Data Breach Today
JUNE 25, 2023
Google, Lyft Among Vulnerable Repositories, Aqua Researchers Say Millions of GitHub repositories are vulnerable to a repository renaming flaw that that could enable supply chain attacks, a new report by security firm Aqua said. They found 36,983 GitHub repositories vulnerable to repo jacking attacks including Google and Lyft.
Krebs on Security
JUNE 29, 2023
Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
JUNE 30, 2023
Iran-linked Charming Kitten group used an updated version of the PowerShell backdoor called POWERSTAR in a spear-phishing campaign. Security firm Volexity observed the Iran-linked Charming Kitten (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) group using an updated version of the PowerShell backdoor POWERSTAR in a spear-phishing campaign.
WIRED Threat Level
JUNE 27, 2023
Fifty years ago, a fire ripped through the National Personnel Records Center. It set off a massive project to save crucial pieces of American history—including, I hoped, my grandfather’s.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Data Breach Today
JUNE 28, 2023
Researchers Say Routers, Access Points, Firewalls, VPNs Could Expose Federal Data Security researchers at Censys found hundreds of federally owned devices at 50 different agencies exposed to the internet, accessible through IPv4 addresses and loaded with potentially vulnerable MOVEit and Barracuda Networks' ESG software. The vulnerabilities violate new CISA policy, the firm said.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
JUNE 29, 2023
Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software. Threat actors can exploit the vulnerability to bypass authentication and gain admin privileges.
The Last Watchdog
JUNE 27, 2023
Westford, Mass., June 27, 2023 – The industry is vying for ever-increasing gigabyte capacities. And yet there are countless applications that only require a fraction of this storage space. Typical applications include green IIoT technologies like charging stations, smart meters, and PV inverters, for which only a small amount of memory is required to run boot software or to communicate with cloud applications.
Data Breach Today
JUNE 30, 2023
Third-Party Supplier Hacked; TSMC Says Leak Only Affected Initial Setup Files The world's top chip manufacturer has dismissed the LockBit 3.0 ransomware gang's hack claim and $70 million ransom. TSMC said the data leak took place at a third-party supplier and contains only certain initial configuration files. It said customer information and operations were not affected.
WIRED Threat Level
JUNE 30, 2023
Plus: Microsoft fixes 78 vulnerabilities, VMWare plugs a flaw already used in attacks, and more critical updates from June.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Security Affairs
JUNE 29, 2023
The former head of network security at Group-IB has been arrested in Kazakhstan based on a request from U.S. law enforcement. Nikita Kislitsin who worked as the head of network security at Group-IB, as well as its Russian-based spinoff company (known as F.A.C.C.T.), has been arrested in Kazahstan based on a request from the U.S. law enforcement. Prior to that, the CEO of Group-IB, Ilya Sachkov, was arrested by law enforcement back in September 2021 and currently remains in prison.
The Last Watchdog
JUNE 26, 2023
As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats. Related: A call to regulate facial recognition Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.
Data Breach Today
JUNE 26, 2023
Malware-Infected Watches Are the New USB Thumb Drive for Social Engineers Are unsolicited smartwatches the new USB thumb drive? The U.S. Army warns that service members are being sent free wearables preloaded with malware designed to steal data from mobile devices as well as intercept voice communications and hijack cameras.
WIRED Threat Level
JUNE 25, 2023
Make sure your chats are kept as private as you want them to be.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
JUNE 29, 2023
A critical authentication bypass flaw in miniOrange’s WordPress Social Login and Register plugin, can allow gaining access to any account on a site. Wordfence researchers discovered an authentication bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin , that can allow an unauthenticated attacker to gain access to any account on a site by knowing the associated email address.
Dark Reading
JUNE 30, 2023
The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.
Data Breach Today
JUNE 29, 2023
Group Listed Nearly 40 Victims on its Dark Web Leak Site So Far This Month New entrant ransomware group 8Base is fast becoming a "big player" in the underground market with nearly 40 victims in June - second only to the notorious LockBit ransomware gang. The group's top targets include business services, finance, manufacturing and IT industries.
WIRED Threat Level
JUNE 28, 2023
Scammers use a booking technicality, traveler confusion, and promises of dirt-cheap tickets to offer hot deals that are anything but.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JUNE 29, 2023
North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The Andariel APT (aka Stonefly) has been active since at least 2015, it was involved in several attacks attributed to the North Korean government.
Dark Reading
JUNE 27, 2023
By investing in a strong future cybersecurity workforce, we can prevent future attacks on US critical infrastructure before they occur.
Data Breach Today
JUNE 29, 2023
Denial of Service Attack, Remote Code Execution Could Affect Medtronic's Paceart Optima System Federal regulators have issued a warning about a vulnerability in medical device maker Medtronic's Paceart Optima System which, if exploited, could lead to a denial-of-service or remote code execution affecting the system's cardiac device data.
WIRED Threat Level
JUNE 26, 2023
With a poor track record on tech regulation, do lawmakers stand a chance?
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Security Affairs
JUNE 29, 2023
Android app LetMeSpy disclosed a security breach, sensitive data associated with thousands of Android users were exposed. The phone monitoring app LetMeSpy disclosed a security breach, threat actors have stolen sensitive data associated with thousands of Android users, including messages, locations, call logs, e-mail addresses, and telephone numbers.
eSecurity Planet
JUNE 28, 2023
Penetration tests are vital components of vulnerability management programs. In these tests, white hat hackers try to find and exploit vulnerabilities in your systems to help you stay one step ahead of cyberattackers. Because these tests can use illegal hacker techniques, pentest services will sign a contract detailing their roles, goals, and responsibilities.
Data Breach Today
JUNE 29, 2023
Only 7% of Approximately 140 Affected Organizations Have Shared Count of Victims More victims of the Clop ransomware group's supply chain attack against popular file transfer software MOVEit continue to come to light. Security experts say about 140 organizations now appear to have been affected, comprising over 15 million individuals.
WIRED Threat Level
JUNE 24, 2023
Plus: Discord has a child predator problem, fears rise of China spying from Cuba, and hackers try to blackmail Reddit.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JUNE 28, 2023
Electromagnetic fault injection (EMFI) attacks on drones can potentially allow attackers to achieve arbitrary code execution and take over them. While the use of drones continues to grow, researchers from IOActive analyzed how to develop fault injection attacks against hardened Unmanned Aerial Vehicles (UAVs). The experts focused on achieving code execution on a commercially available drone, supporting significant security features (i.e. the use of signed and encrypted firmware, Trusted Executio
Dark Reading
JUNE 27, 2023
Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.
Data Breach Today
JUNE 27, 2023
Buying Document Verification Startup Berbix Will Make Socure Faster, More Accurate Socure has purchased a document verification startup founded by former members of Airbnb's Trust and Safety Team for $70 million to better detect fake identities. The deal will help Socure optimize the digital capturing and back-end processing of driver's licenses and passports at faster speeds.
Expert insights. Personalized for you.
262 
Let's personalize your content