Krebs on Security
NOVEMBER 6, 2023
Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity of “ Fearlless ,” the nickname chosen by the proprietor of the SWAT USA Drops service.
The Last Watchdog
NOVEMBER 6, 2023
QR code phishing attacks started landing in inboxes around the world about six months ago. Related: ‘BEC’ bilking on the rise These attacks prompt the target to scan a QR code and trick them into downloading malware or sharing sensitive information. In June, we started seeing these types of attacks amongst our customer base. Since June, there has been a fourfold increase in the search volume around keywords associated with these types of attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
NOVEMBER 6, 2023
Agency Details Accusations Against Idaho Firm in Unsealed Amended Complaint The Federal Trade Commission in an amended lawsuit complaint unsealed Friday details how Idaho-based data broker Kochava allegedly violated federal law by collecting and disclosing to third parties "enormous" amounts of geolocation and other sensitive information about consumers.
AIIM
NOVEMBER 7, 2023
In early October 2023, AIIM partnered with the AIIM Florida Chapter to host the AIIM Solutions Showcase & Strategy Summit in Tampa, Florida. This new event concept highlighted a local chapter and community while creating greater accessibility to AIIM's leadership and strategy. This terrific event was well attended and featured some great education.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Jamf
NOVEMBER 7, 2023
Jamf Threat Labs discovered a new later-stage malware variant from BlueNoroff that shares characteristics with their RustBucket campaign. Read this blog to learn more about this malware and view the indicators of compromise.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
NOVEMBER 10, 2023
Approximately 1.3 Million Maine Residents Affected in Sweeping Cyberattack Nearly the entire population of Maine has been affected in a global cyberattack the Russian ransomware gang Clop launched earlier this year that targeted Progress Software's popular MOVEit file transfer service. The state is just one of thousands of high-profile victims swept up in the attack.
Security Affairs
NOVEMBER 10, 2023
After ChatGPT, Anonymous Sudan took down the Cloudflare website with a distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. Cloudflare confirmed that a DDoS attack took down its website for a few minutes and ponited out that it did not impact other products or services. “ To be clear, there was no Cloudflare breach.
Troy Hunt
NOVEMBER 6, 2023
I like to think of investigating data breaches as a sort of scientific search for truth. You start out with a theory (a set of data coming from an alleged source), but you don't have a vested interested in whether the claim is true or not, rather you follow the evidence and see where it leads. Verification that supports the alleged source is usually quite straightforward , but disproving a claim can be a rather time consuming exercise, especially when a dataset contains fragments of truth m
The Last Watchdog
NOVEMBER 7, 2023
Boston, Mass., Nov. 7, 2023 — AppMap today announces its innovative Runtime Code Review solution that will transform software quality and the developer experience. AppMap’s mission is to deliver actionable insights to developers where they work, and AppMap continues to deliver on the promise with its latest release for the GitHub Marketplace. Unexpected runtime defects account for a staggering 40% of performance problems and 50% of security defects.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Data Breach Today
NOVEMBER 4, 2023
Threat Actor Used Session Hijacking Technique to Access Files of 134 Okta Customers Days after announcing a security compromise, cloud-based Identity and authentication management provider Okta said that an unknown threat actor accessed files of 134 customers by after an employee signed in to a personal Google profile on the Chrome browser of an Okta-managed laptop.
Security Affairs
NOVEMBER 6, 2023
Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure. Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “To use GRC, only a Gmail account is require
Data Matters
NOVEMBER 7, 2023
On October 30, 2023, President Joe Biden issued an executive order (EO or the Order) on Safe, Secure, and Trustworthy Artificial Intelligence (AI) to advance a coordinated, federal governmentwide approach toward the safe and responsible development of AI. It sets forth a wide range of federal regulatory principles and priorities, directs myriad federal agencies to promulgate standards and technical guidelines, and invokes statutory authority — the Defense Production Act — that has historically
WIRED Threat Level
NOVEMBER 7, 2023
The Government Surveillance Reform Act of 2023 pulls from past privacy bills to overhaul how police and the feds access Americans’ data and communications.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Breach Today
NOVEMBER 9, 2023
Digitally Manipulated Media Already Poses National Security and Privacy Concerns A panel of legal experts and technologists warned lawmakers that deepfake technologies were already causing security and privacy concerns across the country, particularly for women and minority communities, as research shows that current detection systems contain biases and high error rates.
Security Affairs
NOVEMBER 6, 2023
Taiwanese vendor QNAP warns of two critical command injection flaws in the QTS operating system and applications on its NAS devices. Taiwanese vendor QNAP Systems addressed two critical command injection vulnerabilities, tracked as CVE-2023-23368 and CVE-2023-23369 , that impact the QTS operating system and applications on its network-attached storage (NAS) devices.
The Last Watchdog
NOVEMBER 7, 2023
London, United Kingdom, Nov. 7, 2023 — Organisations have been laser focussed on protecting their own networks, applications, physical premises and people against cyber security attacks but have neglected their exposure to suppliers. Indeed, over the past 3 years, a staggering 73% of organisations have been affected by a third-party security breach.
Hunton Privacy
NOVEMBER 9, 2023
On October 30, 2023, the Federal Trade Commission announced that it is sending nearly $100 million in refunds to consumers who were harmed as a result of internet phone service provider Vonage’s alleged use of dark patterns and other obstacles that made it difficult for users to cancel their service. In its November 2022 complaint against Vonage, the FTC alleged that Vonage made its cancellation process more difficult to navigate than its enrollment process.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Data Breach Today
NOVEMBER 7, 2023
Success Hinges on Marrying Programmed Task and Information From Production Settings Rockwell's automation efforts have moved away from a purely programmed approach to one that combines programming and self-learning based on specified parameters. Rockwell trained autonomous vehicles using real-time learning and millions of images that capture optimal behavior by human drivers.
Security Affairs
NOVEMBER 7, 2023
Veeam addressed multiple vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform, including two critical issues. Veeam addressed four vulnerabilities (CVE-2023-38547, CVE-2023-38548, CVE-2023-38549, CVE-2023-41723) in the Veeam ONE IT infrastructure monitoring and analytics platform. The vulnerability CVE-2023-38547 (CVSS score 9.9) can be exploited by an unauthenticated attacker to gain information about the SQL server connection Veeam ONE uses to access its configu
WIRED Threat Level
NOVEMBER 7, 2023
A complaint filed with the EU’s independent data regulator accuses YouTube of failing to get explicit user permission for its ad blocker detection system, potentially violating the ePrivacy Directive.
Hunton Privacy
NOVEMBER 9, 2023
On November 8, 2023, the UK Information Commissioner’s Office (“ICO”) and the European Data Protection Supervisor (“EDPS”) announced they have signed a Memorandum of Understanding (“MOU”) intended to reinforce their “common mission to uphold individuals’ data protection and privacy rights, and cooperate internationally to achieve this goal”. The MOU sets out broad principles of collaboration between the ICO and EDPS and the legal framework governing the sharing of relevant information and intell
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Data Breach Today
NOVEMBER 10, 2023
Many Organizations Lack Resources to Develop Adequate SBOM Consumption Processes The U.S. Cybersecurity and Infrastructure Security Agency published guidance that offers best practices in developing consumption processes for software bills of materials, but experts told ISMG the document lacks technical specifics and warned that most organizations face SBOM resourcing issues.
Security Affairs
NOVEMBER 7, 2023
The iconic integrated resort Marina Bay Sands in Singapore has disclosed a data breach that impacted 665,000 customers. The Marina Bay Sands (MBS) luxury resort in Singapore has suffered a data breach that impacted 665,000 customers. Marina Bay Sands discovered the security breach on 20 October 2023, an unauthorized third party gained access to some of our customers’ loyalty programme membership data on 19 and 20 October 2023.
WIRED Threat Level
NOVEMBER 9, 2023
Experts are finding thousands of examples of AI-created content every week that could allow terrorist groups and other violent extremists to bypass automated detection systems.
Dark Reading
NOVEMBER 10, 2023
A class action suit claims Intel knowingly sold billions of faulty chips for years. The outcome could help define where poor vulnerability remediation becomes outright negligence.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Data Breach Today
NOVEMBER 10, 2023
Tri-City Medical Center Is Latest Regional Entity Facing Disruption to Patient Care A San Diego public hospital is diverting ambulances and patients to other facilities as it is dealing with a cyberattack this week. The medical center is the latest on a growing list of regional hospitals forced to suddenly shift patients to neighboring entities due to a cybersecurity crisis.
Security Affairs
NOVEMBER 9, 2023
On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. Cybercriminals are hardly a trustworthy bunch. Case in point: Dolly.com. The Cybernews research team believes that the platform suffered a ransomware attack and at least partially paid the ransom – but was duped. The attackers complained that the payment wasn’t generous enough and published the stolen data.
Schneier on Security
NOVEMBER 6, 2023
The Flipper Zero is an incredibly versatile hacking device. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. The capabilities generally required expensive SDRs—short for software-defined radios—that, unlike traditional hardware-defined radios, use firmware and processors to digitally re-create radio signal tran
Expert insights. Personalized for you.
260 
Let's personalize your content