIoT technologies like charging stations, smart meters, and PV inverters, for which only a small amount of memory is required to run boot software or to communicate with cloud applications.

IoT 184
article thumbnail

Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier

Dark Reading

The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.

IT 134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

50 US Agencies Using Unsecured Devices, Violating Policy

Data Breach Today

Researchers Say Routers, Access Points, Firewalls, VPNs Could Expose Federal Data Security researchers at Censys found hundreds of federally owned devices at 50 different agencies exposed to the internet, accessible through IPv4 addresses and loaded with potentially vulnerable MOVEit and Barracuda Networks' ESG software. The vulnerabilities violate new CISA policy, the firm said.

Access 289

More Trending

article thumbnail

GUEST ESSAY: Dialing in generative AI to truly relieve and assist cybersecurity professionals

The Last Watchdog

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats. Related: A call to regulate facial recognition Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

article thumbnail

7 Types of Penetration Testing: Guide to Pentest Methods & Types

eSecurity Planet

Penetration tests are vital components of vulnerability management programs. In these tests, white hat hackers try to find and exploit vulnerabilities in your systems to help you stay one step ahead of cyberattackers. Because these tests can use illegal hacker techniques, pentest services will sign a contract detailing their roles, goals, and responsibilities.

Cloud 125
article thumbnail

Army Alert on Free Smartwatches: Don't Sport These Wearables

Data Breach Today

Malware-Infected Watches Are the New USB Thumb Drive for Social Engineers Are unsolicited smartwatches the new USB thumb drive? The U.S. Army warns that service members are being sent free wearables preloaded with malware designed to steal data from mobile devices as well as intercept voice communications and hijack cameras.

article thumbnail

Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics

Dark Reading

Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.

Security 123
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

FIRESIDE CHAT: Outrageous phone bills stun businesses targeted for ‘SMS toll fraud’

The Last Watchdog

SMS toll fraud is spiking. I learned all about the nuances of deploying – and defending – these insidious attacks in a recent visit with Arkose Labs CEO, Kevin Gosschalk , who explained how the perpetrators victimize businesses that use text messages to validate phone users signing up for a new account. Related: Countering Putin’s weaponizing of ransomware The fraudsters set themselves up as “affiliates” of phone companies in Indonesia, Thailand and Vietnam and then use bots to apply for o

article thumbnail

SEC Delays Enactment of Cyber Rules Related to Investment Adviser and Public Companies to October 2023, Updates Timeline to April 2024 for Recently Proposed Cybersecurity Rules

Data Matters

On June 13, 2023, the Office of Management and Budget released its Spring 2023 Unified Agenda of Regulatory and Deregulatory Actions , which includes updates on Securities and Exchange Commission (“SEC”) proposed rules. The SEC pushed back its estimate for the final action date to October 2023 for its proposed cybersecurity rules related to public companies, as well as for its investment advisers and funds proposal.

article thumbnail

New Ransomware Actor 8Base Rivals LockBit in Extortion

Data Breach Today

Group Listed Nearly 40 Victims on its Dark Web Leak Site So Far This Month New entrant ransomware group 8Base is fast becoming a "big player" in the underground market with nearly 40 victims in June - second only to the notorious LockBit ransomware gang. The group's top targets include business services, finance, manufacturing and IT industries.

article thumbnail

Preventing Cyberattacks on Schools Starts With K–12 Cybersecurity Education

Dark Reading

By investing in a strong future cybersecurity workforce, we can prevent future attacks on US critical infrastructure before they occur.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

News Alert: NetWitness announces supports for AWS AppFabric, improves SaaS apps security

The Last Watchdog

San Francisco, Calif., June 29, 2023 — NetWitness , a globally trusted provider of threat detection, investigation, and response technology and incident response services, today announced it is now integrated with AWS AppFabric , a new service from Amazon Web Services (AWS) that quickly connects software as a service (SaaS) applications for better productivity and security.

Security 100
article thumbnail

Come With Me on a Spin Through the Hellscape of AI-Generated News Sites

John Battelle's Searchblog

Welcome to the hellscape of “Made for Advertising” sites This past Monday NewsGuard , a journalism rating platform that also analyzes and identifies AI-driven misinformation, announced it had identified hundreds of junk news sites powered by generative AI. The focus of NewsGuard’s release was how major brands were funding these spam sites through the indifference of programmatic advertising, but what I found interesting was how low that number was – 250 or so sites.

IT 111
article thumbnail

Taiwan Semiconductor Denies LockBit's $70M Hack Claim

Data Breach Today

Third-Party Supplier Hacked; TSMC Says Leak Only Affected Initial Setup Files The world's top chip manufacturer has dismissed the LockBit 3.0 ransomware gang's hack claim and $70 million ransom. TSMC said the data leak took place at a third-party supplier and contains only certain initial configuration files. It said customer information and operations were not affected.

article thumbnail

Redacting Documents with a Black Sharpie Doesn’t Work

Schneier on Security

We have learned this lesson again : As part of the FTC v. Microsoft hearing , Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks like someone redacted the documents with a black Sharpie ­ but when you scan them in, it’s easy to see some of the redactions.

IT 110
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

News Alert: Jscrambler launches free tool for new PCI DSS anti-skimming requirements

The Last Watchdog

Porto, Portugal, June 27 th 2023– Jscrambler , a leading solution for JavaScript protection and real-time webpage monitoring, today announces the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0).

article thumbnail

Enterprise SIEMs Miss 76 Percent of MITRE ATT&CK Techniques

eSecurity Planet

Security information and event management (SIEM) systems only have detections for 24 percent of the 196 techniques in MITRE ATT&CK v13, according to a new report. “This implies that adversaries can execute around 150 different techniques that will be undetected by the SIEM,” says the CardinalOps report. “Or stated another way, SIEMs are only covering around 50 techniques out of all the techniques that can potentially be used by adversaries.” The Third Annual Report on

Metadata 109
article thumbnail

Irish Government Accused of Trying to Muzzle Privacy Critics

Data Breach Today

New Bill Set to Penalize Disclosure of Data Protection Commission's Reprimands Irish Parliament has proposed changes to a new bill that would make it a criminal offense to disclose privacy reprimands issued by the Data Protection Commission. Civil rights groups are accusing the government of shielding the country's privacy regulator from criticism.

Privacy 228
article thumbnail

China's 'Volt Typhoon' APT Turns to Zoho ManageEngine for Fresh Cyberattacks

Dark Reading

A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve than previously known, targeting a critical exploit and wiping logs to cover their tracks.

IT 109
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New Alert: Quantexa, Carahsoft partner to modernize investigative services for federal agencies

The Last Watchdog

New York and Reston, Virg., June 27, 2023 — Quantexa , a global leader in Decision Intelligence (DI) solutions for the public and private sectors, and Carahsoft Technology Corp , The Trusted Government IT Solutions Provider ® , today announced a partnership. Under the agreement, Carahsoft will serve as Quantexa’s Master Government Aggregator ® , making the company’s Decision Intelligence platform available to U.S.

Big data 100
article thumbnail

Half of EDR Tools, Organizations Vulnerable to Clop Ransomware: Researchers

eSecurity Planet

Nearly half of EDR tools and organizations are vulnerable to Clop ransomware gang tactics, according to tests by a cybersecurity company. Cymulate ran 3,107 assessments across 340 organizations recently to see if security controls were adequate against the Clop (sometimes called “Cl0p” with a zero) ransomware group’s exploitation of a MOVEit software vulnerability ( CVE-2023-34362 ).

article thumbnail

Feds, Medtronic Warn of Flaw in Cardiac Device Data Tool

Data Breach Today

Denial of Service Attack, Remote Code Execution Could Affect Medtronic's Paceart Optima System Federal regulators have issued a warning about a vulnerability in medical device maker Medtronic's Paceart Optima System which, if exploited, could lead to a denial-of-service or remote code execution affecting the system's cardiac device data.

253
253
article thumbnail

Trojanized Super Mario Installer Goes After Gamer Data

Dark Reading

A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.

Security 107
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Phone-Tracking App LetMeSpy Says It Has Been Hacked

IT Governance

Cyber criminals have stolen text messages, call logs and location data from the popular phone monitoring app LetMeSpy. It’s a cruel twist of fate for the software provider, whose product enables customers to monitor other people’s phone activity. The technology is advertised to parents for keeping an eye on their children and to employers for monitoring their staff.

IT 99
article thumbnail

The Night 17 Million Precious Military Records Went Up in Smoke

WIRED Threat Level

Fifty years ago, a fire ripped through the National Personnel Records Center. It set off a massive project to save crucial pieces of American history—including, I hoped, my grandfather’s.

Military 100
article thumbnail

Clop's MOVEit Campaign Affects Over 15 Million Individuals

Data Breach Today

Only 7% of Approximately 140 Affected Organizations Have Shared Count of Victims More victims of the Clop ransomware group's supply chain attack against popular file transfer software MOVEit continue to come to light. Security experts say about 140 organizations now appear to have been affected, comprising over 15 million individuals.