Sat.Jul 29, 2023 - Fri.Aug 04, 2023

article thumbnail

Modern-Day Hacktivist Chaos: Who's Really Behind the Mask?

Data Breach Today

Russia Likely Continues to Run Fake Groups, Although Regional Players Also at Work How much of a risk do hacktivists pose? Hacktivism's heyday was arguably a decade ago. While activists do keep using chaotic online attacks to loudly promote their cause, they're tough to distinguish from fake operations run by governments, including Russia and Iran.

Risk 246
article thumbnail

Teach a Man to Phish and He’s Set for Life

Krebs on Security

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn , or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Phishing 212
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Burger King forgets to put a password on their systems, again

Security Affairs

The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. Original post @ [link] Burger King is a renowned US-based international fast food giant with a global presence of over 19 thousand restaurants and revenue of $1.8 billion. Recently, the Cybernews research team uncovered that Burger King in France exposed sensitive credentials to the public due to a misconfiguration on their website.

article thumbnail

Black Hat Fireside Chat: Easy come, easy go access strengthens ‘Identity Threat Detection & Response’

The Last Watchdog

The rise of the remote workforce, post Covid-19, did nothing to make the already difficult task of doing Identity and Access Management ( IAM ) any easier for CISOs. With Black Hat USA 2023 ramping up in Las Vegas next week, cybersecurity startup Trustle is championing a new product category—Identity Threat Detection & Response ( ITDR )—which aims to enhance the capabilities of legacy IAM solutions.

Access 189
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Ivanti Norway Hacks Began in April, Says US CISA

Data Breach Today

Mobile Device Management Are 'Attractive Targets,' Warns Joint Advisory With Norway A hacking campaign that exploited Ivanti mobile device manager to target the Norwegian government began in April and possible earlier, say cybersecurity agencies from the U.S. and Norway. Mobile device management systems are "attractive targets for threat actors," the alert warns.

More Trending

article thumbnail

How to Meet Phishing-Resistant MFA

Thales Cloud Protection & Licensing

How to Meet Phishing-Resistant MFA madhav Tue, 08/01/2023 - 05:18 Incorporating multi-factor authentication (MFA) as a fundamental security measure for your organization is now considered standard practice. It's a sensible decision to utilize MFA. The bigger question is, what type of MFA is best for your organization? The recent social engineering MFA bombing attacks (or push bombing as defined by CISA, the US Cyber Infrastructure Security Agency) have raised concerns about which MFA method busi

Phishing 118
article thumbnail

News Alert: Devo, Cybermindz partner to improve mental health of cybersecurity pros in the U.S.

The Last Watchdog

Cambridge, Mass. – Aug. 1, 2023 – Devo Technology , the cloud-native security analytics company, today announced its financial support for Cybermindz, a not-for-profit organization dedicated to improving the mental health and well-being of cybersecurity professionals. Founded in Australia just over one year ago, Cybermindz entered the U.S. in April to expand its global reach.

article thumbnail

Russian Hacking Group Shakes Up Its Infrastructure

Data Breach Today

'BlueCharlie' Favors a New Domain Registrar and URL Structure A Russia-linked hacking group is shifting its online infrastructure likely in response to public disclosures about its activity. Its ability to adapt to public reporting suggests it will persist with "operations for the foreseeable future" and continue to evolve its tactics, Recorded Future warned.

IT 246
article thumbnail

How To Improve the Software Performance of Angular Apps?

Enterprise Software Blog

Angular has become a very popular and widely adopted framework for developing modern web applications. This technology is both very powerful and feature rich. Everything that you need as a web developer comes out-of-the-box and Angular allows for easily configuring, maintaining and expanding any application built on top of the framework. And by now, you’ve probably already put together one or more Angular applications, but are they optimal?

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

eSecurity Planet

As cloud computing evolves, so has cloud security, and buyers in the market for cloud security solutions may find themselves facing a dizzying array of acronyms, like CNAPP, CWPP, CSPM, and CIEM. We’ll examine each of those cloud security technologies — along with CASB too — and their uses, and direct you to some of the top cloud security solutions.

Cloud 98
article thumbnail

News Alert: Normalyze extends its DSPM platform to hybrid cloud and on-prem environments

The Last Watchdog

San Francisco, Calif., Aug. 2, 2023 – Normalyze , a pioneer in cloud data security, today introduced new capabilities to protect data across hybrid cloud deployments and on-premises environments. With an extensive platform that already offers comprehensive data security posture management for data at rest and in motion across all IaaS, PaaS, SaaS data assets, Normalyze now provides IT and security teams with unprecedented visibility into data housedon-premises.

Cloud 189
article thumbnail

Study Downplays Cyber Insurance As Incentive to Pay Ransom

Data Breach Today

RUSI Study Finds 'No Smoking Gun' Suggesting Insureds Pay Extortion More Readily Fears that cyber insurance coverage drives companies into paying ransomware demands more easily than not appear unfounded, concludes a British think tank study that also suggests insurers should do more to enact corporate discipline. Cyber insurance has been dogged by accusations of moral hazard.

Insurance 246
article thumbnail

Hong Kong: Revised Breach Handling and Notifications Guidance published by the PCPD

Data Protection Report

As data breaches and cyber-attacks continue to surge and attackers become more sophisticated, a comprehensive data breach response plan and robust data security measures are becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD ) recently published a revised Guidance on Breach Handling and Data Breach Notifications (the Guidance ).

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

How to Find & Choose IT Outsourcing Services

eSecurity Planet

Even a robust IT or security department will find certain tasks or projects beyond their capabilities. In smaller companies, the issues become even more profound. But ignoring issues that you lack the time or expertise for can risk operational failure or security incidents. Most organizations seek to eliminate these risks by outsourcing specific projects or even their full IT or cybersecurity needs.

IT 98
article thumbnail

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

The Last Watchdog

Tel Aviv, Israel, Aug. 1, 2023 – Guardz , the cybersecurity company securing and insuring SMEs, today disclosed the existence of a Hidden Virtual Network Computing (hVNC) malware targeting macOS devices. The malware, which is available on the major Russian dark web forum Exploit, allows cybercriminals to gain and maintain persistent unauthorized access to a victim’s Mac computer without being detected, and demonstrates the concerning emergence of a growing number of macOS-focused Attack

Insurance 189
article thumbnail

Ivanti Says Second Zero-Day Used in Norway Government Breach

Data Breach Today

Exploitation No Longer Requires Admin Authentication When Chained With Earlier Flaw Threat actors who recently attacked a dozen Norwegian ministries by exploiting a zero-day vulnerability in Ivanti's endpoint management software appeared to have another zero-day flaw that tied to the overall attack exploit chain, Ivanti confirmed on Friday.

article thumbnail

Apple Users Open to Remote Control via Tricky macOS Malware

Dark Reading

The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots.

IT 98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

What are the security risks of AI?

Jamf

AI is the latest industry buzzword making the rounds. But beyond the hype lies a technology that aims to provide so many benefits – from agriculture to healthcare – a veritable “sky’s the limit” awaits us. As with all things technology, there are some steep downsides to AI in the form of security risks, but fret not as we cover the most critical ones while providing a silver lining in the form of strategies that may be used to minimize risk to further promote safe, ethical usage of AI-based mode

Risk 98
article thumbnail

News Alert: Nile raises $175 million in series C funding to deliver network-as-a-service (NaaS)

The Last Watchdog

San Jose, Calif. – Aug.1, 2023 – Nile the leader in next-generation enterprise networks, today announced a $175 million Series C investment round co-led by March Capital and Sanabil Investments, with strategic participation from solutions by stc, Prosperity7, and Liberty Global Ventures, and contribution from 8VC, Geodesic Capital, FirstU Capital, and Valor Equity Partners.

Cloud 186
article thumbnail

US Man Admits to $4.5B Bitfinex Hack, Money Laundering

Data Breach Today

'Crypto Couple' Ilya Lichenstein and Heather Morgan Plead Guilty Ilya "Dutch" Lichtenstein, 35, confessed in U.S. federal court to hacking billions of dollars from virtual currency exchange Bitfinex and laundering stolen funds with his 33-year-old wife, Heather Morgan. Lichtenstein pleaded guilty to conspiracy to commit money laundering.

246
246
article thumbnail

Best Cybersecurity and IT Outsourcing Options

eSecurity Planet

No one can be an expert at everything, and very few organizations can afford to hire experts in every facet of information technology (IT). Yet without a solid foundation of IT fundamentals, even the most capable cybersecurity tools and experts will be undermined. To ensure robust IT and security capabilities, most organizations turn to outsourcing to provide a wide variety of solutions to satisfy their even wider variety of outsourcing needs.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

SINGAPORE: Proposed Guidelines on Use of Personal Data in AI Systems

DLA Piper Privacy Matters

Authors: Carolyn Bigg , Lauren Hurcombe and Yue Lin Lee. On 18 July 2023, Singapore’s Personal Data Protection Commission (“ PDPC ”) issued for public consultation a set of proposed guidelines for the use of personal data in AI recommendation and decision systems (“ Proposed Guidelines ”). The public consultation is open until 31 August 2023. The Proposed Guidelines aim to clarify the application of the Singapore Personal Data Protection Act (“ PDPA ”) in the context of developing and depl

article thumbnail

GUEST ESSAY: Here’s why shopping for an EV feels very much like shopping for a new laptop

The Last Watchdog

Computer chips have been part of cars for a long time, but no one really cares about them until they stop working or they are late to the production line. Related: Rasing the bar of cyber safety for autos However, the research within IDTechEx’s “ Semiconductors for Autonomous and Electric Vehicles 2023-2033 ” report shows that trends within the automotive industry mean consumers will soon be caring far more about what chips are in their cars.

Marketing 130
article thumbnail

Ivanti Says Second Zero Day Used in Norway Govt Breach

Data Breach Today

Exploitation No Longer Requires Admin Authentication When Chained with Earlier Flaw Threat actors who recently attacked a dozen Norwegian ministries by exploiting a zero-day vulnerability in Ivanti's endpoint management software appeared to have another zero day flaw that tied to the overall attack exploit chain, Ivanti confirmed on Friday.

article thumbnail

Data governance: keeping the flames burning

Collibra

We all know data is the fuel that drives modern businesses and helps our organizations operate more efficiently. The better we use data, the more insights our data generates. The more insights we glean, the greater our competitive advantages and our capacity for faster, steadier growth. These are the primary reasons we start data governance programs: To make sure we’re managing data as a critical resource and generating maximum business value from it.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New AI Threats Emerge as FraudGPT Creator Unleashes DarkBERT and DarkBART

eSecurity Planet

New AI-powered cybercrime tools suggest that the capability of AI hacking tools may be evolving rapidly. The creator of FraudGPT, and potentially also WormGPT , is actively developing the next generation of cybercrime chatbots with much more advanced capabilities. Daniel Kelley, a reformed black hat hacker and researcher at cybersecurity firm SlashNext, posed as a potential buyer and contacted the individual – “CanadianKingpin12” – who’s been promoting FraudGPT.

article thumbnail

News Alert: Vaultree partners with Tableau to uniquely blend encryption, data visualization

The Last Watchdog

San Francisco and Cork, Ireland, Aug. 3, 2023 — Vaultree, a cybersecurity leader pioneering Fully Functional Data-In-Use Encryption (FFDUE), today announces a strategic integration with Tableau, a renowned platform for data visualization and business intelligence. This marks a monumental leap forward in secure financial and healthcare data analytics, enabling encrypted data to be safely analyzed and visualized for the first time, all while maintaining absolute data privacy and security.

article thumbnail

Russian Hackers Are Pretending to Be Microsoft Tech Support

Data Breach Today

Russian Foreign Intelligence Campaign Targets Around 40 Organizations Globally A Russian espionage group attacked multiple organizations to steal credentials using Microsoft Teams chats that appear to originate from technical support. Microsoft on Wednesday attributed the campaign to a threat actor originating in the Russian Foreign Intelligence Service.

246
246