Sat.Jan 30, 2021 - Fri.Feb 05, 2021

article thumbnail

Clearview Facial-Recognition Technology Ruled Illegal in Canada

Threatpost

The company’s controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.

Privacy 137
article thumbnail

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented. Members of the Great Firewall Report group have analyzed the recent improvement implemented for China’s Great Firewall censorship system and revealed that it is possible to bypass it.

Paper 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Android Devices Prone to Botnet’s DDoS Onslaught

Threatpost

A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.

IT 135
article thumbnail

French Security Firm Says Hackers Accessed Its Source Code

Data Breach Today

Stormshield Is a Major Supplier of Security Products to the French Government French security vendor Stormshield has launched an investigation after an internal review found that hackers accessed the source code of the company's network security product. The company is a supplier of cybersecurity technology to the French government.

Access 363
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “ SMS Bandits ,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

Phishing 348

More Trending

article thumbnail

Five Tips to Leverage Information for Better Customer Experience

AIIM

Twenty years ago, the average consumer used two touchpoints when buying an item, and only 7% regularly used more than four. Today consumers use an average of almost six touchpoints, with nearly 50% regularly using more than four. ( Marketing Week ) And that’s not including the after purchase touchpoints including, invoicing, billing, shipping, service and support, and feedback.

article thumbnail

New DHS Secretary Pledges to Investigate SolarWinds Hack

Data Breach Today

Alejandro Mayorkas: ‘Cybersecurity of Our Nation Will Be One of My Highest Priorities’ Alejandro Mayorkas, the newly confirmed secretary of the Department of Homeland Security, says his initial priorities include reviewing all available intelligence on the SolarWinds supply chain hack and scrutinizing the government's cybersecurity programs.

article thumbnail

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.

Sales 337
article thumbnail

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

The Last Watchdog

The cybersecurity operational risks businesses face today are daunting, to say the least. Related: Embedding security into DevOps. Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of.

Security 154
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

[Podcast] Process Adaptability and Information Access are Key for Transformation

AIIM

I was so pleased to speak with Jason Burian , VP of Product Development at Knowledge Lake, in this episode of AIIM On Air. As companies look to 2021 and beyond and start crafting new strategies and methodologies, it is important to consider those factors and conditions that will most effectively drive organizational performance. Jason discusses the key aspects of process adaptability and information access and how they will influence our success.

Access 153
article thumbnail

Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector

Data Breach Today

SolarWinds CEO Says No Office 365 Vulnerability Pinpointed as Entry Point Microsoft's security team says the company's Office 365 suite of products did not serve as an initial entry point for the hackers who waged the SolarWinds supply chain attack. And SolarWinds' CEO says that no Office 365 vulnerability has been identified that would have opened the door to the attack.

Security 348
article thumbnail

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Krebs on Security

ValidCC , a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure.

article thumbnail

The Gaming Platforms That Let Streamers Profit From Hate

WIRED Threat Level

WIRED has found dozens of far-right and white supremacist figures monetizing their livestreams through “donation management services” Streamlabs and StreamElements.

Security 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Exploiting a bug in Azure Functions to escape Docker

Security Affairs

Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker to escalate privileges and escape the Docker container that hosts them.

article thumbnail

Malware Targets Kubernetes Clusters

Data Breach Today

Researchers: 'Hildegard' Linked to TeamTNT Hacking Group A previously undocumented malware variant called "Hildegard" is targeting Kubernetes clusters, according to Palo Alto Networks' Unit 42. The malicious code is likely the work of the TeamTNT hacking group, which mines for monero cryptocurrency.

Mining 346
article thumbnail

Another SolarWinds Orion Hack

Schneier on Security

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks : Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S.

article thumbnail

There Are Spying Eyes Everywhere—and Now They Share a Brain

WIRED Threat Level

Security cameras. License plate readers. Smartphone trackers. Drones. We’re being watched 24/7. What happens when all those data streams fuse into one?

Security 145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

UK Research and Innovation (UKRI) discloses ransomware attack

Security Affairs

A ransomware infected the systems at the UK Research and Innovation (UKRI), at leat two services were impacted. The UK Research and Innovation (UKRI) discloses a ransomware incident that impacted a number of UKRI-related web assets. Two services were impacted, a portal for our UK Research Office (UKRO) based in Brussels and an extranet used by our Councils.

article thumbnail

After Joker’s Stash Closes, What Comes Next?

Data Breach Today

Researchers Expect Other Underground Sites Will Pick Up the Slack Other darknet marketplaces apparently are preparing to fill the underground economy's need for a steady stream of stolen payment card data if the Joker's Stash site closes Feb. 15 as its administrator has announced. Some researchers believe the administrator may even launch a new marketplace.

IT 334
article thumbnail

More SolarWinds News

Schneier on Security

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.

article thumbnail

Apple Fixes One of the iPhone's Most Pressing Security Risks

WIRED Threat Level

By hardening iMessage in iOS 14, the company has effectively cut off what had been an increasingly popular line of attack.

Risk 140
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

UScellular data breach: attackers ported customer phone numbers

Security Affairs

US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 million customers in 426 markets in 23 states as of the second quarter of 2020.

article thumbnail

Analysis: The Persistent Ransomware Threat

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the persistent threat of ransomware. Also featured: Sorting out breaches tied to Accellion’s File Transfer Appliance; an update on fraud trends in 2021.

article thumbnail

What I Wish I Knew at the Start of My InfoSec Career

Dark Reading

Security pros identify lessons learned that impact how they view infosec today.

Security 139
article thumbnail

Foxtons estate agency leaked thousands of customers’ financial records

IT Governance

Foxtons Group is under scrutiny for downplaying the severity of a cyber attack that has compromised the financial details of 16,000 customers. The organisation was hit by malware in October, with criminal hackers forcing its web portal offline. At the time, it reported that the incident affected its mortgage broking business, Alexander Hall, and that no sensitive information had been stolen.

Access 138
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. The popular white hat hacker Tavis Ormandy of Google Project Zero discovered a severe heap buffer overflow flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software could have allowed a remote attacker to write arbitrary data to the target machine, potentially leading to code execution. “There is a heap buffer overflow in libgcrypt d

Libraries 145
article thumbnail

Unusual Phishing Campaign Extracted Office 365 Credentials

Data Breach Today

Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers.

Phishing 306
article thumbnail

Georgia’s Ballot-Marking Devices

Schneier on Security

Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked (enough to change the outcome). Then this would have been detected in the audit, and (in principle) Georgia would have been able to recover by doing a full recount.

Paper 135