KnowBe4
SEPTEMBER 24, 2024
A phishing campaign is targeting GitHub users with phony CAPTCHA pages, according to researchers at McAfee. The phishing emails ask users to address a security vulnerability in a GitHub repository that they recently contributed to, and contain a link to find more information about the alleged vulnerability. This link leads to a fake CAPTCHA page that attempts to trick them into installing malware.
Data Breach Today
SEPTEMBER 24, 2024
How to Navigate the New Challenges and Opportunities AI has enabled supply chains to become more proactive and predictive. Through machine learning algorithms, natural language processing and advanced analytics, organizations can now forecast demand with greater accuracy, anticipate potential disruptions and optimize inventory management in real time.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 26, 2024
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.
The Last Watchdog
SEPTEMBER 24, 2024
Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
SEPTEMBER 26, 2024
Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 26, 2024
Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts ( Neiko Rivera , Sam Curry , Justin Rhinehart , Ian Carroll ) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates.
Schneier on Security
SEPTEMBER 27, 2024
NIST’s second draft of its “ SP 800-63-4 “—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
WIRED Threat Level
SEPTEMBER 27, 2024
A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?
Data Breach Today
SEPTEMBER 24, 2024
No Disruption to Service; Manual Operations Implemented FBI and U.S. Department of Homeland Security officials are in Arkansas City, Kansas, to investigate a cyberattack at the city's water treatment facility. "There has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations," said the city manager.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
SEPTEMBER 26, 2024
Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.
KnowBe4
SEPTEMBER 23, 2024
Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all successful data breaches.
WIRED Threat Level
SEPTEMBER 24, 2024
The US government says outlets like RT work closely with Russian intelligence, and platforms have removed or banned their content. But they’re still influential all around the world.
Data Breach Today
SEPTEMBER 23, 2024
Backdoored Python Packages Likely Work of 'Gleaming Pisces,' Says Palo Alto A North Korean hacking group with a history of a stealing cryptocurrency is likely behind a raft of poisoned Python packages targeting developers working on the Linux and macOS operating systems in an apparent attempt at a supply chain attack.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
SEPTEMBER 23, 2024
Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the recently patched GeoServer vulnerability CVE-2024-36401.
Troy Hunt
SEPTEMBER 27, 2024
The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? I'm writing this after many recent such discussions with breached organisations where I've found myself wishing I had this blog post to point them to, so, here it is.
eSecurity Planet
SEPTEMBER 21, 2024
Understanding and adhering to cybersecurity regulations is crucial for any organization as cyber threats evolve and become more sophisticated. The landscape of cybersecurity laws and regulations today is set to undergo significant changes, impacting businesses, government entities, and individuals alike. Let’s explore what to expect from the upcoming regulations, provide insights into critical federal and state laws, and offer practical compliance and risk management strategies.
Data Breach Today
SEPTEMBER 26, 2024
Also: Ransomware Surged in 2023, MoneyGram Back in Service After Cyberattack This week, advice on spotting North Korean staff; ransomware attacks rose; MoneyGram back online; FCC fined political operative; CISA warned of water system attacks; Ukraine restricted Telegram use; North Korean hackers used new malware; U.K. arrested alleged hacker; PSNI is in data leak talks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
SEPTEMBER 21, 2024
Cybercriminals stole more than $44 million worth of cryptocurrency from the Singaporean crypto platform BingX. Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media. [ Temporary Wallet Maintenance Notice] ■ Schedule: ~24 hours ■ When maintenance i
KnowBe4
SEPTEMBER 24, 2024
CyberheistNews Vol 14 #39 [EYE OPENER] Beyond Analysts: The Undeniable Leadership We Have in HRM
WIRED Threat Level
SEPTEMBER 26, 2024
As Israel intensifies its attacks on Lebanon, eerie messages have been arriving on the phones of civilians on both sides of the border, with authorities in each country accusing the other of psychological warfare.
Data Breach Today
SEPTEMBER 27, 2024
Exploitation Requires Victim to Print On Rogue Printer Attackers can exploit a series of vulnerabilities in the OpenPrinting Common Unix Printing System utility to remotely execute arbitrary code on certain machines. Major Linux distributions reacted Friday by releasing patches. Exploitation requires a victim to attempt to print from a malicious device.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
SEPTEMBER 25, 2024
The personal information of over 3,000 congressional staffers was leaked on the dark web following a major cyberattack on the U.S. Capitol. The personal information of approximately 3,191 congressional staffers has been leaked on the dark web , according to new research from internet security firm Proton and Constella Intelligence. The leaked data includes passwords, IP addresses, and social media information.
KnowBe4
SEPTEMBER 23, 2024
Threat actors are abusing virtual shopping lists to trick Walmart customers into transferring money or disclosing personal information, according to researchers at Malwarebytes. Links to the lists are distributed via Google Ads that impersonate Walmart support.
Schneier on Security
SEPTEMBER 23, 2024
I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money. At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.
Data Breach Today
SEPTEMBER 27, 2024
Enterprise Browser: The Tool CIOs Never Knew They Were Lacking The enterprise browser is the tool CIOs never knew they were lacking - a seamless access method to the workloads, apps and data that moved to the cloud. It bakes in the needs of the enterprise. Learn why the enterprise browser is a strategic imperative to the success of your business.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
SEPTEMBER 25, 2024
Experts warn of Necro Trojan found in Google Play, threat actors are spreading it through fake versions of legitimate Android apps. Researchers from Kaspersky discovered a new version of the Necro Trojan in multiple apps uploaded to the Google Play store. The malware was hidden in popular applications and game mods. Kaspersky researchers first spotted the Necro Trojan in 2019, the malicious code was in the free version of the popular PDF creator application CamScanner app.
KnowBe4
SEPTEMBER 23, 2024
New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and financially impactful — threat.
OpenText Information Management
SEPTEMBER 27, 2024
In today’s evolving threat landscape, cyber defenders are constantly adapting to new adversarial tactics and emerging vulnerabilities. The latest 2024 Threat Hunter Perspective from OpenText sheds light on the most pressing threats, nation-state activities, and security recommendations enterprises must consider in the months ahead. Here are the key findings and expert insights to help you stay ahead of the curve.
Expert insights. Personalized for you.
118 
Let's personalize your content