Data Breach Today
JULY 12, 2022
Malware Uses a Variety of Methods to Evade Detection Newly spotted ransomware dubbed HavanaCrypt by TrendMicro masquerades as the Google Software Update. For all its sophistication, it fails to drop a ransom note, leading researchers to speculate that it is still in development. Detect and block it before it causes more damage, the company warns.
Security Affairs
JULY 9, 2022
Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JULY 12, 2022
Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.
The Last Watchdog
JULY 14, 2022
Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. Related: Deploying human sensors. Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Data Breach Today
JULY 15, 2022
Small and Mid-Size Businesses Targeted Globally But So Far Extortion Attempts Have Failed Microsoft security researches say they're tracking a hacking group originating from North Korea that may be a side project of an established threat actor. So far the group, which likes the moniker "H0lyGh0st," appears not to have collected any ransom.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Krebs on Security
JULY 10, 2022
Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email
WIRED Threat Level
JULY 14, 2022
Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.
Data Breach Today
JULY 14, 2022
Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes. From there, they emailed corporate vendors to obtain financial data.
Security Affairs
JULY 12, 2022
A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
The Last Watchdog
JULY 11, 2022
It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised. Related: VPNs vs ZTNA. Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark , a supplier of VPN services aimed at the consumer and SMB markets.
WIRED Threat Level
JULY 11, 2022
The US House committee has already uncovered a more organized and sinister plot than many imagined. But history suggests the worst may be yet to come.
Data Breach Today
JULY 14, 2022
The latest edition of the ISMG Security Report analyzes why the number of ransomware attacks and the amounts being paid in ransoms are both on the rise. It also discusses today's cyberthreat landscape and whether organizations should rely on user training to improve security.
Security Affairs
JULY 9, 2022
Apple plans to introduce a security feature, called Lockdown Mode , to protect its users against “highly targeted cyberattacks.” The recent wave of sophisticated attacks against Apple users (i.e. Pegasus , DevilsTongue , and Hermit ) urged the tech giant to develop a new security feature, called Lockdown Mode, to protect its users against highly targeted cyberattacks.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Dark Reading
JULY 15, 2022
And some ways to up your game for identifying fabricated online profiles of people who don't exist.
WIRED Threat Level
JULY 9, 2022
Plus: A duplicitous bug bounty scheme, the iPhone's new “lockdown mode,” and more of the week's top security news.
Data Breach Today
JULY 13, 2022
Free Searching on Stolen Data and Higher Ransom Demands Among Latest Innovations Seeking maximum profits, ransomware groups continually refine the tactics they use to bypass defenses, infect victims and pressure them into paying. Unfortunately, a reported increase in ransomware attacks and ransom amounts getting paid to criminals suggests these efforts largely remain successful.
Security Affairs
JULY 13, 2022
IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside in the UEFI firmware shipped with over 70 product models, including several ThinkBook models. A remote attacker can trigger these flaws to execute arbitrary code on the vulnerable systems in the early stages of the boot avoiding the detection of s
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
eSecurity Planet
JULY 11, 2022
Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit , the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” and “remote capabilities over SSH.”.
WIRED Threat Level
JULY 11, 2022
The pro-Russian group Killnet is targeting countries supporting Ukraine. It has declared "war" against 10 nations.
Data Breach Today
JULY 12, 2022
Hack Attacks That Affect Operational Security Environments Remain Rare The Predatory Sparrow hacking group recently claimed to have triggered fires in multiple state-run Iranian steel foundries via hack attacks. Clearly, industrial cybersecurity remains essential. But are the attacks a sign of much more to come or more of a politically motivated proof of concept?
Security Affairs
JULY 15, 2022
Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. RedAlert (aka N13V) targets both Windows and Linux VMWare ESXi servers of target organizations.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
eSecurity Planet
JULY 12, 2022
The first signs of the ransomware attack at data storage vendor Spectra Logic were reports from a number of IT staffers about little things going wrong at the beginning of the day. Matters steadily worsened within a very short time and signs of a breach became apparent. Screens then started to display a ransom demand, which said files had been encrypted by the NetWalker ransomware virus.
WIRED Threat Level
JULY 13, 2022
The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.
Data Breach Today
JULY 15, 2022
Attempts to Accurately Track Breaches and Ransomware Hampered by Scarce Details Ransomware attacks and data breaches: One thing both have in common is the challenge of attempting to accurately understand their true scale and impact. Too often, data breach notifications lack useful details, while ransomware attacks and ransom payments go unreported.
Security Affairs
JULY 13, 2022
Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to evolve implementing new attack vectors to evade detection, Zscaler Threatlabz researchers warn.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
JULY 12, 2022
Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. […].
WIRED Threat Level
JULY 12, 2022
Nonprofit donors had their information given to law enforcement without consent, highlighting limited data protections in the world’s largest democracy.
Data Breach Today
JULY 14, 2022
CyberArk Has Pushed Beyond Its Legacy in PAM to Address Broader Identity Use Cases CyberArk has pushed beyond privileged access management to address broader identity use cases as the rise of machine identities creates new challenges. The company will offer more holistic protection to user and nonuser identities by expanding into secrets management and cloud privilege security.
Expert insights. Personalized for you.
304 
Let's personalize your content