Sat.Jul 11, 2020 - Fri.Jul 17, 2020

article thumbnail

Introducing the PhishingKitTracker

Security Affairs

Experts that want to to study phishing attack schema and Kit-composition can use the recently PhishingKitTracker, which is updated automatically. If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits. A phishing kit is not a phishing builder, but a real implementation (actually re-implementation) of a third party website built to lure your victim.

Phishing 142
article thumbnail

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Sales 354
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Malware Hidden in Chinese Tax Software

Data Breach Today

Researchers: 'GoldenHelper' Backdoor Designed to Access Corporate Networks Malware designed to provide backdoor access to corporate networks, gain administrative privileges and deliver additional payloads was hidden in tax software the Chinese government requires companies doing business in the nation to use, researchers at the security firm Trustwave report.

article thumbnail

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

WIRED Threat Level

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting.

Security 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Who’s Behind Wednesday’s Epic Twitter Hack?

Krebs on Security

Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of this attack, and point to clues about who may have been behind it.

More Trending

article thumbnail

US Secret Service Forms Cyber Fraud Task Force

Data Breach Today

Newly Formed Task Force Combines Electronic and Financial Crimes Units The U.S. Secret Service is combining its electronic and financial crimes units into a single task force that will focus on investigating cyber-related financial crimes such as BEC schemes and ransomware attacks. The move comes as lawmakers want the Secret Service to take a more active role in fighting cybercrime.

article thumbnail

Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

Security Affairs

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link]. I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun. “We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers&#

Military 145
article thumbnail

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone.

article thumbnail

Revealed: Dominic Cummings firm paid Vote Leave's AI firm £260,000

The Guardian Data Protection

Boris Johnson’s chief adviser declines to explain reason for payments to Faculty A private company owned and controlled by Dominic Cummings paid more than a quarter of a million pounds to the artificial intelligence firm that worked on the Vote Leave campaign. The prime minister’s chief adviser is declining to explain the reason for the payments to Faculty, which were made in instalments over two years.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to Make the Most of Cyber Intelligence

Data Breach Today

Jeff Bardin of Treadstone 71 Outlines Key Strategic Steps Creating a cyber intelligence strategy involves operational and tactical measures as well as technical approaches, says Jeff Bardin, chief intelligence officer at Treadstone 71.

320
320
article thumbnail

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@Au

article thumbnail

How Two-Factor Authentication Keeps Your Accounts Safe

WIRED Threat Level

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier.

article thumbnail

Twitter Hack Update: What We Know (and What We Don’t)

Threatpost

With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.

IT 136
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Twitter Hack: A Sign of More Troubles Ahead?

Data Breach Today

Some Experts Say the Platform's Security Failures Could Lead to Bigger Attacks While the Wednesday hijacking of several high-profile and verified Twitter accounts appears to have been confined to a cryptocurrency scam, security experts are warning that the platform's security failures could lead to bigger attacks down the road.

Security 315
article thumbnail

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. A credible actor is selling details of 142 million MGM hotel guests on the dark web , the news was reported in exclusive by ZDNet.

article thumbnail

Does TikTok Really Pose a Risk to US National Security?

WIRED Threat Level

Concerns about the Chinese government shouldn't be dismissed, experts say. But banning TikTok would be a drastic measure.

Risk 144
article thumbnail

Amazon-Themed Phishing Campaigns Swim Past Security Checks

Threatpost

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

Phishing 134
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Insights From INTERPOL on Using Threat Intelligence

Data Breach Today

Cybercrime Fighter Offers Advice on Responding to the Latest Trends Craig Jones, who leads the global cybercrime program for INTERPOL, which facilitates police cooperation among 194 member nations, describes how organizations can improve their use of threat intelligence.

299
299
article thumbnail

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France. The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity.

article thumbnail

A New Map Shows the Inescapable Creep of Surveillance

WIRED Threat Level

The Atlas of Surveillance shows which tech law enforcement agencies across the country have acquired. It's a sobering look at the present-day panopticon.

IT 141
article thumbnail

What Is TOGAF? The Open Group Architecture Framework

erwin

The Open Group Architecture Framework (TOGAF) is a type of enterprise architecture (EA) framework. In this post, we’ll cover: What Is TOGAF? History of TOGAF. TOGAF ADM. The Benefits of TOGAF. Is TOGAF Free? TOGAF vs. DODAF vs. MODAF vs. NAF. Implementing an EA Framework. What Is TOGAF? TOGAF is one example of an enterprise architecture framework. Enterprise architecture frameworks help organizations regulate the methods and language used to create, describe and administer changes to an enterpri

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

UK Reverses Course, Bans Huawei Gear From 5G Networks

Data Breach Today

U.S. Sanctions Against Chinese Firms a Factor in Decision The British government has officially reversed course and will now ban Huawei's telecom gear from its 5G networks. The ban on use of the Chinese firm's equipment, based in part on U.S. sanctions against the manufacturer, goes into effect at year's end.

article thumbnail

Personal details and SSNs of 40,000 US citizens available for sale

Security Affairs

Security experts at threat intelligence firm Cyble have identified a credible actor selling personal details of approximately 40,000 US citizens. Security experts at threat intelligence firm Cyble Experts have discovered the availability on the darkweb of personal details of approximately 40,000 US citizens along with their social security numbers (SSNs).

Sales 143
article thumbnail

‘DDoS-For-Hire’ Is Fueling a New Wave of Attacks

WIRED Threat Level

Turf wars are heating up over the routers that fuel distributed denial of service attacks—and cybermercenaries are running rampant.

Security 140
article thumbnail

Can You Add Teasers to Add Attention?

AIIM

Think back to middle school English classes. You were taught that your titles should summarize your main points. People should be able to get the gist of what you’re talking about by just reading the title. The problem is that what you learned in English class is wrong. You don’t want your executives or stakeholders believing they know what you’re going to say without reading what you’ve said, do you?

Sales 120
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Billing Vendor Breach Affects 275,000

Data Breach Today

Not Yet Clear How Many of Firm's Healthcare Clients Were Affected Some 275,000 individuals served by a variety of healthcare sector organizations had data exposed as a result of a breach at Houston-based billing and debt collection vendor Benefit Recovery Specialists Inc. A breach at another debt collection vendor last year wound up affecting more than 20 million individuals.

276
276
article thumbnail

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The US DHS CISA issued an emergency directive urging government agencies to patch the recently disclosed SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited.

article thumbnail

15 Billion Stolen Logins Are Circulating on the Dark Web

WIRED Threat Level

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.

Security 134