Krebs on Security

OCTOBER 17, 2023

Amir Golestan , the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC , has been sentenced to five years in prison for wire fraud. Golestan’s sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Ca

Marketing 323

Marketing Sales Government Security 323

Krebs on Security

OCTOBER 18, 2023

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Blockchain 309

Blockchain Security awareness Security IT 309

Krebs on Security

OCTOBER 20, 2023

Okta , a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion.

Access 326

Access Archiving Authentication Security 326

The Last Watchdog

OCTOBER 17, 2023

Cisco’s recent move to acquire SIEM stalwart Splunk for a cool $28 billion aligns with the rising urgency among companies in all sectors to better protect data — even as cyber threats intensify and disruptive advancements in AI add a wild card to this challenge. Related: Will Cisco flub Splunk? Cisco CEO Chuck Robbins hopes to boost the resiliency the network switching giant’s growing portfolio of security services.

Cloud 306

Cloud Analytics Marketing Security 306

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

OCTOBER 18, 2023

Qualys, Rapid7 Depart Forrester's Leaderboard as Data Ingestion Takes Center Stage Tenable held steady atop Forrester's vulnerability risk management rankings while Vulcan Cyber broke into the leaders category and Rapid7 and Qualys tumbled from the leaderboard. The way vendors deliver vulnerability management has shifted away from ingesting vulnerability assessment results.

Risk 331

Risk 331

Dark Reading

OCTOBER 16, 2023

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

Authentication 139

Authentication 139

The Last Watchdog

OCTOBER 18, 2023

The ubiquity of smart surveillance systems has contributed greatly to public safety. Related: Monetizing data lakes Image capture devices embedded far and wide in public spaces help deter crime as well as aid first responders — but they also stir rising concerns about an individual’s right to privacy. Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time.

Encryption 264

Encryption Privacy Cloud Access 264

Data Breach Today

OCTOBER 20, 2023

BeyondTrust Says It Took Okta Nearly 3 Weeks to Confirm Breach It First Spotted A breach of Okta's support case management system using a stolen credential allowed attackers to access sensitive files uploaded by the identity security giant's customers. San Francisco-based Okta said the threat actor could view filed uploaded by certain customers as part of recent support cases.

Access 321

Access Security IT 321

Security Affairs

OCTOBER 16, 2023

Cisco warned customers of a critical zero-day vulnerability in its IOS XE Software that is actively exploited in attacks. Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases.

Access 144

Access IT Security Information Security 144

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Thales Cloud Protection & Licensing

OCTOBER 17, 2023

Cyber Security Awareness Month – Answering Google’s Most Commonly Asked Questions madhav Wed, 10/18/2023 - 05:25 This month is Cyber Security Awareness Month , highlighting how far security education needs to go in order to enable a secure interconnected world. Technology continues to improve our lives – but at the same time the risks continue to grow.

Security awareness 129

Security awareness Security Passwords Authentication 129

The Last Watchdog

OCTOBER 16, 2023

Supply chain security grows more crucial daily as cybercriminals attempt to disrupt distribution and transportation. In response, industry professionals must automate their cybersecurity tools to stay ahead. Why so? The 2020 SolarWinds cybersecurity incident — which industry experts call the supply chain attack of the decade — was an incredibly high-profile breach affecting massive corporations.

Cybersecurity 147

Cybersecurity Artificial Intelligence Data breaches Security 147

Data Breach Today

OCTOBER 19, 2023

APT34 Used Microsoft Exchange Server to Send Email Commands to Backdoor Malware Iranian state-sponsored hackers conducted an eight-month espionage campaign against a Middle Eastern government, compromising dozens of computers. The Crambus group exploited publicly available tools and three novel pieces of malware to access systems, maintain persistence and steal data.

Government 305

Government Access 305

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day.

Archiving 140

Archiving Security IT Data breaches 140

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

OCTOBER 17, 2023

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Ed Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system.

Paper 134

Paper Security Blockchain Cybersecurity 134

The Last Watchdog

OCTOBER 20, 2023

Vilnius, Lithuania, Oct. 20, 2023 — The UN Office on Drugs and Crime estimates that 5% of global GDP (£1.6 trillion) is laundered yearly , with increasing volumes of online data and the digitization of the economy making fraudsters more creative and difficult to catch. “Enterprises in the finance, banking, and telecommunications sectors are the most susceptible to online fraud, but it can happen to any company,” said Vaidotas Sedys , Head of Risk Management at Oxylabs.

Artificial Intelligence 100

Artificial Intelligence Big data Cybersecurity Cloud 100

Data Breach Today

OCTOBER 18, 2023

Pyongyang Hackers Exploiting Critical TeamCity Server Bug North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool - a high-risk development, especially in light of Pyongyang hackers' recent track record of supply chain hacks.

Risk 314

Risk 314

Security Affairs

OCTOBER 20, 2023

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Researchers from LeakIX used the indicators of compromise (IOCs) released by Cisco Talos and found around 30k Cisco IOS XE devices (routers, switches, VPNs) that were infected by exploiting the CVE-2023-20198. Most of the infected devices were in the United States, the Philippines, Chile, and Mexico.

Access 136

Access Security Cybersecurity IT 136

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Hunton Privacy

OCTOBER 19, 2023

On October 17, 2023, The First-tier Tribunal of the UK General Regulatory Chamber allowed an appeal by Clearview AI Inc (“Clearview”) against an enforcement notice and fine issued by the UK’s Information Commissioner’s Office (“ICO”). On May 18, 2022, the ICO issued an enforcement notice requiring that Clearview delete the personal data of UK individuals collected through the use of its facial recognition technology and held in its database (the “Notice”), as well as a fine of £7.5 million, alle

GDPR 123

GDPR Personal data Government IT 123

The Last Watchdog

OCTOBER 19, 2023

Bedford, Mass., Oct. 17, 2023 — NetWitness , a globally trusted provider of cybersecurity software and services, has today announced the 12.3 release of its award-winning NetWitness Intelligent Threat Detection and Response Platform. The latest update offers enterprises more visibility into cyber threats than ever before with passive discovery, categorization, and ranking of all network assets, which allows companies to best prioritize potential risks.

Analytics 100

Analytics Cloud Encryption Marketing 100

Data Breach Today

OCTOBER 19, 2023

Thousands of IT Workers Defrauded US Firms to Earn Hundreds of Millions of Dollars Thousands of North Korean IT workers hid their identities to earn hundreds of millions of dollars in IT contract work from overseas companies to help finance the country's weapons development program, U.S. and South Korean agencies said. Officials said to watch for workers who are camera-shy.

IT 298

IT 298

Security Affairs

OCTOBER 15, 2023

The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. The group claims to have stolen 5TB of patients’ and employee’s information, backups, PII documents, and more.

Ransomware 143

Ransomware Encryption Data breaches IT 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Dark Reading

OCTOBER 19, 2023

The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.

Government 121

Government 121

The Last Watchdog

OCTOBER 16, 2023

Vodnjan, Croatia, October 16, 2023 – Global cloud communications platform Infobip has identified five common frauds impacting mobile users in the messaging ecosystem. Infobip explains the security challenges enterprises and mobile network operators (MNOs) face in the application-to-person (A2P) messaging ecosystem. Company also explains its role as a co-guardian of the A2P ecosystem with MNOs, helping protect brands and mobile users with its firewall.

Security 100

Security Communications Privacy Customer Experience 100

Data Breach Today

OCTOBER 19, 2023

Aleksanteri Kivimäki Charged for the 2020 Leak of Mental Health Clinic Database The hacker who allegedly leaked mental health records online after breaking into a Helsinki-based psychotherapy chain's patient database has been charged with multiple counts of extortion and data leak in Finnish court. Finnish national Aleksanteri Tomminpoika Kivimäki, 26, has denied guilt.

304

304

Security Affairs

OCTOBER 18, 2023

A vulnerability in Synology DiskStation Manager ( DSM ) could be exploited to decipher an administrator’s password. Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Team82 discovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the NAS products.

Passwords 133

Passwords Security IT Information Security 133

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Dark Reading

OCTOBER 18, 2023

The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.

122

122

eSecurity Planet

OCTOBER 20, 2023

Hybrid cloud security is a framework for protecting data and applications in a computing environment that includes both private and public clouds. It combines on-premises and cloud-based resources to satisfy an organization’s diversified computing demands while ensuring strong security. This approach to cloud computing enables enterprises to benefit from the scalability and flexibility provided by public clouds while maintaining sensitive data within their own infrastructure.

Cloud 120

Cloud Security IT Encryption 120

Data Breach Today

OCTOBER 19, 2023

Also: Navy IT Manager Sentenced to 5 Years in Prison for Accessing Database This week, Citrix's update was insufficient, a Navy IT manager was sentenced to prison for accessing a database, a Moldovan man pleaded not guilty to running a credentials marketplace, new details emerged on health data breaches, and a television advertising giant suffered a ransomware attack.

Data breaches 300

Data breaches Ransomware Access IT 300