Sat.Dec 10, 2022 - Fri.Dec 16, 2022

article thumbnail

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

article thumbnail

Irish Healthcare Ransomware Hack Cost Over 80 Million Euros

Data Breach Today

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Why ‘continuous pentesting’ is high among the trends set to accelerate in 2023

The Last Watchdog

There is much that can be gleaned from helping companies identify and manage their critical vulnerabilities 24X7. Related: The case for proactive pentests. Based on insights from our team of elite security researchers here at Bugcrowd, these are three trends gaining steam as 2022 comes to a close – trends that I expect to command much attention in 2023.

article thumbnail

3.5m IP cameras exposed, with US in the lead

Security Affairs

The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Original post at [link]. When you spy on your neighborhood or your cafe customers, do you wonder if someone is watching Big Brother – you, in this case?

Passwords 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Six Charged in Mass Takedown of DDoS-for-Hire Sites

Krebs on Security

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

More Trending

article thumbnail

MY TAKE: Poll shows consumers won’t patronize companies that fail to assure ‘digital trust’

The Last Watchdog

It’s all too easy to take for granted the amazing digital services we have at our fingertips today. Related: Will Matter 1.0 ignite the ‘Internet of Everything’ Yet, as 2022 ends, trust in digital services is a tenuous thing. A recent survey highlights the fact that company leaders now understand that digital trust isn’t nearly what it needs to be.

article thumbnail

Why Are People in the US Becoming Radicalized?

WIRED Threat Level

A confluence of factors is leading people in the nation to gravitate toward extremist views.

Security 145
article thumbnail

Microsoft Patch Tuesday, December 2022 Edition

Krebs on Security

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell , and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

article thumbnail

Rackspace Warns of Phishing Attempts Post Ransomware

Data Breach Today

Class Action Lawsuit Filed Against Rackspace for Negligence Hosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment. The Texas-based firm also is now facing a class action lawsuit.

Phishing 266
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

The Last Watchdog

The Internet of Everything ( IoE ) is on the near horizon. Related: Raising the bar for smart homes. Our reliance on artificially intelligent software is deepening, signaling an era, just ahead, of great leaps forward for humankind. We would not be at this juncture without corresponding advances on the hardware side of the house. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

article thumbnail

GoTrim botnet actively brute forces WordPress and OpenCart sites

Security Affairs

Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a new Go-based botnet, dubbed GoTrim, that has been spotted scanning and brute-forcing WordPress and OpenCart websites. The botnet was named GoTrim because it was written in Go and uses “:::trim::: ” to split data sent and received from the C2 server.

CMS 144
article thumbnail

ChatGPT: A Brave New World for Cybersecurity

eSecurity Planet

Released on November 30, ChatGPT has instantly become a viral online sensation. In a week, the app gained more than one million users. Unlike most other AI research projects, ChatGPT has captivated the interest of ordinary people who do not have PhDs in data science. They can type in queries and get human-like responses. The answers are often succinct.

article thumbnail

Royal Ransomware Hitting Healthcare Targets and Dumping Data

Data Breach Today

Tongue-in-Cheek Ransom Note Claims 'Modest Royalty' for 'Pentesting Services' Attackers wielding Royal ransomware have been hitting crypto-locking healthcare targets, the U.S. Department of Health and Human Services warns, saying that in each known case, attackers "claimed to have published 100% of the data that was allegedly extracted from the victim.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

[EYE OPENER] How ChatGPT Can Be Used For Social Engineering

KnowBe4

ChatGPT could give Google a serious run for its money. We are not quite there yet, but the capabilities are rapidly improving. Just have a look at the command I gave it. In 5 seconds the copy rolled out.

IT 138
article thumbnail

Lockbit ransomware gang hacked California Department of Finance

Security Affairs

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. On December 12, the California Department of Finance confirmed the security incident with a statement. “The California Cybersecurity Integration Center (Cal-CSIC) is actively resp

article thumbnail

Apple Is Finally Encrypting iCloud Backups

Schneier on Security

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, cont

article thumbnail

Combating Ransomware Attacks: Which Strategies Hold Promise?

Data Breach Today

Defenders have made strides in disrupting ransomware, but assessing the effectiveness of countermeasures is tough due to a scarcity of information, says cybersecurity veteran Jen Ellis. "We know what the tip of the iceberg looks like, but we don't know what percentage of that iceberg we can see.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

A New Lawsuit Accuses Meta of Inflaming Civil War in Ethiopia

WIRED Threat Level

The suit claims the company lacks adequate moderation to prevent widespread hate speech that has led to violence and death.

Security 134
article thumbnail

Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway

Security Affairs

Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware of a small number of targeted attacks in the wild using this vulnerability.” reads a blog post published

article thumbnail

NSA Slices Up 5G Mobile Security Risks

Dark Reading

The feds' mobile service provider guidance details cybersecurity threat vectors associated with 5G network slicing.

Risk 134
article thumbnail

Proofpoint to Buy Deception Firm Illusive, Boost Offerings

Data Breach Today

Ashan Willy's First Deal as CEO Gets Proofpoint Into the Identity, Deception Spaces Ashan Willy has made his first deal as Proofpoint's CEO, scooping up an identity startup established by Check Point's former cloud and document security leader. The purchase of Illusive will allow Proofpoint to add identity risk discovery and remediation and post-breach defense to its platform.

Cloud 208
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Look Out For Scammers This Holiday Season on Social Media

KnowBe4

You know how some gifts are insanely sought after each year, selling out in mere minutes? Well, these are great tools for scammers, especially on social media.

128
128
article thumbnail

Experts detailed a previously undetected VMware ESXi backdoor

Security Affairs

A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted a previously undocumented Python backdoor targeting VMware ESXi servers. The researchers discovered the backdoor in October 2022, experts pointed out the implant is notable for its simplicity, persistence and capabilities.

Passwords 143
article thumbnail

Uber Breached, Again, After Attackers Compromise Third-Party Cloud

Dark Reading

Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.

Cloud 133
article thumbnail

Australian Telecom Firm Leaks Data of 130,000 customers

Data Breach Today

'We're Sorry it Occurred, and We Know We Have Let You Down,' Telstra CFO Says Australian telecommunications provider Telstra apologized for accidentally publishing names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company apologized for the error and blamed a "misalignment of databases.

IT 189
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Obligatory ChatGPT Post

Schneier on Security

Seems like absolutely everyone everywhere is playing with Chat GPT. So I did, too… Write an essay in the style of Bruce Schneier on how ChatGPT will affect cybersecurity. As with any new technology, the development and deployment of ChatGPT is likely to have a significant impact on the field of cybersecurity. In many ways, ChatGPT and other AI technologies hold great promise for improving the ability of organizations and individuals to defend against cyber threats.

article thumbnail

VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest

Security Affairs

VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition. A working exploit for the CVE-2022-31705 vulnerability was demonstrated by Ant Security researcher Yuhao Jiang during the Geekpwn, a hacking contest run by the Tencent Keen

article thumbnail

Patch Tuesday Fixes Actively Exploited MOTW Vulnerability

eSecurity Planet

Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698 , that’s being actively exploited. Regarding that flaw, Microsoft observed, “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, whi

Risk 124