Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Sales 363

Sales Energy and Utilities Communications Data breaches 363

Data Breach Today

DECEMBER 13, 2022

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.

Ransomware 338

Ransomware Personal data Government Access 338

The Last Watchdog

DECEMBER 14, 2022

There is much that can be gleaned from helping companies identify and manage their critical vulnerabilities 24X7. Related: The case for proactive pentests. Based on insights from our team of elite security researchers here at Bugcrowd, these are three trends gaining steam as 2022 comes to a close – trends that I expect to command much attention in 2023.

Compliance 229

Compliance Cybersecurity Risk Security 229

eSecurity Planet

DECEMBER 15, 2022

Released on November 30, ChatGPT has instantly become a viral online sensation. In a week, the app gained more than one million users. Unlike most other AI research projects, ChatGPT has captivated the interest of ordinary people who do not have PhDs in data science. They can type in queries and get human-like responses. The answers are often succinct.

Cybersecurity 145

Cybersecurity Phishing Data science Blockchain 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

DECEMBER 14, 2022

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

Computer and Electronics 320

Computer and Electronics Education IT Risk 320

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. Related: Raising the bar for smart homes. Our reliance on artificially intelligent software is deepening, signaling an era, just ahead, of great leaps forward for humankind. We would not be at this juncture without corresponding advances on the hardware side of the house. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Energy and Utilities 189

Energy and Utilities IoT Artificial Intelligence Cloud 189

Security Affairs

DECEMBER 14, 2022

Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a new Go-based botnet, dubbed GoTrim, that has been spotted scanning and brute-forcing WordPress and OpenCart websites. The botnet was named GoTrim because it was written in Go and uses “:::trim::: ” to split data sent and received from the C2 server.

CMS 142

CMS Encryption Risk Passwords 142

Krebs on Security

DECEMBER 14, 2022

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell , and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

Ransomware 203

Ransomware Security Authentication Access 203

Data Breach Today

DECEMBER 12, 2022

Ashan Willy's First Deal as CEO Gets Proofpoint Into the Identity, Deception Spaces Ashan Willy has made his first deal as Proofpoint's CEO, scooping up an identity startup established by Check Point's former cloud and document security leader. The purchase of Illusive will allow Proofpoint to add identity risk discovery and remediation and post-breach defense to its platform.

Cloud 208

Cloud Risk Security IT 208

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

eSecurity Planet

DECEMBER 14, 2022

Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698 , that’s being actively exploited. Regarding that flaw, Microsoft observed, “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, whi

Risk 130

Risk Authentication Ransomware Security 130

Security Affairs

DECEMBER 13, 2022

A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted a previously undocumented Python backdoor targeting VMware ESXi servers. The researchers discovered the backdoor in October 2022, experts pointed out the implant is notable for its simplicity, persistence and capabilities.

Passwords 141

Passwords IT Access Security 141

Schneier on Security

DECEMBER 12, 2022

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, cont

Encryption 129

Encryption Access IT Cloud 129

Data Breach Today

DECEMBER 10, 2022

Class Action Lawsuit Filed Against Rackspace for Negligence Hosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment. The Texas-based firm also is now facing a class action lawsuit.

Phishing 233

Phishing Ransomware Risk IT 233

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

KnowBe4

DECEMBER 10, 2022

ChatGPT could give Google a serious run for its money. We are not quite there yet, but the capabilities are rapidly improving. Just have a look at the command I gave it. In 5 seconds the copy rolled out.

IT 132

IT 132

Security Affairs

DECEMBER 13, 2022

Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware of a small number of targeted attacks in the wild using this vulnerability.” reads a blog post published

Authentication 141

Authentication Cybersecurity Security Access 141

Dark Reading

DECEMBER 13, 2022

Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.

Cloud 133

Cloud IT 133

Data Breach Today

DECEMBER 14, 2022

Defenders have made strides in disrupting ransomware, but assessing the effectiveness of countermeasures is tough due to a scarcity of information, says cybersecurity veteran Jen Ellis. "We know what the tip of the iceberg looks like, but we don't know what percentage of that iceberg we can see.

Ransomware 228

Ransomware Cybersecurity 228

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

IT Governance

DECEMBER 15, 2022

Intersport recently fell victim to a ransomware attack during what should have been the busiest time of the year. The incident occurred in late November, with the sports retail giant gearing up for Black Friday and the start of the World Cup. However, a malware intrusion froze cash registers across its French stores, leaving customers unable to make purchases or use loyalty cards and gift vouchers.

Ransomware 119

Ransomware Personal data Retail Risk 119

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. On December 12, the California Department of Finance confirmed the security incident with a statement. “The California Cybersecurity Integration Center (Cal-CSIC) is actively resp

Ransomware 142

Ransomware Military Cybersecurity Security 142

IBM Big Data Hub

DECEMBER 16, 2022

Over the last week, millions of people around the world have interacted with OpenAI’s ChatGPT, which represents a significant advance for generative artificial intelligence (AI) and the foundation models that underpin many of these use cases. It’s a fitting way to end what has been another big year for the industry. We’re at an exciting inflection point for AI.

Government 112

Government Artificial Intelligence Metadata Data collection 112

Data Breach Today

DECEMBER 12, 2022

Tongue-in-Cheek Ransom Note Claims 'Modest Royalty' for 'Pentesting Services' Attackers wielding Royal ransomware have been hitting crypto-locking healthcare targets, the U.S. Department of Health and Human Services warns, saying that in each known case, attackers "claimed to have published 100% of the data that was allegedly extracted from the victim.

Ransomware 217

Ransomware 217

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Dark Reading

DECEMBER 14, 2022

An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors.

Encryption 110

Encryption Ransomware IT 110

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Original post at [link]. When you spy on your neighborhood or your cafe customers, do you wonder if someone is watching Big Brother – you, in this case?

Passwords 145

Passwords Manufacturing Authentication Government 145

eSecurity Planet

DECEMBER 12, 2022

Team82 researchers have disclosed an attack technique that bypasses industry-leading web application firewalls (WAFs) by appending JSON syntax to SQL injection payloads. “An attacker able to bypass the traffic scanning and blocking capabilities of WAFs often has a direct line to sensitive business and customer information,” vulnerability researcher Noam Moshe wrote in a blog post detailing the threat. “Such bypasses, thankfully, have been infrequent, and one-offs targeting a pa

IoT 109

IoT Cloud Security Access 109

Data Breach Today

DECEMBER 11, 2022

'We're Sorry it Occurred, and We Know We Have Let You Down,' Telstra CFO Says Australian telecommunications provider Telstra apologized for accidentally publishing names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company apologized for the error and blamed a "misalignment of databases.

IT 189

IT 189

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Hunton Privacy

DECEMBER 16, 2022

On December 7, 2022, the Federal Trade Commission released an updated Mobile Health App Interactive Tool to help developers determine what federal laws and regulations apply to apps that collect and process health data. The updated version of the tool, which revises the initial release in 2016, aims to assist developers of mobile apps that will access, collect, share, use or maintain information related to an individual consumer’s health, such as information related to diagnosis, treatment, fitn

Compliance 108

Compliance Insurance Privacy Access 108

Security Affairs

DECEMBER 13, 2022

VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition. A working exploit for the CVE-2022-31705 vulnerability was demonstrated by Ant Security researcher Yuhao Jiang during the Geekpwn, a hacking contest run by the Tencent Keen

Authentication 136

Authentication Access Security IT 136

Dark Reading

DECEMBER 14, 2022

The feds' mobile service provider guidance details cybersecurity threat vectors associated with 5G network slicing.

Risk 134

Risk Security Cybersecurity 134