Data Breach Today
OCTOBER 31, 2022
Apps Masquerade as Google Security Plug-In and Document Viewer North Korean state hacking group Kimsuky is developing Android malware targeted at South Korean users by disguising the apps as legitimate apps including a Google security plug-in and a document viewer. Seoul-based cybersecurity company S2W dubs the apps FastFire, FastSpy and FastViewer.
The Last Watchdog
OCTOBER 31, 2022
Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience. Related: Taking a risk-assessment approach to vulnerabilities. Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
KnowBe4
NOVEMBER 1, 2022
Michael Kan at PCMag had the scoop: A hacker is already circulating one phishing email, warning users they'll need to submit some personal information to keep the blue verified checkmark for free.
WIRED Threat Level
NOVEMBER 2, 2022
Underwater cables keep the internet online. When they congregate in one place, things get tricky.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
IG Guru
NOVEMBER 2, 2022
Check the post here.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Krebs on Security
OCTOBER 31, 2022
A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.
Security Affairs
OCTOBER 29, 2022
The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate.
Schneier on Security
NOVEMBER 1, 2022
It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summari
Data Breach Today
NOVEMBER 4, 2022
Services from Boeing Subsidiary Jeppesen Affected By Ongoing Incident Distribution of airspace safety notices are affected by a cyber incident at Boeing subsidiary Jeppesen, the nature of which the company won't disclose. "At this time we have no reason to believe that this incident poses a threat to aircraft or flight safety," a company spokesperson said.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Krebs on Security
NOVEMBER 4, 2022
Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation offering, which allows users to publicly confirm that they can reply to emails at the domain of their stated current employer.
Security Affairs
NOVEMBER 3, 2022
Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 (CVSS score of 8.8), that impacts the Identity Services Engine (ISE).
eSecurity Planet
NOVEMBER 4, 2022
A pair of recent $100 million funding rounds show that venture capital is still flowing into cybersecurity startups despite economic headwinds and rising interest rates. Versa Networks announced a funding round for $120 million last week, while Apiiro followed this week with a $100 million funding round. The two are addressing major issues like sprawling cloud and software supply chain risks, showing that good companies addressing real needs are having little trouble finding investors.
Data Breach Today
NOVEMBER 3, 2022
Cloud Company Says User Accounts Were Not Breached, Just GitHub Code Repositories DropBox is the latest company to have employees fall for phishing emails tricking them into supplying login credentials and a one time password to threat actors. Hackers got away with copies of 130 code repositories. The company says it's speeding up an internal transition to Web Authentication.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Krebs on Security
NOVEMBER 3, 2022
A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki , a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes , including data breaches, payment fraud, operating botnets, and calling in bomb threats.
Security Affairs
NOVEMBER 1, 2022
The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential to the development of our societies, by placing people at the heart of decision-making.
eSecurity Planet
NOVEMBER 3, 2022
Distributed denial of service (DDoS) attacks seek to cripple a corporate resource such as applications, web sites, servers, and routers, which can quickly lead to steep losses for victims. However, DDoS attackers sometimes even target the specific computers (or routers) of unwary people – often to harass video gamers, for example. Fortunately, many DDoS attacks can be prevented through advanced preparation.
Data Breach Today
OCTOBER 31, 2022
North Carolina Organization Also Facing Pending Privacy Lawsuit Related to Pixel A second healthcare entity is self-reporting its use of Facebook Pixel in web patient portals as a data breach to federal regulators. North Carolina-based WakeMed Health and Hospitals told federal regulators it disclosed to the social media giant patient information of half a million individuals.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Troy Hunt
NOVEMBER 3, 2022
I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging from all the usual stuff (namely trawling through masses of data breaches) to all new stuff, in particular expanding and enhancing the public API. The API is actually pretty simple: plug in an email address, get a result, and that's a very clearly documented process.
Security Affairs
OCTOBER 30, 2022
According to the Daily Mail, Former British Prime Minister Liz Truss ‘s personal phone was hacked by Russian spies. The personal mobile phone of British Prime Minister Liz Truss was hacked by cyber spies suspected of working for the Kremlin, the Daily Mail reported. According to the British tabloid, the cyber-spies are believed to have gained access to top-secret exchanges with key international partners as well as private conversations with his friend, the British Conservative Party polit
Schneier on Security
NOVEMBER 4, 2022
The NSA (together with CISA) has published a long report on supply-chain security: “ Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. “: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment.
Data Breach Today
NOVEMBER 4, 2022
Company Settles Shareholder Lawsuit for $26M SolarWinds, maker of network management software famously hacked by the Russian government, may be the subject of an investigation by the U.S. Securities and Exchange Commission after staff made a preliminary determination in its favor. The company says it will contest the staff recommendation.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Dark Reading
NOVEMBER 4, 2022
The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says.
Security Affairs
NOVEMBER 1, 2022
ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise , the vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data.
Schneier on Security
OCTOBER 31, 2022
People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica : In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about.
Data Breach Today
NOVEMBER 3, 2022
Kremez Excelled at Unraveling Cybercrime Tactics, Including Ransomware Groups Tributes are being paid to Vitali Kremez, who has died at the age of 36 in a suspected scuba-diving accident. The renowned threat intelligence expert, born in Belarus, had long tracked Russian cybercrime syndicates and was part of an ad hoc group established to counter ransomware and help victims.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Hunton Privacy
NOVEMBER 1, 2022
On October 18, 2022, the European Commission published a report , titled Information Frictions and Public Policies: Approaching the Regulation and Supervision of Decentralized Finance (“DeFi”) (the “Report”). The Report discusses the need to adapt existing policy frameworks to account for the change brought about by DeFi to the underlying information structure upon which financial services are provided.
Security Affairs
NOVEMBER 4, 2022
I’m proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape. This is the 10 th edition of the annual report and analyzes events that took place between July 2021 and July 2022.
Dark Reading
NOVEMBER 1, 2022
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.
Expert insights. Personalized for you.
301 
Let's personalize your content