Sat.May 27, 2023 - Fri.Jun 02, 2023

article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.

article thumbnail

Gouda Hacker: Charges Tie to Ransomware Hit Affecting Cheese

Data Breach Today

Mikhail Matveev Indictment Shows Police Tracking Top Alleged Ransomware Affiliates How many hackers can claim to have caused a national cheese shortage, not least in the Gouda-loving Netherlands? Enter Mikhail Matveev, a Russian national who's been indicted for wielding not one but three strains of ransomware, in what experts say is a needed focus on ransomware affiliates.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AI Voice-Based Scams Rise as One-Third of Victims Can’t Tell if the Voice is Real or Not

KnowBe4

As audio deepfake technology continues to go mainstream as part of the evolution in AI-based tools, new data shows there are plenty of victims and they aren’t prepared for such an attack.

article thumbnail

Salesforce 'Ghost Sites' Expose Sensitive Corporate Data

Dark Reading

Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them.

Cloud 96
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Dental Health Insurer Hack Affects Nearly 9 Million

Data Breach Today

More than 100 Agencies, Health Entities Impacted by Data Breach Discovered in March An insurance provider that services many state Medicaid agencies and the Children's Health Insurance Program told regulators that hackers compromised the personal and protected health information of nearly 9 million patients in an incident discovered in March.

Insurance 223

More Trending

article thumbnail

RSAC Fireside Chat: Reinforcing ‘Identity and Access Management’ to expose ‘shadow access’

The Last Watchdog

The world of Identity and Access Management ( IAM ) is rapidly evolving. Related: Stopping IAM threats IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge. At the RSAC Conference 2023 , I sat down with Venkat Raghavan , founder and CEO of start-up Stack Identity.

Access 214
article thumbnail

Pending Updates to Regulations of Archives in Colombia

AIIM

This article was written by AIIM Florida Chapter Board Member Alvaro Arias Cruz , District Director of Archives of Bogotá. It was originally published in the AIIM Florida Chapter Newsletter in April 2023. Learn more about the AIIM Florida Chapter at [link]. Colombia has one of the most robust and comprehensive archives laws in the Latin American region, identified as the General Archives Law (Law 594 of 2000).

Archiving 145
article thumbnail

Invoice and CEO Scams Dominate Fraud Impacting Businesses

Data Breach Today

UK Financial Services Firms Record $1.5 Billion in Losses Last Year Due to Fraud Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.

article thumbnail

Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers

Dark Reading

The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

On the Catastrophic Risk of AI

Schneier on Security

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC : “Artificial intelligence could lead to extinction, experts warn.”

Risk 132
article thumbnail

How Generative AI Will Remake Cybersecurity

eSecurity Planet

In March, Microsoft announced its Security Copilot service. The software giant built the technology on cutting-edge generative AI – such as large language models (LLMs) – that power applications like ChatGPT. In a blog post , Microsoft boasted that the Security Copilot was the “first security product to enable defenders to move at the speed and scale of AI.

article thumbnail

Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data

Data Breach Today

Mandiant Said TTPs of Threat Group Behind Exploiting MOVEit Appear Similar to FIN11 Adversaries have taken advantage of a zero-day vulnerability in Progress Software's managed file transfer product to deploy web shells and steal data, Mandiant found. An unknown threat actor began exploiting the critical SQL injection vulnerability in MOVEit Transfer on May 27.

278
278
article thumbnail

'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting

Dark Reading

A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.

135
135
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

AI’s “Oppenheimer Moment” Is B t.

John Battelle's Searchblog

Well that was something. Yesterday the Center for AI Safety, which didn’t exist last year, released a powerful 22-word statement that sent the world’s journalists into a predictable paroxysm of hand-wringing: “Mitigating the risk of extinction from A.I. should be a global priority alongside other societal-scale risks, such as pandemics and nuclear war.

Risk 122
article thumbnail

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor

WIRED Threat Level

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

Security 119
article thumbnail

Ring Settles FTC Allegations of Poor Cybersecurity, Privacy

Data Breach Today

Amazon-Owned Ring Will Pay $5.8 Million to Settle FTC Investigation Amazon agreed to pay $5.8 million to settle a Federal Trade Commission investigation into allegedly poor cybersecurity practices by its Ring home surveillance device subsidiary. The company is also poised to come under two decades' worth of outside reviews of a mandated data and security program.

article thumbnail

9M Dental Patients Affected by LockBit Attack on MCNA

Dark Reading

The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

List of Data Breaches and Cyber Attacks in 2023

IT Governance

Welcome to our new-look list of data breaches and cyber attacks. On this page, you will find all our usual information breaking down the month’s security incidents. However, we’ve decided to consolidate our records onto a single page. So, each month, we’ll update this page with the latest figures and links, so be sure to bookmark it to keep an eye out for the latest data breach news.

article thumbnail

Warning: Sharing Data with ChatGPT Can Be Misused Outside Your Organization

KnowBe4

A new study found that ChatGPT can accurately recall any sensitive information fed to it as part of a query at a later date without controls in place to protect who can retrieve it.

IT 116
article thumbnail

Conti's Legacy: What's Become of Ransomware's Most Wanted?

Data Breach Today

Group Lives on in the Form of More Agile Offshoots Such as Royal and Black Basta Former members of the defunct Conti ransomware group are continuing to ply their trade under a variety of other guises, including Royal and Black Basta. Thanks to their agile and innovative approaches, post-Conti operations are "stronger than ever," one ransomware expert reports.

article thumbnail

421M Spyware Apps Downloaded Through Google Play

Dark Reading

A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.

128
128
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Brute-Forcing a Fingerprint Reader

Schneier on Security

It’s neither hard nor expensive : Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the fingerprint database.

article thumbnail

[Wake-Up Call] It's Time to Focus More on Preventing Spear Phishing

KnowBe4

Fighting spear phishing attacks is the single best thing you can do to prevent breaches.

Phishing 115
article thumbnail

Sports Warehouse Fined $300,000 Over Payment Card Data Theft

Data Breach Today

Data Breach Exposed Nearly 20 Years of 'Indefinitely' Stored Payment Card Data Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.

Retail 253
article thumbnail

Streamers Ditch Netflix for Dark Web After Password Sharing Ban

Dark Reading

Disgruntled users are pursuing offers for "full Netflix access" at steeply discounted rates.

Passwords 120
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

FTC Asserts COPPA Does Not Preempt State Laws

Hunton Privacy

On May 22, 2023, the Federal Trade Commission filed an amicus brief in support of a ruling by the United States Court of Appeals for the Ninth Circuit that COPPA does not preempt state laws claims that are consistent with COPPA. The brief was filed in the case of Jones v. Google. The lawsuit, which was brought by parents on behalf of their children, alleges that video sharing platform YouTube, which is owned by Google, and specific YouTube channel owners violated state laws by collecting persona

Privacy 106
article thumbnail

Tips from Customer Panel on Combining Security Awareness and Compliance Culture Training

KnowBe4

At KB4-CON 2023, we had a customer panel that I hosted discussing the connection between security and compliance training content when trying to change organizational security culture.

article thumbnail

Chinese APT Backdoor Bypasses Indonesian Antivirus

Data Breach Today

TinyNote Creates a 'You Can't See It But It's There' Open Window A Chinese espionage threat group is using a novel backdoor to bypass popular Indonesian antivirus tool Smadav. Targets include European embassies in Southeast and East Asia. Smadav treats processes with no windows as suspect. The APT gets around that by opening a window not visible to users.

IT 251