Krebs on Security

AUGUST 22, 2023

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

Honeypots 195

Honeypots Ransomware Access Cloud 195

The Last Watchdog

AUGUST 21, 2023

Phone number spoofing involves manipulating caller ID displays to mimic legitimate phone numbers, giving scammers a deceptive veil of authenticity. Related: The rise of ‘SMS toll fraud’ The Bank of America scam serves as a prime example of how criminals exploit this technique. These scammers impersonate Bank of America representatives, using the genuine bank’s phone number (+18004321000) to gain trust and deceive their targets.

Authentication 189

Authentication Risk Security IT 189

Data Breach Today

AUGUST 21, 2023

GuidePoint Security's Mark Lance on Ways to Delay and Gather Info on Cybercriminals Conventional wisdom recommends to never negotiate with ransomware actors. They can't be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.

Ransomware 245

Ransomware Security 245

Elie

AUGUST 20, 2023

We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks.

Security 117

Security 117

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks.

Phishing 207

Phishing Passwords Data breaches Authentication 207

Data Breach Today

AUGUST 25, 2023

Fresh Lawsuits Target Prudential, Plus Charles Schwab and Subsidiary TD Ameritrade Two financial services giants hit by the mass attack on MOVEit file-sharing software - Prudential and Schwab - are the latest victims to face lawsuits from affected individuals. The suit filed against Prudential seeks 10 years of prepaid identity theft monitoring services instead of the usual two.

Data breaches 246

Data breaches Financial Services 246

Security Affairs

AUGUST 25, 2023

Experts observed the SmokeLoader malware delivering a new Wi-Fi scanning malware strain dubbed Whiffy Recon. Secureworks Counter Threat Unit (CTU) researchers observed the Smoke Loader botnet dropping a new Wi-Fi scanning malware named Whiffy Recon. The malicious code triangulates the positions of the infected systems using nearby Wi-Fi access points as a data point for Google’s geolocation API. “The scan results are mapped to a JSON structure (see Figure 5) that is sent to the Googl

File names 98

File names Access Encryption IT 98

KnowBe4

AUGUST 25, 2023

Check out the 21 new pieces of training content added in August, alongside the always fresh content update highlights, events and new features.

Security awareness 98

Security awareness Security 98

The Last Watchdog

AUGUST 22, 2023

Fremont, Calif., Aug. 22, 2023 — AVer Information Inc. USA , the award-winning provider of video collaboration and education solutions, announces a technology collaboration with Nureva to streamline hybrid meeting room connectivity. The plug-and-play hybrid meeting bundles include AVer’s CAM550 , a 4K dual lens PTZ camera, and Nureva’s HDL300 audio system , an integrated microphone and speaker bar.

Artificial Intelligence 100

Artificial Intelligence Education Communications IT 100

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

AUGUST 25, 2023

Also: Global Privacy Trends; Tornado Cash Founders Charged In the latest weekly update, ISMG editors discuss the shifting dynamics of cyber insurance, why APAC is approaching privacy regulations around emerging technologies, and how U.S. authorities charged the co-founders of cryptocurrency mixer Tornado Cash with money laundering.

Insurance 246

Insurance Privacy 246

Security Affairs

AUGUST 25, 2023

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cyber espionage campaign that targeted dozens of organizations in Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware.

Manufacturing 98

Manufacturing Education Access Government 98

Collibra

AUGUST 23, 2023

As the data intelligence company, we’ve long anticipated broad adoption of AI, and Collibrians with data science and machine learning expertise have been working diligently on ways to apply AI/ML. Disruptive technologies such as ChatGPT , Bard , and other generative AI technologies suddenly made AI accessible to everyone, regardless of their level of data science expertise.

Communications 98

Communications Data science Marketing Artificial Intelligence 98

The Last Watchdog

AUGUST 21, 2023

Boston, Mass, Aug. 22, 2023 – airSlate , a leader in document workflow automation solutions, today announced the launch of QuickStart in collaboration with partner Forthright Technology Providers , a leading provider of user-centric IT solutions and services. The comprehensive package, available at a fixed price, combines airSlate’s automation tools, including customizable workflows and built-in eSignatures, with Forthright’s professional services, enabling organizations to streamline business

Digital transformation 100

Digital transformation Compliance Sales Communications 100

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Breach Today

AUGUST 24, 2023

Fraudster Users Call Victims 'Mammoths,' Leading Eset to Dub Them 'Neanderthals' A likely Russian toolkit dubbed Telekopye by security researchers lets thieves concentrate on honing their social engineering without having to worry about the technical side of online scamming. Users dub victims "Mammoths," leading security firm Eset to christen Telekopye customers "Neanderthals.

Security 246

Security 246

Security Affairs

AUGUST 24, 2023

The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966 , in Zoho’s ManageEngine ServiceDesk in attacks aimed at the Internet backbone infrastructure provider and healthcare organizations.

Access 98

Access IT Security Information Security 98

KnowBe4

AUGUST 24, 2023

Users of the language learning app Duolingo should be wary of targeted phishing attacks following a recent data leak, according to Anthony Spadafora at Tom’s Guide. Criminals scraped the names and email addresses of 2.6 million Duolingo users earlier this year, and are now selling the entire dataset on underground forums for approximately $2.13.

Phishing 98

Phishing 98

DLA Piper Privacy Matters

AUGUST 22, 2023

Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“ Draft Measures ”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“ CAC ”).

Compliance 98

Compliance Personal data Privacy Government 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

AUGUST 25, 2023

Madrid Touts Strategy for 'Inclusive, Sustainable, Citizen-Focused' AI Spain is set to launch Europe's first-ever artificial intelligence regulatory agency as the trading bloc finalizes legislation meant to mitigate risks and ban AI applications considered too risky. Madrid said its goal is to foster AI that is "inclusive, sustainable, and centered on citizens.

Artificial Intelligence 246

Artificial Intelligence Risk IT 246

Security Affairs

AUGUST 24, 2023

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035 (CVSS score 9.8). This week the software company Ivanti released urgent security patches to address the critical-severity vulnerability CVE-2023-38035 impacting the Ivanti Sentry (formerly MobileIron Sentry) product.

Authentication 98

Authentication Access Risk Cybersecurity 98

KnowBe4

AUGUST 23, 2023

It appears that one of the most regulated industries also holds the title for the highest average data breach costs – coming in at just under $11 million per breach.

Data breaches 98

Data breaches IT 98

DLA Piper Privacy Matters

AUGUST 21, 2023

Authors: Carolyn Bigg and Amanda Ge Businesses who must follow the China SCCs route to legitimize their cross-border transfers of personal data must file their signed China SCCs together with the supporting personal information impact assessment (“PIIA”) report with their local CAC branch by no later than 30 November 2023. This requires significant effort, and so businesses must act now to meet the filing deadline.

Compliance 98

Compliance Personal data IT Security 98

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

AUGUST 24, 2023

The Gulf Coast Provider Is Among the Regional Health Systems Hit Recently A three-hospital health system serving the Mississippi Gulf Coast has resorted to paper charting and other manual processes for patient care as it deals with a cyberattack that forced it to take systems offline. The incident is the latest disruptive attack on a regional medical provider.

Paper 245

Paper IT 245

Security Affairs

AUGUST 24, 2023

An 18-year-old member of the Lapsus$ gang has been convicted of having helped hack multiple high-profile companies. A teenage member of the Lapsus$ data extortion group, Arion Kurtaj (18), was convicted by a London jury of having hacked multiple high-profile companies, including Uber , Revolut , and blackmailed the developers of the gaming firm Rockstar Games.

Access 98

Access Security Information Security IT 98

KnowBe4

AUGUST 21, 2023

Phishing attacks are on the rise in Australia, the Australian Broadcasting Corporation ( ABC ) reports.

Phishing 98

Phishing 98

WIRED Threat Level

AUGUST 23, 2023

Here’s what the science really says about teens and screens—and how to start the conversation with young people of any age.

Security 98

Security 98

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Data Breach Today

AUGUST 22, 2023

Whistleblower Leaks Included Information on 75,735 Current and Former Employees Tesla says it is suing two former employees for perpetrating a May data breach that exposed personal information for 75,735 current and former employees. The information was contained in a massive set of data leaked to a publication on whistleblowing grounds.

Data breaches 245

Data breaches IT 245

Security Affairs

AUGUST 24, 2023

The FBI warned that patches for a critical Barracuda ESG flaw CVE-2023-2868 are “ineffective” and patched appliances are still being hacked. The Federal Bureau of Investigation warned that security patches for critical vulnerability CVE-2023-2868 in Barracuda Email Security Gateway (ESG) are “ineffective.” According to the feds, threat actors are still hacking the patched appliances in ongoing hacking campaigns.

Access 98

Access Security Phishing IT 98

KnowBe4

AUGUST 23, 2023

The number one way that hackers and malware compromise people, devices, and networks is social engineering. No one argues that anymore, but it was not always known or discussed that way. Even though social engineering has been the number one way hackers and malware exploit people and devices since the beginning of network computers, it was not generally known or discussed as such until just five or 10 years ago.

Cybersecurity 98

Cybersecurity IT 98