Sat.Sep 09, 2023 - Fri.Sep 15, 2023

article thumbnail

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. Over the decades, it’s grown in a way that has left it with many inherent vulnerabilities. These vulnerabilities, not borne out of malice, were the result of choices made with limited information available at the time.

Mining 290
article thumbnail

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold.

Passwords 310
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Big MGM Resorts Outage Traces to Ransomware, Researchers Say

Data Breach Today

Alphv/BlackCat Group Reportedly Hit Casino Operator via Social Engineering Attack Booking and reservation systems, as well as slot machines, hotel room door locks, ATMs and more remain offline at multiple MGM Resorts properties as the publicly traded casino hotel giant battles "a cybersecurity issue" that one group of security researchers has tied to a ransomware group attack.

article thumbnail

A New Records Strategy for the US Department of Defense

AIIM

Navy Petty Officer1st Class Rholanda Tucker, assigned to the "Blacklions" of Strike Fighter Squadron 213, conducts routine maintenance on a 20mm gun from an F/A-18F Super Hornet in the hangar bay of the aircraft carrier USS Gerald R. Ford in the Adriatic Sea, July 16, 2023. The Gerald R. Ford Carrier Strike Group is on a scheduled deployment in the U.S.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

The Last Watchdog

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life. Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks. I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd , a pioneer in the crowdsourced security market.

Security 228

More Trending

article thumbnail

DOD Cyber Strategy Aims to Disrupt Hackers, Deepen Ally Work

Data Breach Today

Defense Department Will Conduct Defensive Ops on Internal Network, Invest in People The Defense Department's updated cyber strategy calls for disrupting malicious actors and boosting the cyber capabilities of U.S. allies to take on Chinese threats to critical infrastructure. Defense officials also plan to conduct defensive operations to protect the department's information network.

311
311
article thumbnail

Okta Flaw Involved in MGM Resorts Breach, Attackers Claim

Dark Reading

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

article thumbnail

GUEST ESSAY: Robust data management can prevent theft, guard intellectual property

The Last Watchdog

In an era of global economic uncertainty, fraud levels tend to surge, bringing to light the critical issue of intellectual property (IP) theft. Related: Neutralizing insider threats This pervasive problem extends beyond traditional notions of fraud, encompassing both insider threats and external risks arising from partnerships, competitors, and poor IP management.

MDM 203
article thumbnail

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

Security Affairs

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercriminal community. The malware is not sophisticated, however, unlike other loaders, it has a modular structure that allows supporting code injection and execution.

Security 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

China Denies Banning Government Use of Apple iPhones

Data Breach Today

China Cites Apple Security Flaws in Warning to Foreign Mobile Device Manufacturers China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.

article thumbnail

On Robots Killing People

Schneier on Security

The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned—human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move things along. The one-ton robot continued to work silently, smashing into Williams’s head and instantly killing him.

article thumbnail

China-Linked Hackers Breached a Power Grid—Again

WIRED Threat Level

Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.

Security 145
article thumbnail

Rhysida Ransomware gang claims to have hacked three more US hospitals

Security Affairs

Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization. In early August, a cyberattack disrupted the computer systems of multiple hospitals operated by Prospect Medical Holdings , which are located in multiple states, including California, Tex

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Lessons to Learn From Clop's MOVEit Supply-Chain Attacks

Data Breach Today

Data Minimization and Encryption Mitigate Fallout, Says FS-ISAC's Teresa Walsh The Clop ransomware group's zero-day attack on MOVEit software was its fourth data theft campaign targeting secure file transfer users. Organizations can combat such attacks by using data minimization and encryption - among other defenses, says Teresa Walsh, global head of intelligence for FS-ISAC.

article thumbnail

Fake Signal and Telegram Apps in the Google Play Store

Schneier on Security

Google removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org.

IT 127
article thumbnail

'Scattered Spider' Behind MGM Cyberattack, Targets Casinos

Dark Reading

The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions.

article thumbnail

Akamai prevented the largest DDoS attack on a US financial company

Security Affairs

Akamai announced it has mitigated the largest distributed denial-of-service (DDoS) attack on a U.S. financial company. Cybersecurity firm Akamai successfully identified and prevented a massive distributed denial-of-service (DDoS) attack targeting an unnamed, leading American financial institution. The attack took place last week and the malicious traffic peaked at 633.7 gigabits per second.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Root Admin User: When Do Common Usernames Pose a Threat?

Data Breach Today

Honeypot Hits Reinforce Need for Strong Passwords and Multifactor Authentication Honeypot data collected by CISO Jesse La Grew highlights how attackers continue to target default usernames - including for SSH - together with weak passwords to gain brute force remote access to their targets. Here are essential username, password and remote service practices for combating such attacks.

Honeypots 317
article thumbnail

Zero-Click Exploit in iPhones

Schneier on Security

Make sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061 , allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachment

Security 127
article thumbnail

News Alert: Traceable AI report exposes true scale of API-related data breaches, top challenges

The Last Watchdog

San Francisco, Calif. — Traceable AI, the industry’s leading API security company, today released its comprehensive research report – the 2023 State of API Security: A Global Study on the Reality of API Risk. Despite APIs being critical to the modern enterprise, until now, there has not been an extensive, global study offering a panoramic view of the API security landscape.

article thumbnail

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Security Affairs

Evil Telegram: a Trojanized version of the Telegram app was spotted on the Google Play Store, Kaspersky researchers reported. Researchers from Kaspersky discovered several Telegram mods on the Google Play Store that contained spyware, the campaign was tracked as Evil Telegram. One of the apps was downloaded more than ten million times before it was removed from Google Play.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Journey to the Cloud: Navigating the Transformation - Part 1

Data Breach Today

Nikko Asset Management's Marcus Rameke Defines the Requirements In Part 1 of this three-part blog post, Nikko Asset Management's Marcus Rameke provides an introduction and defines the requirements for making the transformative journey to the cloud. Parts 2 and 3 will discuss more detailed aspects of making the shift to the cloud.

Cloud 289
article thumbnail

Cars Have Terrible Data Privacy

Schneier on Security

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed. There’s a lot of details in the report. They’re all bad. BoingBoing post.

article thumbnail

No Dice for MGM Las Vegas as It Battles Fallout from Ransomware Attack After a 10-minute Vishing Scam

KnowBe4

Four days later, $52 million in lost revenues and counting, a cyber attack on MGM Resorts International, a $14 billion Las Vegas gaming empire with Hollywood-famous hotel spreads like the Bellagio, Cosmopolitan, E xcalibur, Luxor, and the MGM Grand itself, had the house brought down by a perfect example of vishing …a 10-minute phone call.

article thumbnail

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

Security Affairs

CyberNews researchers discovered that many universities worldwide are leaking sensitive information and are even open to full takeover. Many universities worldwide, including some of the most prestigious, leave their webpages unpatched, leaking sensitive information, and even open to full takeovers, a Cybernews Research team investigation reveals. Among the 20 cases found, at least six websites belong to the top 100 universities list worldwide.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

EU Chief Announces Plans to Boost AI Development

Data Breach Today

EU Will Grant AI Startups Access to Supercomputers, Commission President Says The European Union will open up supercomputers to artificial intelligence startups in a bid to boost innovation inside the trading bloc, European Commission President Ursula von der Leyen said Wednesday. She said Europe has a "narrowing window of opportunity" to guide responsible innovation.

article thumbnail

AI Chatbots Are Invading Your Local Government—and Making Everyone Nervous

WIRED Threat Level

State and local governments in the US are scrambling to harness tools like ChatGPT to unburden their bureaucracies, rushing to write their own rules—and avoid generative AI's many pitfalls.

article thumbnail

Phishing Scammers are Using Artificial Intelligence To Create Perfect Emails

KnowBe4

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails.