Data Breach Today
APRIL 30, 2022
Killnet Claims Responsibility for Targeting Romanian Authorities The Computer Emergency Response Team of Ukraine, along with the National Bank of Ukraine, are warning of massive DDoS attacks against pro-Ukrainian targets. The intelligence service in Romania, SRI, also warns of a similar type of attack targeting sites belonging to its national authorities.
Dark Reading
MAY 3, 2022
The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
MAY 2, 2022
IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. IoT devices can spy on people, steal data, or bring down vast swathes of the internet, as happened in 2016 when Mirai malware infiltrated devices such as baby monitors and refrigerators and locked them into a botnet for the Dyn cyberattack.
The Last Watchdog
MAY 5, 2022
Ransomware? I think you may have heard of it, isn’t the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. Related: Make it costly for cybercriminals. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
MAY 3, 2022
California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD's jet fuel suppliers.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Jamf
MAY 5, 2022
Yes; Apple devices have a lower cost of ownership when compared to other technology in the classroom. But it’s not just about the bottom line. Apple devices better prepare schools for remote education, improve digital literacy and teach students skills that will be required in tomorrow’s workplace.
eSecurity Planet
MAY 3, 2022
Security researchers have uncovered a critical vulnerability that could lead to DNS spoofing attacks in two popular C standard libraries that provide functions for common DNS operations. Nozomi Networks Labs found the vulnerability in the Uclibc and uClibc-ng libraries, which provide functions to make common DNS operations such as lookups or translating domain names to IP addresses.
Data Breach Today
MAY 4, 2022
Mosyle Wants to Expand Beyond MDM and Provide a Holistic Apple Security Platform Mosyle closed a $196 million funding round to expand beyond mobile device management and provide a holistic security platform for Apple devices. The company wants to boost adoption of Mosyle Fuse, which combines MDM, endpoint security, encrypted DNS, identity management and app management.
Threatpost
MAY 3, 2022
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
MAY 3, 2022
China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies. The Google TAG team published a report focused on cybersecurity activity in Eastern Europe.
eSecurity Planet
MAY 3, 2022
Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Researchers at Singapore-based cybersecurity company Group-IB recently discovered thousands of databases exposed to the internet that could have been exploited when they were left unprotected. The Attack Surface Management team at Group-IB said it constantly scans the IPv4 landscape for exposed databases, potentially unwanted programs, and other risks.
Data Breach Today
MAY 2, 2022
California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD's jet fuel suppliers.
IT Governance
MAY 3, 2022
Welcome to our latest monthly review of data breaches and cyber attacks. We discovered 80 security incidents in April, resulting in 14,329,78 compromised records. You can find the full list of data breaches below, with incidents affecting UK organisations listed in bold. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
MAY 4, 2022
Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked to Ukraine IT Army , are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media.
eSecurity Planet
MAY 2, 2022
Ransomware just keeps getting worse, it seems. Cybersecurity researchers last week revealed that a new ransomware gang called Onyx is simply destroying larger files rather than encrypting them. As the MalwareHunterTeam noted in a Twitter thread , “as the ransomware they are using is a trash skidware, it’s destroying a part of the victims’ files.” The team would recommend that “no company should pay to these idiots … but they are stealing files too.” Most
Data Breach Today
MAY 4, 2022
John Riggi and Carolyn Crandall Discuss the Top Threats John Riggi, national adviser for cybersecurity at the American Hospital Association, and Carolyn Crandall, chief security advocate at Attivo Networks, explain why threats involving the Russia-Ukraine war are exacerbating cybersecurity pressures on healthcare sector entities in the U.S. and globally.
Hunton Privacy
MAY 2, 2022
On April 28, 2022, India issued new guidance relating to “information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.” Notably, the guidance requires “service providers, intermediary, data centre, body corporate and Government organizations” to report cyber incidents to India’s Computer Emergency Response Team (“CERT-In”) within six hours of noticing such incidents or being notified about such incidents.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
MAY 3, 2022
A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups.
KnowBe4
MAY 2, 2022
A phishing campaign is using short, terse emails to trick people into visiting a credential-harvesting site, according to Paul Ducklin at Naked Security. The email informs recipients that two incoming messages were returned to the sender, and directs the user to visit a link in order to view the messages. Since the emails are so short, the scammers avoid risking typos or grammatical errors that could have tipped off the recipient.
Data Breach Today
MAY 5, 2022
Average Ransom Payment, When a Victim Pays, Drops to $211,529, Coveware Reports Two signs that the tide may finally, if slowly, be turning on ransomware: The number of victims who choose to pay continues to decline, while the amount they pay - when they choose to do so - recently dropped by one-third, reports ransomware incident response firm Coveware.
Hunton Privacy
MAY 4, 2022
In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Kentucky Governor Andy Beshear signed HB 474 into law on April 8, 2022, and Maryland Governor Larry Hogan signed SB 207 into law on April 21, 2022. The new laws establish data security obligations for insurance carriers and generally require carriers to take the following actions, subject to certain exemptions: Co
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
MAY 4, 2022
A sophisticated cyberespionage campaign, dubbed Operation CuckooBees, conducted by the China-linked Winnti group remained undetected since at least 2019. Researchers from Cybereason uncovered a sophisticated cyberespionage campaign, dubbed Operation CuckooBees, aimed at stealing intellectual property from the victims. The campaign flew under the radar since at least 2019, it was attributed by the experts to the China-linked Winnti group and targeted technology and manufacturing companies primari
OpenText Information Management
MAY 6, 2022
The statistics about increased cybercrime are everywhere you turn. According to the FBI’s 2021 Internet Crime Report, the FBI Internet Crime Complaint Center saw a record 847,376 complaints in 2021, representing a 7% increase from the prior year. Perhaps more disturbing is the cybercrimes committed against the most vulnerable in society – our children.
Data Breach Today
MAY 2, 2022
Amit Basu of International Seaways on the Various Approaches to Zero Trust As one embarks on a zero trust journey, it's best to start with a network approach, according to Amit Basu, who is vice president, chief information officer and chief information security officer at International Seaways, a New York-based tanker company.
Schneier on Security
MAY 4, 2022
Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including: The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
MAY 3, 2022
A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. Mandiant researchers discovered a new APT group, tracked as UNC3524, that heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. . Once gained initial access to the target systems, UNC3524 deployed a previously unknown backdoor tracked by Mandiant researchers as QUIETEXIT.
Data Matters
MAY 5, 2022
Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”), repeatedly emphasizes CISA’s cooperative approach with the U.S. private sector. During her interview with Sidley’s Alan Raul on April 13, 2022, Easterly emphasized that CISA’s role was not to “name, blame, shame, or stab the wounded” victims of cybersecurity incidents.
Data Breach Today
MAY 6, 2022
Unsuspecting Hosts Are Potential Targets for Retaliation Containers and cloud-based resources are being used to launch DoS attacks against Russian, Belarusian and Lithuanian websites. Cybersecurity firm CrowdStrike's researchers say that through their Docker Engine honeypots, they observed two different Docker images targeting these assets.
Expert insights. Personalized for you.
358 
Let's personalize your content