Sat.Dec 31, 2022 - Fri.Jan 06, 2023

article thumbnail

Why Do Ransomware Victims Pay for Data Deletion Guarantees?

Data Breach Today

Paying for Promises That Can't Be Audited Paints a Repeat-Attack Target on Victims Many ransomware-wielding attackers are expert at preying on their victims' compulsion to clean up the mess. Witness victims' continuing willingness to pay a ransom - separate to a decryptor - in return from a promise from extortionists that they will delete stolen data.

article thumbnail

GUEST ESSAY: These common myths and misconceptions make online browsing very risky

The Last Watchdog

For the average user, the Internet is an increasingly dangerous place to navigate. Related: Third-party snooping is widespread. Consider that any given website experiences approximately 94 malicious attacks a day , and that an estimated 12.8 million websites are infected with malware. So, in response to these numbers, users are seeking ways to implement a more secure approach to web browsing.

Privacy 214
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Five Guys Data Breach Puts HR Data Under a Heat Lamp

Dark Reading

Job applicants could face a raft of follow-on attacks after cyber intruders accessed their data in an opportunistic attack.

article thumbnail

Data Breach: CircleCI Says Immediately 'Rotate Your Secrets'

Data Breach Today

Continuous Integration Software Development Platform Suspects 2-Week Intrusion CircleCI, which is used by over 1 million developers to build, test and deploy software, has issued a brief security alert warning all customers to immediately "rotate any secrets stored in CircleCI" as it continues to probe a suspected two-week intrusion.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cops Hacked Thousands of Phones. Was It Legal?

WIRED Threat Level

When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.

Mining 104

More Trending

article thumbnail

What will 2023 bring in the realms of cybersecurity and privacy?

Thales Cloud Protection & Licensing

What will 2023 bring in the realms of cybersecurity and privacy? divya. Thu, 01/05/2023 - 05:52. As geopolitical tensions persist and economic instability looms, organizations should get ready for a rise in cyber risks. What will 2023 bring in the realms of cybersecurity and privacy? Here are six predictions I think you should consider for the year ahead.

Privacy 87
article thumbnail

Data architecture strategy for data quality

IBM Big Data Hub

Poor data quality is one of the top barriers faced by organizations aspiring to be more data-driven. Ill-timed business decisions and misinformed business processes, missed revenue opportunities, failed business initiatives and complex data systems can all stem from data quality issues. Just one of these problems can prove costly to an organization.

article thumbnail

List of data breaches and cyber attacks in December 2022 – 31.5 million records breached

IT Governance

December can be the best or worst time to suffer a data breach. On the one hand, people have started to wind down to the end of the year, all attention is on holidays and a data breach is more likely to fall under the data. But for the very same reasons, a December data breach can be the worst possible scenario. Your team suddenly has a mountain of work on its hands as it mitigate the damage.

article thumbnail

Google will pay $29.5M to settle two lawsuits over its location tracking practices

Security Affairs

Google will pay $29.5 million to settle two different lawsuits in the US over its deceptive location tracking practices. Google decided to pay $29.5 million to settle two different lawsuits brought by the states of Indiana and Washington, D.C., over its deceptive location tracking practices. The IT giant will pay $9.5 million to D.C. and $20 million to Indiana after the states filed two lawsuits against the company charging it with having tracked users’ locations without their express cons

IT 98
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Expect Hacking, Phishing After Leak of 200M Twitter Records

Data Breach Today

Database Will Provide Intelligence of Use to Online Criminals, Expert Warns Expect the recently leaked database containing over 200 million Twitter records to be an ongoing resource for hackers, fraudsters and other criminals operating online, even though 98% of the email addresses it contains have appeared in prior breaches, experts warn.

Phishing 363
article thumbnail

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

The Last Watchdog

At the start of 2023, consumers remain out in the cold when it comes to online protection. Related: Leveraging employees as human sensors. Malicious online actors grow ever more sophisticated, making cybersecurity as big a concern for everyday consumers as it ever has been. These days, ordinary people are facing increasing —and more complex—threats than ever before.

Risk 203
article thumbnail

Breaking RSA with a Quantum Computer

Schneier on Security

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong. We have long known from Shor’s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today.

Paper 145
article thumbnail

Security Outlook 2023: Cyber Warfare Expands Threats

eSecurity Planet

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. “In 2022, governments fought wars online, businesses were affected by multiple ransomware gangs, and regular users’ data was constantly on hackers’ radars,” said NordVPN CTO Marijus Briedis. 2023, he predicted, “will not be any easier when it comes to keeping users’

Security 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Leaked Emails of 200M Twitter Users Now Available for Free

Data Breach Today

63GB Database of Names, Email Addresses Posted to Hacker Forum for All to Download A member of a criminal data breach forum that tried to sell the email addresses of 400 million Twitter users to CEO Elon Musk last month has now posted the stolen data for free for anyone to download. The 63 GB of data includes names, handles, creation dates, follower counts and email addresses.

article thumbnail

200M Twitter Profiles, with Email Addys, Dumped on Dark Web for Free

Dark Reading

A data dump of Twitter user details on an underground forum appears to stem from an API endpoint compromise and large-scale data scraping.

141
141
article thumbnail

Neeva Combines AI and Search – Now Comes The Hard Part

John Battelle's Searchblog

The Very Hardest Thing. What’s the hardest thing you could do as a tech-driven startup? I’ve been asked that question a few times over the years, and my immediate answer is always the same: Trying to beat Google in search. A few have tried – DuckDuckGo has built itself a sizable niche business, and there’s always Bing, thought it’s stuck at less than ten percent of Google’s market (and Microsoft isn’t exactly a startup.

Marketing 138
article thumbnail

Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber Loss

KnowBe4

Representing more than half of all cyber loss, new data shows these attacks all begin with employees falling for social engineering , phishing , and business email compromise.

Phishing 130
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Critical Vulnerabilities Found in Luxury Cars Now Fixed

Data Breach Today

Ferrari, BMW, Rolls Royce, Porsche Software Flaws Exposed Data, Vehicle Controls Software vulnerabilities installed by luxury car manufacturers including Ferrari, BMW, Rolls Royce and Porsche that could allow remote attackers to control vehicles and steal owners' personal details have been fixed. Cybersecurity researchers uncovered the vulnerabilities while vacationing.

article thumbnail

ChatGPT Artificial Intelligence: An Upcoming Cybersecurity Threat?

Dark Reading

The role of artificial intelligence in cybersecurity is growing. A new AI model highlights the opportunities and challenges.

article thumbnail

Is the Most Creative Act a Human Can Engage in the Formation of a Good Question?

John Battelle's Searchblog

Wise, Kevin Kelly is. Today I’d like to ponder something Kevin Kelly – a fellow co-founding editor of Wired – said to me roughly 30 years ago. During one editorial conversation or another, Kevin said – and I’m paraphrasing here – “The most creative act a human can engage in is forming a good question.” That idea has stuck with me ever since, and informed a lot of my career.

article thumbnail

There is a New Trend in Social Engineering with a Disgusting Name; "Pig-butchering"

KnowBe4

The technique began in the Chinese underworld, and it amounts to an unusually protracted form of social engineering. The analogy is with fattening up a pig, then butchering it for all it’s worth. In this case the analogy is wayward, since the criminal doesn’t really fatten up the pig, not that much, anyway, but it works at least this far: they develop the marks slowly, and they get the marks to fatten up the accounts they ultimately drain.

IT 126
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Irish Privacy Watchdog Fines Meta 390 Million Euros for Ads

Data Breach Today

Social Media Company Fined for GDPR Violation Related to Ad Personalization The Irish Data Protection Commission has imposed a fine of 390 million euros against Meta Ireland for violating the General Data Protection Regulation related to user data processing. Meta confirmed it will contest the penalty, which targets ad personalization by Facebook and Instagram.

Privacy 244
article thumbnail

Remote Vulnerabilities in Automobiles

Schneier on Security

This group has found a ton of remote vulnerabilities in all sorts of automobiles. It’s enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible.

IT 126
article thumbnail

Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You

WIRED Threat Level

The exposure of hundreds of millions of email addresses puts pseudonymous users of the social network at risk.

Risk 123
article thumbnail

These grim figures show that the ransomware problem isn't going away

KnowBe4

ZDNet summarized the problem as follows: "Up to 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit with ransomware in the US alone during 2022, demonstrating how ransomware attacks remain a significant cyber threat to the public sector and civil society.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Software Engineer Charged With 'Office Space-Inspired' Fraud

Data Breach Today

'Shopping Experience' Engineer at Retailer Accused of 'Malicious Software Edits' Seattle police have charged an online retailer's "shopping experience" software programmer with engineering a fraud scheme based on the movie "Office Space," in which malicious software was used to transfer a fraction of every transaction into an outside account.

Retail 233
article thumbnail

Rackspace Breach Linked to New OWASSRF Vulnerability

eSecurity Planet

Rackspace has acknowledged that it was hit by the Play ransomware a month ago in an attack that compromised customers’ Microsoft Exchange accounts. The attackers apparently leveraged a zero-day vulnerability called OWASSRF that was recently analyzed by CrowdStrike. In an interview with the San Antonio Express-News , Rackspace chief product officer John Prewitt said the company hadn’t implemented Microsoft’s November 2022 patches for the ProxyNotShell flaws in Exchange because o

article thumbnail

Colorado AG Publishes Second Draft of Colorado Privacy Act Rules

Hunton Privacy

On December 21, 2022, the Colorado Attorney General published an updated version of the draft rules to the Colorado Privacy Act (“CPA”). The draft, which follows the first iteration of the proposed rules published on October 10, 2022, solicits comments on five topics: (1) new and revised definitions; (2) the use of IP addresses to verify consumer requests; (3) a proposed universal opt-out mechanism; (4) streamlining the privacy policy requirements; and (5) bona fide loyalty programs.

Privacy 118