Krebs on Security

DECEMBER 19, 2023

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con

Ransomware 280

Ransomware Encryption IT Access 280

Data Breach Today

DECEMBER 18, 2023

Cyber Group Dubbed Predatory Sparrow Takes Responsibility for Widespread Attack A group known as Predatory Sparrow claimed responsibility for a Monday cyberattack that shut down a majority of gas stations across Iran as officials blamed the attack on foreign powers. The group has previously taken credit for a number of attacks targeting Iran's fuel supply and rail system.

327

327

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf. This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge.

IoT 264

IoT Cloud Authentication Manufacturing 264

AIIM

DECEMBER 21, 2023

As organizations have settled into the business of the business, one thing seems clear: the new workplace is much different than the one we were used to. Remote work and virtual teams are now a prevalent way of working, with on-site employees often the exception rather than the rule. Now that work-from-home has proven to be a viable alternative, C-Suite executives and business owners are less likely to invest in the resources, infrastructure, and space needed for all of their workers to return t

163

163

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

eSecurity Planet

DECEMBER 19, 2023

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends. We each need to consider how these trends may affect our organizations and allocate our budgets and resources accordingly: AI will turbo-charge cybersecurity and cyberthreats: Artificial intelligence (AI

Cybersecurity 140

Cybersecurity Cloud Ransomware Risk 140

Security Affairs

DECEMBER 22, 2023

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. The company refused to pay the ransom and the ransomware gang threatened to leak the alleged stolen documents, including project data, clients’ and partners’ info, and NDAs. “We’ve obtained 100 GB of data of N

Ransomware 142

Ransomware Data breaches Financial Services Archiving 142

WIRED Threat Level

DECEMBER 18, 2023

On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.

Security 129

Security 129

The Last Watchdog

DECEMBER 18, 2023

Rehovot, Israel Dec. 18, 2023 – Salvador Technologies , the pioneering cyber-attack recovery platform provider for critical infrastructures and industrial organizations, today announced that it has secured $6m in funding. Salvador Technologies’ investment round was led by Pico Venture Partners with participation from existing investors, such as Pitango VC and Sarona Partners , who continue to play an essential role in shaping the company.

Artificial Intelligence 100

Artificial Intelligence Manufacturing Insurance Marketing 100

Data Breach Today

DECEMBER 19, 2023

Ransomware Group Declares Nothing Off Limits Outside of CIS Countries The BlackCat ransomware as service operation's putative "unseizing" of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The stung was a "tactical error" that could alienate affiliates.

Ransomware 315

Ransomware Security IT 315

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

DECEMBER 18, 2023

An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider Westpole disrupted multiple services of local and government organizations and municipalities. A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. The incident impacted a Westpole’s customer company named PA Digitale which offers its services to various local and government organizations that rely on its platform

Ransomware 144

Ransomware Cloud Government Privacy 144

Schneier on Security

DECEMBER 22, 2023

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.

121

121

Hunton Privacy

DECEMBER 18, 2023

As we previously reported , the U.S. Securities and Exchange Commission’s (“SEC”) new Form 8-K rules for reporting material cybersecurity incidents take effect today, December 18, for filers other than smaller reporting companies. The new rules require reporting to the SEC within four business days from the determination of materiality. Incident response will potentially become more complicated as the incremental burdens of timely compliance with the new Form 8-K requirements add additional comp

Cybersecurity 121

Cybersecurity Risk Compliance Security 121

Data Breach Today

DECEMBER 22, 2023

Attackers Masquerade as Hotels to Steal Clients' Payment Card Data, Experts Warn Scammers are stealing hotels' log-in credentials for online travel site Booking.com and targeting their customers, experts warn. In many cases, attackers use Booking's own messaging system to contact customers and request their payment card data, they say.

298

298

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

DECEMBER 17, 2023

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems. MongoDB is a US company that developed the popular open-source NoSQL database management system. The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information.

Metadata 139

Metadata Data breaches Phishing Passwords 139

Hanzo Learning Center

DECEMBER 19, 2023

In 2023, the legal landscape has been significantly shaped by two key trends: the rapid evolution of Artificial Intelligence (AI) and the advancements in ediscovery. These developments have not only transformed legal processes but also presented new challenges and opportunities for legal professionals. As we delve into this first part of our series, we examine the top blogs that have been at the forefront of these trends.

Artificial Intelligence 119

Artificial Intelligence 119

Schneier on Security

DECEMBER 18, 2023

More unconstrained surveillance : Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila Jayapal (D-Wash.), and Rep. Sara Jacobs (D-Calif.)—said their investigation pulled information from briefings with eight big prescription drug suppliers.

Government 118

Government IT Privacy 118

Data Breach Today

DECEMBER 22, 2023

Arion Kurtaj Was a Member of Lapsus$ Group That Also Hacked Nvidia and Revolut British prosecutors have sentenced a teenager behind high-profile hacks while he was part of the now-inactive Lapsus$ hacking group. Arion Kurtaj, from Oxford, will remain in medical care after doctors declared he was unfit to stand for trial owing to severe autism.

298

298

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

DECEMBER 17, 2023

A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets. Threat actors pushed a malicious version of the “ @ledgerhq/connect-kit ” npm module developed by crypto hardware wallet maker Ledger, leading to the theft of more than $600,000 in virtual assets. Once the attack was discovered, the Crypto hardware wallet maker Ledger published a new version (version 1.1.8) of its npm module.

Phishing 140

Phishing Libraries Authentication Access 140

eSecurity Planet

DECEMBER 20, 2023

Attack surface management (ASM) is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation (BAS) and applies them to an organization’s entire IT environment, from networks to the cloud. That makes ASM’s ambitions much greater than legacy vulnerability management tools.

Cloud 113

Cloud Risk Security Compliance 113

Schneier on Security

DECEMBER 19, 2023

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI.

Privacy 115

Privacy GDPR Risk Government 115

Data Breach Today

DECEMBER 19, 2023

Okta Says Acquisition Will Expand Its Ability to Detect High-Risk Accounts Okta finalized an agreement to acquire Spera Security, saying the purchase will expand its ability to track risky accounts and access misconfigurations. Spera, a Tel Aviv startup, touts itself as a tool for giving security teams "real-time visibility into their entire identity surface.

Security 296

Security Risk Access IT 296

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. So, how do you protect against them? Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Sales 133

Sales Ransomware Passwords Communications 133

OpenText Information Management

DECEMBER 22, 2023

Remaining at the forefront of the ever-evolving innovation curve is imperative for ensuring the financial vitality of any organization. Despite this urgency, numerous treasury management departments rely on outdated data and manual processes, oblivious to the extensive ramifications of such practices. In a previous blog, I looked at the cost and resource savings companies can … The post Treasury Management: The true cost of manual processes and outdated data appeared first on OpenText Blog

113

113

eSecurity Planet

DECEMBER 19, 2023

Infrastructure as a service security is a concept that assures the safety of organizations’ data, applications, and networks in the cloud. Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as shedding light on the security benefits of IaaS, you can better secure your cloud security infrastructure.

Security 113

Security Cloud Encryption Authentication 113

Data Breach Today

DECEMBER 21, 2023

Also: $3M NFT Trader Theft; Binance's CTFC Settlement This week, Ledger looked to reimburse hack victims, NFT Trader suffered a $3 million theft, the U.S. DOJ announced the first criminal case involving a DeFi smart contract, a court approved Binance's settlement with the U.S. CFTC and a Nigerian court sentenced a pig -butchering scammer.

288

288

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will roll out over the coming days/weeks.

Libraries 139

Libraries Access IT Information Security 139

KnowBe4

DECEMBER 20, 2023

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its’ victims for everything of value they have on their computer.

IT 118

IT Phishing 118

eSecurity Planet

DECEMBER 18, 2023

The impending holidays don’t mean a break from cybersecurity threats. This week’s news includes open-source software vulnerabilities, endangered data, and continued attacks from state-sponsored Russian threat groups. Google’s Dataproc security issues could be exploited not just through the analytics engine but through Google Compute Engine, too.

Analytics 113

Analytics Cybersecurity Authentication Access 113